c1ffbebf1317f8c57ac39750c776259532c0896818c08c1f49f8e05a0a0f4b45

Sharing

Copy URL

Twitter E-mail

General

Target

c1ffbebf1317f8c57ac39750c776259532c0896818c08c1f49f8e05a0a0f4b45
Size

146KB
MD5

3e37da5740dd219f5335252b99c3c98b
SHA1

94406b4236ca76cbba06d481fb631bb55b2627f8
SHA256

c1ffbebf1317f8c57ac39750c776259532c0896818c08c1f49f8e05a0a0f4b45
SHA512

8774aff523e7619137dfeb0bfda14480122f5c227e2e43f5c185f73b33d9689bf4eeb7a1fd904d39253b35926d10180d4eee5ffcae2a0745b560e0de1208eebb
SSDEEP

3072:13uL4suyftDcmLDLYYJQEIigwkZM7QWtcJWjRzvNNcIdlwC09BJQud:13uL48ftDcmHz7PgDZJkjRzVOqnUMud

Score

N/A

Malware Config

Signatures

Files

c1ffbebf1317f8c57ac39750c776259532c0896818c08c1f49f8e05a0a0f4b45
.zip
volksbank_de_transaktions_id_000023928001_2014_11_0000390382755_00003997550002.exe
.exe windows x86

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_SetImageCount
InitCommonControls
ImageList_Duplicate
UninitializeFlatSB
DrawStatusText
DrawStatusTextW
ImageList_LoadImageW
InitCommonControlsEx
FlatSB_GetScrollProp
ImageList_Create

dsprop

DllUnregisterServer
ErrMsgParam
BringSheetToForeground
ADsPropGetInitInfo
IsSheetAlreadyUp

dciman32

WinWatchGetClipList
DCICreateOffscreen
DCIEnum
DCIOpenProvider
WinWatchDidStatusChange
DCISetClipList
WinWatchNotify
DCICreatePrimary
DCICreateOverlay
DCISetDestination
DCISetSrcDestClip
WinWatchOpen
DCIDraw
WinWatchClose
GetDCRegionData
GetWindowRegionData
DCIEndAccess
DCIDestroy

gdi32

CloseMetaFile
CreatePen
CreatePenIndirect
STROBJ_bEnumPositionsOnly
DeleteObject
GetStockObject
CreateBrushIndirect
CreateSolidBrush
EqualRgn
SelectObject
GetEUDCTimeStamp
CreatePalette
CreateFontIndirectA

rasser

PortClearStatistics
PortSend
PortSetINetCfg
PortSetInfo
PortConnect
PortEnum
PortGetStatistics
PortClose
PortSetFraming
PortReceive
PortCompressionSetInfo
PortDisconnect
PortTestSignalState
PortGetPortState
PortChangeCallback
PortOpen

winscard

SCardForgetCardTypeW
SCardForgetReaderW
SCardReleaseStartedEvent
SCardReleaseNewReaderEvent
SCardAddReaderToGroupA
SCardLocateCardsW
SCardFreeMemory
SCardForgetReaderGroupA
SCardControl
SCardGetStatusChangeA
SCardCancel
SCardGetCardTypeProviderNameA
SCardGetAttrib
SCardTransmit

oleaut32

VarBoolFromDec
DllUnregisterServer
GetActiveObject
VarCySub
VariantCopy
VarUI2FromCy
VarFormatNumber
VarI4FromUI2
SafeArrayGetVartype
VarUI2FromBool
VarCyCmp
VarCmp
VarCyFromI1
VarUI4FromUI2
VarI1FromDate
VarUI4FromDate
VarXor
VarR4CmpR8

user32

LoadIconA
FindWindowW
GetForegroundWindow
LoadBitmapW
LoadCursorA
LoadAcceleratorsW
GetSystemMetrics
LoadMenuW
LoadBitmapA
FindWindowA
IsChild
GetDesktopWindow
GetSysColorBrush
GetClientRect
GetMenu
LoadMenuA
GetWindowRect
GetDC
GetProcessDefaultLayout
LoadAcceleratorsA
GetWindowTextA
GetWindowTextW
GetSysColor

glu32

gluQuadricNormals
gluTessNormal
gluDisk
gluNurbsSurface
gluTessEndPolygon
gluTessCallback
gluDeleteNurbsRenderer
gluErrorString
gluNurbsCurve
gluNewQuadric
gluScaleImage
gluTessBeginContour
gluBeginTrim
gluQuadricTexture
gluEndSurface
gluBeginCurve

iasnap

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

kernel32

GetStartupInfoW
CloseHandle
GetProcAddress
GetFileAttributesW
CopyFileA
VirtualAlloc
LoadLibraryA
GetCommandLineA
CreateEventA
AddAtomW

imm32

ImmCreateContext
ImmDisableIME
ImmGetCompositionFontW
ImmSetCompositionFontA
ImmGetIMCCSize
ImmGetOpenStatus
ImmIMPQueryIMEW
ImmGetImeMenuItemsA
ImmGetConversionListA
ImmAssociateContext
ImmIMPGetIMEA
ImmGetConversionListW
ImmGetIMEFileNameA
ImmGetCandidateListCountA
ImmRegisterClient
ImmIsUIMessageW

ole32

HMENU_UserFree
CoUninitialize
OleCreateStaticFromData
SetErrorInfo
CoInitialize
CoTaskMemFree
OleCreateFromDataEx

shlwapi

StrStrIA
StrCSpnW
PathStripToRootA
StrStrA
StrCSpnA
PathGetDriveNumberW
PathFindFileNameA
StrTrimA
PathSkipRootW
PathStripToRootW
PathRemoveExtensionW
PathStripPathW
StrCmpW
PathRemoveBlanksA
PathRemoveExtensionA

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5a3baf4c2758c3fc0e435746b2287c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

dsprop

dciman32

gdi32

rasser

winscard

oleaut32

user32

glu32

iasnap

kernel32

imm32

ole32

shlwapi

Sections

.text Size: 157KB - Virtual size: 157KB

/14 Size: 512B - Virtual size: 152B

.data Size: 4KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 157KB

/14
Size: 512B - Virtual size: 152B

.data
Size: 4KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB