b6b57c118d8d8f65e7b927141e16efc16f4245983a3312759d4fa50554741887

Sharing

Copy URL Twitter E-mail

General

Target

b6b57c118d8d8f65e7b927141e16efc16f4245983a3312759d4fa50554741887
Size

68KB
MD5

5f357069939652f320a92a3bb29db1f8
SHA1

e831331976be3dba4d4f3af29c1550d72b22e6d8
SHA256

b6b57c118d8d8f65e7b927141e16efc16f4245983a3312759d4fa50554741887
SHA512

29992eed9fdafd22048862eb3d52c2d9fa56bb1d28be8b545dd86cca238c872903c014ccb506ed888af093cd39ac55e4de6afd50e04162197e7bcf305516d25b
SSDEEP

1536:1fOQK6DsDNEOxbDXGzd42ZloMF/AczTxKIsY9LWEV4nFyqgkulYq7:1WQKqcNEUbTGz+GsYRD4cqgkulYq7

Score

N/A

Malware Config

Signatures

Files

b6b57c118d8d8f65e7b927141e16efc16f4245983a3312759d4fa50554741887
.exe windows x86

d7f20316f1df36a3856d7551d380c86e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

GenEqual
BmEqual
LeQueryOutOfDate
DibDraw
LeChangeData
DibEnumFormat
OleQueryName
ErrExecute
MfChangeData
MfCopy
LeObjectConvert
WEP
OleCreateFromClip
PbQueryBounds
GenSetData
OleEqual
PbCreate
LeGetData
GenDraw
GenChangeData
OleCreateFromFile
BmEnumFormat
DefCreateFromTemplate
OleCreateLinkFromFile
OleQueryOpen
LeCopy
BmCopy
PbEnumFormats
OleLockServer

opengl32

glTranslated
glDepthRange
glLightf
glPixelMapuiv
glTexSubImage2D
glMap2f
glVertex4d
glNormal3b
glPushName
glScaled
glTexCoord4dv
glRasterPos2fv
glLineWidth
glGetPointerv
glEvalCoord2dv
glGetMapfv
wglGetCurrentDC
glTexCoord1dv
glReadPixels
glIndexi
glRasterPos3d
glGetIntegerv
glTexCoord3s
wglGetProcAddress
glTexGendv
glFrontFace
glEndList
glColor3dv
glRasterPos2d
glColor4b
glPolygonOffset
glLoadMatrixd
glColor3s
glTexCoord4s
wglDescribePixelFormat
glVertex3i
glClearIndex
glTexCoord4fv
glGetPixelMapfv
glTexCoord4d
glInterleavedArrays
glRecti
glIndexd

advapi32

ImpersonateNamedPipeClient
CryptEnumProviderTypesA
CredpEncodeCredential
SaferiSearchMatchingHashRules
GetNumberOfEventLogRecords
ControlService
CryptSignHashA
GetMultipleTrusteeOperationA
CryptDuplicateKey
OpenEncryptedFileRawW
GetTraceEnableLevel
ConvertStringSidToSidW
SaferGetPolicyInformation
CopySid
GetTokenInformation
CredpConvertCredential
PrivilegedServiceAuditAlarmA
SetInformationCodeAuthzLevelW
LsaEnumerateTrustedDomainsEx
ConvertAccessToSecurityDescriptorA
SaferiPopulateDefaultsInRegistry
EnumServicesStatusW
LookupPrivilegeValueW
SystemFunction019
ProcessTrace
GetSecurityInfoExW
SaferCreateLevel

kernel32

GlobalLock
RtlMoveMemory
VerifyVersionInfoA
SetComPlusPackageInstallStatus
HeapCreate
CancelTimerQueueTimer
LZSeek
OpenFileMappingW
FindActCtxSectionStringW
Module32FirstW
GetTimeFormatA
GetConsoleAliasExesA
SetConsoleOutputCP
CreateHardLinkA
LZClose
LZStart
GetConsoleInputExeNameW
GetEnvironmentStrings
GetLocaleInfoW
WaitForMultipleObjectsEx
SetConsoleTextAttribute
ReadConsoleOutputCharacterW
VirtualAlloc
BuildCommDCBW
OpenProfileUserMapping
SetUnhandledExceptionFilter
LocalCompact
GlobalFree
GetConsoleAliasExesW
GetStartupInfoW
CreateDirectoryExW
GetStringTypeExA
DeleteTimerQueueEx
GetExpandedNameA
LoadLibraryA
ReleaseMutex
LZOpenFileA
LocalAlloc

ntdll

RtlNewSecurityGrantedAccess
_allmul
ZwMapUserPhysicalPages
RtlSubAuthorityCountSid
LdrSetDllManifestProber
_aullshr
RtlTraceDatabaseCreate
ZwShutdownSystem
RtlGetElementGenericTable
RtlFindClearRuns
NtTerminateJobObject
RtlCreateUserProcess
ZwOpenTimer
ZwCreateDebugObject
NtCompressKey
NtFindAtom
RtlGetNtGlobalFlags
NtAccessCheckAndAuditAlarm
_ui64tow
memcmp
RtlCreateQueryDebugBuffer
floor
NtCreateToken
RtlGetGroupSecurityDescriptor
RtlSetUserFlagsHeap
wcstombs
_ui64toa
ZwAccessCheckByTypeAndAuditAlarm
RtlUnicodeStringToInteger
ZwOpenThreadToken
NtClose
RtlGenerate8dot3Name
ZwSetInformationProcess
RtlCreateActivationContext
LdrFindResourceDirectory_U
RtlSubtreePredecessor
NtDuplicateToken
PfxRemovePrefix
RtlTraceDatabaseLock
NtEnumerateValueKey
NtSuspendProcess

mapi32

FBadSortOrderSet@4
MAPILogoff
MNLS_MultiByteToWideChar@24
cmc_logon
FreePadrlist@4
BMAPIGetAddress
FBadRglpszW@8
FtSubFt@16
ScMAPIXFromCMC
cmc_act_on
MAPIAllocateBuffer
GetTnefStreamCodepage@12
MAPIAddress
LAUNCHWIZARD
cmc_list
UlRelease@4
HrQueryAllRows@24
FBadColumnSet@4
FPropExists@8
PpropFindProp@12
SetAttribIMsgOnIStg@16
LPropCompareProp@8
HrSzFromEntryID@12
FtAdcFt@20
MNLS_WideCharToMultiByte@32
BMAPIResolveName
UlAddRef@4
FBadRglpszA@8
MAPIAllocateBuffer@8
UNKOBJ_Free@8
MAPIAllocateMore
FPropCompareProp@12
FBadRglpNameID@8
ScRelocProps@20
MAPIReadMail
RTFSync@12
HrGetOmiProvidersFlags@8
ScLocalPathFromUNC@12
WrapCompressedRTFStream
FtMulDwDw@8
UNKOBJ_ScSzFromIdsAlloc@20
GetOutlookVersion

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7f20316f1df36a3856d7551d380c86e

Headers

File Characteristics

Imports

olecli32

opengl32

advapi32

kernel32

ntdll

mapi32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 24KB - Virtual size: 180KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 24KB - Virtual size: 180KB

.rsrc
Size: 3KB - Virtual size: 2KB