4964da962a76bb6b40c273c750179c5fae1fde5515d8bf874454f3ce063c36dd

Sharing

Copy URL Twitter E-mail

General

Target

4964da962a76bb6b40c273c750179c5fae1fde5515d8bf874454f3ce063c36dd
Size

64KB
MD5

d22d0e8bf06014ee12282561c08e80d8
SHA1

dcebc52089933db147ddf13351946f7a758ad334
SHA256

4964da962a76bb6b40c273c750179c5fae1fde5515d8bf874454f3ce063c36dd
SHA512

b7f53831e7b3f795fdf9418751904888b76afc84710c7b3149f27a790ec68541903f1276865730e2bdbba3ee837d871d8623065c8f3180a73b39ec1bacd565b0
SSDEEP

1536:Zcfqhd+JpYvhau30r9piZGlPGNez5vIx+GD6z0Ykt9bnsD6yohWDEpW:Zcyhd0YZauEeCGN0GD6oTt06yo8Ep

Score

N/A

Malware Config

Signatures

Files

4964da962a76bb6b40c273c750179c5fae1fde5515d8bf874454f3ce063c36dd
.exe windows x86

296b4dc6e21bab8b5a46b9111d93303f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprddm

DDMAdminConnectionGetInfo
DDMAdminPortReset
RasAcctProviderStopAccounting
DDMServicePostListens
DDMAdminPortDisconnect
DDMAdminPortEnum
IfObjectSetDialoutHoursRestriction
IfObjectInitiatePersistentConnections
RasAuthProviderFreeAttributes
RasAuthConfigChangeNotification
DDMAdminPortClearStats
RasAcctConfigChangeNotification
DDMDisconnectInterface
DDMAdminInterfaceDisconnect
RasAcctProviderStartAccounting
DDMGetIdentityAttributes
RasAcctProviderInitialize
DDMAdminInterfaceConnect
RasAcctProviderTerminate
RasAuthProviderInitialize
DDMAdminConnectionEnum
IfObjectNotifyOfReachabilityChange
DDMAdminServerGetInfo
RasAcctProviderFreeAttributes
RasAuthProviderAuthenticateUser
DDMServiceInitialize
RasAuthProviderTerminate
DDMTransportCreate
DDMConnectInterface

kernel32

CloseProfileUserMapping
RemoveDirectoryW
GetUserDefaultLCID
AddAtomA
lstrlenW
SetThreadPriority
GetProcessHeap
SetHandleCount
GlobalFix
GetTimeFormatA
SetSystemTime
SetFirmwareEnvironmentVariableA
OpenSemaphoreW
DebugActiveProcess
VirtualAlloc
DebugSetProcessKillOnExit
GetSystemDirectoryW
OpenWaitableTimerW
SetTimerQueueTimer
WriteConsoleA
SetLocalPrimaryComputerNameA
ConvertThreadToFiber
GetTimeFormatW
InitializeCriticalSection
SetComputerNameExA
GetACP
VirtualLock
AddConsoleAliasA
HeapQueryInformation
GetThreadPriorityBoost
SetConsoleCursorMode
GetVolumePathNamesForVolumeNameW
FindResourceExW
OpenThread
SetMailslotInfo
GetCPInfo
UnlockFileEx
QueryDosDeviceA
GetTempFileNameA
GlobalFlags
RtlCaptureContext
CreateMailslotA
LZOpenFileA
FindFirstVolumeMountPointW
WriteConsoleInputA
GetSystemTimeAsFileTime
GetExitCodeProcess
SetThreadLocale
OpenEventW
GetConsoleCommandHistoryW
LoadLibraryA
GetBinaryTypeA
LZInit
AreFileApisANSI
RegisterWaitForSingleObjectEx
FreeEnvironmentStringsA
UnlockFile
SetLastError
Module32Next
WaitNamedPipeA
GetCurrentProcess
LZStart
GetProfileStringW
GetStringTypeA

mapi32

FBadRestriction@4
BMAPIResolveName
HrAddColumnsEx@20
GetOutlookVersion
SzFindSz@8
GetOutlookVersion@0
UNKOBJ_Free@8
HrValidateParameters@8
CreateTable@36
BMAPIGetAddress
cmc_logon
MNLS_lstrlenW@4
UNKOBJ_ScCOAllocate@12
MAPIUninitialize
GetTnefStreamCodepage@12
FreePadrlist@4
UNKOBJ_ScCOReallocate@12
UFromSz@4
OpenTnefStreamEx
UlRelease@4
InstallFilterHook@4
FPropExists@8
MAPILogoff
HrEntryIDFromSz@12
FtAdcFt@20
ChangeIdleRoutine@28

hid

HidD_SetConfiguration
HidP_GetUsageValueArray
HidP_GetUsagesEx
HidD_SetOutputReport
HidP_GetScaledUsageValue
HidD_GetInputReport
HidD_FreePreparsedData
HidP_GetUsages
HidP_SetUsageValueArray
HidD_GetSerialNumberString
HidP_SetUsages
HidP_SetUsageValue
HidP_UnsetUsages
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetExtendedAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidP_TranslateUsagesToI8042ScanCodes
HidD_GetFeature
HidD_GetProductString
HidD_SetFeature
HidP_GetLinkCollectionNodes
HidP_GetSpecificValueCaps
HidP_MaxDataListLength

msvcrt

_logb
iswpunct
_inpw
vfwprintf
strncmp
_wrmdir
wcschr
_cgetws
_errno
fgetpos
_mbctoupper
fgetc
swprintf
_unlock
_atodbl
_wtoi
exit
_cputws
_mbctype
?before@type_info@@QBEHABV1@@Z
_getws
vswprintf
__set_app_type
__getmainargs
_inpd
__p__commode
islower
strncat
longjmp
_wutime
_cwprintf
_mbslen
_mktime64
_wtol
_mbscat
_ui64toa

user32

DefWindowProcW
RegisterClassW
PostQuitMessage

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296b4dc6e21bab8b5a46b9111d93303f

Headers

DLL Characteristics

File Characteristics

Imports

mprddm

kernel32

mapi32

hid

msvcrt

user32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 936B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 936B

.rsrc
Size: 9KB - Virtual size: 8KB