2955dafe8485f2ae43fa5417b24417adde0e8f7efd86ba0e4a64f91cedf552f0

Sharing

Copy URL

Twitter E-mail

General

Target

2955dafe8485f2ae43fa5417b24417adde0e8f7efd86ba0e4a64f91cedf552f0
Size

1.2MB
MD5

2f5086b3362cd467978cfc80ef05c350
SHA1

51803a07f1d78c6feff15a8c5449f3f6782f0cb0
SHA256

2955dafe8485f2ae43fa5417b24417adde0e8f7efd86ba0e4a64f91cedf552f0
SHA512

3d32eb5b6bd3151f616e7eb79f8be4dad0d717be4944903a1c08ea59fa1ba2697d9342e87fc630f76a1c5405d9747c1c56a4a28cfc127e592e15c0963f9e3afb
SSDEEP

12288:ln+71c09TUMmK38igs0/1c05lHqia6jrUn68t1M38XWz6mWgxnImx/lFOlqewKCt:pAp9T8i+9c054isnzaDNd8lqewKCVpdX

Score

N/A

Malware Config

Signatures

Files

2955dafe8485f2ae43fa5417b24417adde0e8f7efd86ba0e4a64f91cedf552f0
.exe windows x86

cdd318e3621bd830b5d06391a540f358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
ResumeThread
FindAtomW
SearchPathA
FindResourceW
GetComputerNameExW
GetVolumeInformationW
TlsFree
SetFileTime
GetFileType
SetSystemTimeAdjustment
GetAtomNameW
GetStringTypeA
ReadFile
CreateMailslotA
MoveFileWithProgressA
SetConsoleOutputCP
AddAtomW
QueueUserWorkItem
GetUserDefaultLangID
GetLocaleInfoW
FreeResource
SetUnhandledExceptionFilter
GetShortPathNameA
GetSystemDefaultLangID
GetTimeFormatW
FindAtomA
CreateSemaphoreW
SetCalendarInfoA
WriteConsoleW
GetUserDefaultLCID
FlushViewOfFile
GetCurrentProcess
GetNumberFormatW
CreateNamedPipeW
SetEndOfFile
GetTimeZoneInformation
GetDiskFreeSpaceW
CreateToolhelp32Snapshot
GetCPInfoExW
OpenWaitableTimerA
GetLongPathNameW
GetConsoleAliasExesW
GetStringTypeExW
GetFileTime
DeleteVolumeMountPointA
MoveFileW
SetCurrentDirectoryA
ResetEvent
SetTapePosition
GetExitCodeProcess
GetConsoleAliasesA
SetConsoleTextAttribute
GetNamedPipeInfo
GetPrivateProfileStringW
QueryInformationJobObject
LocalFileTimeToFileTime
CopyFileExA
GetShortPathNameW
Module32Next
CreateTimerQueue
CreateFileMappingW
ConvertThreadToFiber
CopyFileExW
SetFileAttributesW
GetSystemWindowsDirectoryW
DeleteFileA
SetErrorMode
GetDevicePowerState
FormatMessageW
FormatMessageA
MapUserPhysicalPages
GetProcessPriorityBoost
FindFirstFileExA
DuplicateHandle
GetConsoleAliasW
OpenEventW
SetThreadPriority
GetDiskFreeSpaceA
SetThreadExecutionState
OpenSemaphoreA
SetMailslotInfo
ConvertDefaultLocale
PeekNamedPipe
GlobalDeleteAtom
GetProfileStringW
CopyFileW
GetTapeStatus
GetModuleHandleW
GetDateFormatA
GetFileAttributesExW
GetLongPathNameA
GetPrivateProfileSectionA
SetLocaleInfoA
DefineDosDeviceW
SetStdHandle
OpenProcess
SetVolumeMountPointA
GetProfileStringA
MulDiv
CreateWaitableTimerW
ExpandEnvironmentStringsW
ReadDirectoryChangesW
CreateMutexW
GetProcessIoCounters
GetCurrentDirectoryA
CreateMutexA
ChangeTimerQueueTimer
SetConsoleDisplayMode
GetFullPathNameA
HeapCreate
GetUserDefaultUILanguage
GetEnvironmentStrings
InitializeCriticalSectionAndSpinCount
FoldStringA
FlushConsoleInputBuffer
DeleteAtom
CreateMailslotW
TlsAlloc
IsValidCodePage
GetSystemDirectoryA
DeleteTimerQueueTimer
FlushFileBuffers
CreateHardLinkW
GetNamedPipeHandleStateW
GetLogicalDriveStringsA
SetProcessPriorityBoost
BindIoCompletionCallback
GetConsoleMode
GetNumberFormatA
GetLogicalDrives
GetMailslotInfo
GetVolumeNameForVolumeMountPointA
CreateDirectoryA
GetProcessVersion
GetConsoleCursorInfo
GetCurrencyFormatA
GetVolumePathNameA
WriteConsoleA
SetConsoleMode
FreeEnvironmentStringsW
GetStdHandle
FlushInstructionCache
SetThreadAffinityMask
GetVolumePathNameW
GetWindowsDirectoryW
GetModuleFileNameA
CreateTapePartition
SetThreadContext
SetWaitableTimer
GetThreadPriority
IsDBCSLeadByte
CreateJobObjectA
DnsHostnameToComputerNameA
CreateDirectoryExA
SetLocaleInfoW
GetDiskFreeSpaceExW
LockFile
lstrcmpW
PrepareTape
GetVersion
LCMapStringW
FreeEnvironmentStringsA
SetProcessWorkingSetSize
GetCommandLineW
GetOEMCP
GetCompressedFileSizeW
EraseTape
OpenJobObjectA
CreateDirectoryExW
FoldStringW
OpenFileMappingA
GlobalMemoryStatus
GetFileAttributesExA
ProcessIdToSessionId
ReplaceFileW
GetEnvironmentVariableW
SetThreadIdealProcessor
GetThreadLocale
GetModuleFileNameW
GetConsoleCP
GetProcessAffinityMask
GetCommandLineA
GetFileAttributesA
FindFirstFileA
VerSetConditionMask
GetOverlappedResult
CancelIo
GetComputerNameA
SetCurrentDirectoryW
GetPrivateProfileIntW
ReleaseSemaphore
GetProcessWorkingSetSize
ReadProcessMemory
SetCalendarInfoW
CompareStringW
FindResourceExW
SetConsoleCP
SetComputerNameExA
MultiByteToWideChar
GetConsoleScreenBufferInfo
DnsHostnameToComputerNameW
OpenEventA
SetEnvironmentVariableA
ReplaceFileA
SetSystemPowerState
CreateEventW
SwitchToThread
MapViewOfFileEx
GetProfileSectionW
VirtualAlloc
GetDateFormatW
GetBinaryTypeA
GetLocaleInfoA
FindNextChangeNotification
EnumCalendarInfoExA
Module32First
GetConsoleAliasExesLengthW
EnumCalendarInfoW
GetSystemDirectoryW
WideCharToMultiByte
ExpandEnvironmentStringsA
SetInformationJobObject
DisconnectNamedPipe
GetBinaryTypeW
GetPrivateProfileStringA
GetFileAttributesW
GetThreadTimes
GetNumberOfConsoleInputEvents

rpcrt4

RpcErrorAddRecord
RpcBindingSetOption
UuidHash
UuidCreateNil
RpcBindingServerFromClient
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingW
NdrFullPointerXlatFree
RpcServerUseProtseqEpA
NdrConformantStringMarshall
MesBufferHandleReset
RpcAsyncInitializeHandle
RpcServerUseProtseqEpW
RpcStringBindingComposeA
IUnknown_QueryInterface_Proxy
NdrStubCall2
RpcServerListen
RpcErrorSaveErrorInfo
NdrSimpleTypeMarshall
NdrUserMarshalFree
UuidEqual
RpcBindingCopy
RpcAsyncCancelCall
RpcAsyncAbortCall
RpcRevertToSelfEx
NdrUserMarshalBufferSize
NdrClientInitializeNew
RpcServerInqDefaultPrincNameW
RpcObjectSetType
RpcMgmtEpEltInqBegin
RpcServerUnregisterIf
RpcEpRegisterNoReplaceW
NdrFullPointerXlatInit
NdrOleAllocate
RpcStringBindingParseW
RpcServerUseProtseqEpExW
RpcMgmtStopServerListening
RpcRaiseException
RpcMgmtSetCancelTimeout
NdrCorrelationFree
RpcMgmtSetServerStackSize
RpcErrorLoadErrorInfo
MesHandleFree
RpcServerRegisterIf
RpcEpResolveBinding
RpcStringBindingParseA
RpcAsyncCompleteCall

user32

MessageBoxW
GetAltTabInfoA
SetCursor
IsWindowUnicode
EmptyClipboard
EnumDisplayMonitors
InvalidateRect
InvalidateRgn
CharUpperW
SetMenuDefaultItem
GetWindowTextA
BringWindowToTop
SystemParametersInfoW
ValidateRect
LoadStringW
SetTimer
GetClassInfoExW
SetDlgItemTextW
GetMonitorInfoW
GetGUIThreadInfo
DialogBoxParamW
SetRect
LoadBitmapW
RemoveMenu
SetFocus
GetSystemMetrics
IsDlgButtonChecked
SendInput
FrameRect
CopyRect
GetWindowDC
DestroyWindow
OpenDesktopW
ClientToScreen
SetProcessWindowStation
GetMessagePos
ActivateKeyboardLayout
InsertMenuItemW
RegisterClassExW
ScreenToClient
SendDlgItemMessageW
DrawTextExW
GetDlgCtrlID
GetKeyboardState
IsRectEmpty
GetDialogBaseUnits
LoadCursorW
DrawMenuBar
GetActiveWindow
GetWindowLongW
GetWindowTextW
ShowCursor
UnregisterClassW
RemovePropW
DestroyMenu
SetDlgItemTextA
EnumThreadWindows
GetForegroundWindow
LoadMenuA
AdjustWindowRect
GetThreadDesktop
GetClassNameW
SetDlgItemInt

comctl32

FlatSB_GetScrollInfo
CreatePropertySheetPageA
ImageList_EndDrag
ImageList_Draw
ImageList_GetIconSize
FlatSB_SetScrollInfo
InitializeFlatSB
ImageList_ReplaceIcon
PropertySheetW
ImageList_SetBkColor
ImageList_DrawIndirect
DestroyPropertySheetPage
ImageList_Add
ImageList_Remove
ImageList_LoadImageW
ImageList_Create
ImageList_SetImageCount
FlatSB_GetScrollPos
_TrackMouseEvent
FlatSB_SetScrollPos
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_AddMasked
ImageList_Copy
InitCommonControlsEx
PropertySheetA
FlatSB_SetScrollProp
ImageList_LoadImageA
ImageList_Replace
ord17
ImageList_Read
ImageList_DrawEx
CreateToolbarEx
ImageList_GetImageCount
ImageList_DragMove
ImageList_GetBkColor
ImageList_GetImageInfo
CreateStatusWindowW
ImageList_Write
ImageList_DragLeave
ImageList_GetIcon
ImageList_SetIconSize
ImageList_Destroy
ImageList_GetDragImage
CreatePropertySheetPageW
ImageList_DragEnter
ImageList_SetOverlayImage

advapi32

RegQueryMultipleValuesA
RegConnectRegistryW
RegSetValueA
AllocateAndInitializeSid
RegQueryValueExA
GetSidLengthRequired
GetAclInformation
RegSetValueExA
RegDeleteKeyA
CryptCreateHash
CryptAcquireContextA
GetSecurityDescriptorControl
GetKernelObjectSecurity
GetAce
DuplicateTokenEx
OpenSCManagerW
IsValidSecurityDescriptor
CryptDestroyHash
GetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
CryptGetHashParam
SetSecurityDescriptorDacl
CheckTokenMembership
RegEnumKeyA
AddAce
CryptAcquireContextW
StartServiceA
SetServiceStatus
RegEnumKeyW
AdjustTokenPrivileges
LsaOpenPolicy
SetTokenInformation
RegSetValueExW
InitializeAcl
RegCreateKeyExA
RegCreateKeyExW
GetCurrentHwProfileW
GetSidSubAuthority
GetSidSubAuthorityCount
SetKernelObjectSecurity
InitializeSecurityDescriptor
RegSetKeySecurity
RegSetValueW
AddAuditAccessAce
AddAccessDeniedAce
RegQueryMultipleValuesW
GetTokenInformation
AddAccessAllowedAce
GetCurrentHwProfileA
RegNotifyChangeKeyValue
AreAnyAccessesGranted
GetSidIdentifierAuthority
AreAllAccessesGranted

shell32

ShellExecuteW
SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
SHBindToParent
CommandLineToArgvW
SHBrowseForFolderW
SHGetDesktopFolder
SHChangeNotify
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

PropVariantCopy
CoGetCallerTID
CoLoadLibrary
StgOpenStorageOnILockBytes
HBITMAP_UserFree
CoFileTimeNow
CoSwitchCallContext
CoRevokeClassObject

oleaut32

GetActiveObject
VariantChangeType
SafeArrayCreate
VariantChangeTypeEx

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o2xc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.56m4
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jc3
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dk5q
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jxnp
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eg8
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.arb06
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdd318e3621bd830b5d06391a540f358

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 969KB - Virtual size: 969KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 257KB

.o2xc Size: 28KB - Virtual size: 27KB

.56m4 Size: 3KB - Virtual size: 3KB

.jc3 Size: 8KB - Virtual size: 7KB

.dk5q Size: 25KB - Virtual size: 25KB

.jxnp Size: 24KB - Virtual size: 23KB

.eg8 Size: 24KB - Virtual size: 24KB

.arb06 Size: 11KB - Virtual size: 11KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 969KB - Virtual size: 969KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 257KB

.o2xc
Size: 28KB - Virtual size: 27KB

.56m4
Size: 3KB - Virtual size: 3KB

.jc3
Size: 8KB - Virtual size: 7KB

.dk5q
Size: 25KB - Virtual size: 25KB

.jxnp
Size: 24KB - Virtual size: 23KB

.eg8
Size: 24KB - Virtual size: 24KB

.arb06
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 84KB - Virtual size: 84KB