09cbf6e2387ca2f68e50206ca5dcf7544b28a589605e72459a25f21f6c09b88f

Sharing

Copy URL Twitter E-mail

General

Target

09cbf6e2387ca2f68e50206ca5dcf7544b28a589605e72459a25f21f6c09b88f
Size

1.0MB
MD5

618ef86c8dd5a6ef77954ab414cfe642
SHA1

89e47f4dcebd60509740de6ad3c3d190623f9790
SHA256

09cbf6e2387ca2f68e50206ca5dcf7544b28a589605e72459a25f21f6c09b88f
SHA512

4c1d03378b287294f81329b8893e0e00d73bb3b5ae4f2cd22452868dea4b2ca754b52acb159d72ee70245698117752b1c25fafc82e71cdf6d5a0261a2f1fab7c
SSDEEP

12288:LSgbjnYmfXv0GSqL1nyT9yKWlMTizmVf5JTjIw8C3YOLBqaExi5oWt3AS+6:Lhb9PoJT9Df5JTjh8C3lIaExiBWS+6

Score

N/A

Malware Config

Signatures

Files

09cbf6e2387ca2f68e50206ca5dcf7544b28a589605e72459a25f21f6c09b88f
.exe windows x86

668673118e7dabb997151682eaee08a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStructW
VerSetConditionMask
GetVolumePathNameA
ReplaceFileW
CompareStringA
Module32Next
GetNumberOfConsoleInputEvents
FlushInstructionCache
FindResourceExW
SetThreadLocale
GetConsoleAliasExesLengthW
OpenJobObjectA
IsValidCodePage
CreateDirectoryA
CompareStringW
OpenEventW
CreateWaitableTimerW
GetTimeFormatA
AssignProcessToJobObject
GetProfileIntA
SetSystemPowerState
RegisterWaitForSingleObject
WideCharToMultiByte
GetPrivateProfileStringA
SetProcessWorkingSetSize
GetThreadTimes
GetComputerNameExW
GetConsoleAliasesA
GetDriveTypeA
GetDriveTypeW
ReadFile
MapUserPhysicalPages
SystemTimeToFileTime
CancelIo
GetProcessTimes
EnumCalendarInfoExA
SetWaitableTimer
SetThreadContext
CreateDirectoryExW
Module32NextW
CreateMailslotA
GetShortPathNameW
GetFileSize
SetEnvironmentVariableA
CreateJobObjectA
AreFileApisANSI
GetPrivateProfileStructA
FindVolumeClose
GetVolumePathNameW
MoveFileWithProgressW
LCMapStringW
FreeEnvironmentStringsA
SetHandleInformation
FindNextChangeNotification
DefineDosDeviceA
CreateHardLinkW
FreeUserPhysicalPages
SearchPathA
FindAtomW
GetStdHandle
GetConsoleAliasA
WaitForMultipleObjects
GetLongPathNameW
OpenWaitableTimerW
GetDateFormatW
SetHandleCount
GetFullPathNameW
OpenWaitableTimerA
GetProfileSectionW
GetTempPathW
CopyFileExA
GetTapeStatus
CreateSemaphoreA
SetThreadPriority
GetEnvironmentStrings
GetProcessVersion
GetProfileIntW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetConsoleAliasExesW
GetStringTypeExW
CopyFileA
GetTimeFormatW
FlushConsoleInputBuffer
GetBinaryTypeW
GetModuleFileNameW
ProcessIdToSessionId
GetCPInfo
DeleteVolumeMountPointA
FindResourceExA
FindVolumeMountPointClose
GetUserDefaultUILanguage
GetNamedPipeInfo
GetFileType
SetFileTime
ContinueDebugEvent
CreateWaitableTimerA
EraseTape
GetCompressedFileSizeA
EnumCalendarInfoA
GetEnvironmentVariableA
SetThreadExecutionState
GetAtomNameA
GetLogicalDriveStringsA
OpenEventA
SetCurrentDirectoryW
PrepareTape
GetDiskFreeSpaceExA
GetSystemDefaultLangID
GetCPInfoExW
MultiByteToWideChar
OpenJobObjectW
GetConsoleAliasExesA
SetCurrentDirectoryA
GetNamedPipeHandleStateW
GetConsoleCursorInfo
FindFirstFileA
GetModuleHandleW
ChangeTimerQueueTimer
GetModuleFileNameA
Module32FirstW
FindResourceA
SetVolumeMountPointA
GetDevicePowerState
VerifyVersionInfoW
FreeEnvironmentStringsW
SetTapeParameters
DnsHostnameToComputerNameA
SetConsoleActiveScreenBuffer
VirtualAlloc
CreateNamedPipeA
GetProcessWorkingSetSize
GetSystemWindowsDirectoryA
EnumCalendarInfoExW
GetTempPathA
FindFirstFileExA
QueryInformationJobObject
IsSystemResumeAutomatic
MapViewOfFileEx

rpcrt4

RpcObjectSetType
NdrServerCall2
NdrConformantStringBufferSize
RpcMgmtStopServerListening
NdrAsyncServerCall
RpcServerInqDefaultPrincNameW
NdrMesTypeEncode2
RpcMgmtWaitServerListen
RpcMgmtEnableIdleCleanup
RpcAsyncCompleteCall
RpcMgmtSetServerStackSize
RpcCertGeneratePrincipalNameW
RpcServerUseProtseqA
NdrPointerBufferSize
IUnknown_QueryInterface_Proxy
RpcSsFree
RpcMgmtIsServerListening
UuidCreateNil
RpcUserFree
NdrInterfacePointerMarshall
RpcBindingServerFromClient
NdrPointerUnmarshall
RpcServerRegisterIf2
RpcBindingFromStringBindingW
RpcCancelThread
RpcStringBindingParseW
RpcBindingSetObject
RpcSsContextLockExclusive
NdrInterfacePointerUnmarshall
RpcBindingReset
RpcEpRegisterW
NdrMesTypeFree2
RpcImpersonateClient
NdrConformantArrayUnmarshall
RpcEpRegisterNoReplaceW
MesDecodeBufferHandleCreate
RpcEpUnregister
RpcStringFreeA
NdrCorrelationInitialize
NdrSimpleStructBufferSize
RpcServerUseProtseqEpExW
NdrAllocate
RpcMgmtEpEltInqNextW
MesDecodeIncrementalHandleCreate
RpcServerUseProtseqW
RpcCancelThreadEx
UuidEqual
NdrSimpleStructMarshall
MesBufferHandleReset
RpcBindingInqObject
RpcBindingInqAuthInfoA
RpcAsyncAbortCall
RpcBindingSetAuthInfoA
NdrSimpleTypeMarshall
UuidHash
RpcBindingInqAuthClientW
UuidCompare
NdrConformantStringMarshall
RpcSsDestroyClientContext

user32

GetAltTabInfoA
GetSystemMenu
PeekMessageA
SetParent
RedrawWindow
DestroyAcceleratorTable
EndPaint
SetActiveWindow
LoadIconW
GetMessageTime
GetWindow

comctl32

ImageList_Create
ImageList_Draw
ImageList_GetIcon
ImageList_SetImageCount
CreateStatusWindowW
ImageList_LoadImageW
ImageList_BeginDrag
ImageList_SetOverlayImage
InitializeFlatSB
ImageList_DrawIndirect
ImageList_GetDragImage
ImageList_AddMasked
ImageList_Remove
ImageList_EndDrag
ImageList_GetBkColor
ImageList_DragMove
ImageList_ReplaceIcon
FlatSB_SetScrollProp
FlatSB_GetScrollInfo
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_Destroy
ord17
CreateToolbarEx
ImageList_DragLeave
CreatePropertySheetPageA
InitCommonControlsEx
ImageList_GetImageCount
FlatSB_SetScrollInfo

advapi32

RegQueryValueExA
AddAccessDeniedAce
SetKernelObjectSecurity
RegCreateKeyExA
AreAllAccessesGranted
SetTokenInformation
InitializeSecurityDescriptor
RegSetKeySecurity
RegQueryMultipleValuesW
InitializeAcl
GetCurrentHwProfileA
AddAccessAllowedAce
AreAnyAccessesGranted
AddAuditAccessAce
RegSetValueExW
GetSidSubAuthority
RegSetValueA
RegSetValueExA
RegQueryMultipleValuesA
GetTokenInformation
GetCurrentHwProfileW
RegCreateKeyExW
GetSidLengthRequired
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegSetValueW
GetKernelObjectSecurity
RegNotifyChangeKeyValue

shell32

SHChangeNotify
ShellExecuteW
SHBrowseForFolderW
SHFileOperationW
SHBindToParent
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
CommandLineToArgvW

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 253KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s5oo
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zvt6a
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2up
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3uki5
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wlyv4
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6bi6
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alu
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2bnes
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

668673118e7dabb997151682eaee08a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 253KB - Virtual size: 515KB

.s5oo Size: 10KB - Virtual size: 10KB

.zvt6a Size: 16KB - Virtual size: 16KB

.2up Size: 4KB - Virtual size: 4KB

.3uki5 Size: 23KB - Virtual size: 23KB

.wlyv4 Size: 11KB - Virtual size: 10KB

.6bi6 Size: 31KB - Virtual size: 31KB

.alu Size: 18KB - Virtual size: 17KB

.2bnes Size: 10KB - Virtual size: 9KB

.rsrc Size: 49KB - Virtual size: 49KB

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 253KB - Virtual size: 515KB

.s5oo
Size: 10KB - Virtual size: 10KB

.zvt6a
Size: 16KB - Virtual size: 16KB

.2up
Size: 4KB - Virtual size: 4KB

.3uki5
Size: 23KB - Virtual size: 23KB

.wlyv4
Size: 11KB - Virtual size: 10KB

.6bi6
Size: 31KB - Virtual size: 31KB

.alu
Size: 18KB - Virtual size: 17KB

.2bnes
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 49KB - Virtual size: 49KB