85a0216c7e7e531877310f372fb9aaed949c05f0bc06b5d6ad465ed530f83a51

Sharing

Copy URL

Twitter E-mail

General

Target

85a0216c7e7e531877310f372fb9aaed949c05f0bc06b5d6ad465ed530f83a51
Size

160KB
MD5

622a33da5853566b9c61f8ddc7acfca1
SHA1

4bbf1fa0126a45ba2070a8fca0e155fb20bf4eac
SHA256

85a0216c7e7e531877310f372fb9aaed949c05f0bc06b5d6ad465ed530f83a51
SHA512

cf9a63f1c16ac1c481167327e5c43488f9c78f03f8b9e1819fe421aad8b30c2dfc7531eaad092dea5900ed19c493344c13bed7c8430ed975c3113df256cbb142
SSDEEP

3072:iyB5fAZv/74+HG+I+AexHkAzrxdo0s23cx92y:iy3w7FHG+IANkAzrxy

Score

N/A

Malware Config

Signatures

Files

85a0216c7e7e531877310f372fb9aaed949c05f0bc06b5d6ad465ed530f83a51
.exe windows x86

7c48ae9a56ec5bd23c66bede30c22f50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerInstallFileW
GetFileVersionInfoSizeW
VerFindFileA
VerQueryValueA
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
VerFindFileW

mpr

MultinetGetConnectionPerformanceA
WNetSetLastErrorW
WNetCancelConnectionW
WNetGetResourceParentA
WNetCancelConnectionA
WNetGetUserW
WNetGetProviderNameW
WNetGetResourceParentW
WNetGetProviderNameA
WNetGetNetworkInformationA
WNetUseConnectionA
WNetAddConnection2W
WNetGetLastErrorW
MultinetGetConnectionPerformanceW
WNetAddConnection3A
WNetGetNetworkInformationW
WNetConnectionDialog1W
WNetGetConnectionW
WNetConnectionDialog1A
WNetDisconnectDialog
WNetConnectionDialog

urlmon

RevokeFormatEnumerator
UrlMkSetSessionOption
URLOpenPullStreamW
GetClassFileOrMime
RegisterBindStatusCallback
RegisterFormatEnumerator
HlinkSimpleNavigateToMoniker
GetClassURL
CoInternetCompareUrl
RegisterMediaTypes
CoInternetCombineUrl
MkParseDisplayNameEx
GetSoftwareUpdateInfo
URLOpenBlockingStreamA
FindMediaTypeClass
Extract
IsValidURL
FindMimeFromData
CopyStgMedium
UrlMkBuildVersion

mswsock

AcceptEx
rresvport
sethostname
GetServiceW
TransmitFile
EnumProtocolsW
rcmd
GetServiceA
SetServiceW
GetAcceptExSockaddrs
GetNameByTypeW
dn_expand
inet_network
WSARecvEx
rexec
EnumProtocolsA
getnetbyname
GetNameByTypeA
GetTypeByNameW

user32

SendMessageW
EndDialog
DefFrameProcA
DialogBoxParamW
ScreenToClient

ntdll

ZwFlushBuffersFile
ZwQueryInformationJobObject
ZwCreateMutant
ZwAdjustPrivilegesToken
NtSetValueKey
LdrVerifyImageMatchesChecksum
RtlCustomCPToUnicodeN
RtlEnableEarlyCriticalSectionEventCreation
RtlIsValidHandle
RtlpNtEnumerateSubKey
RtlNumberGenericTableElements
PfxInsertPrefix
NtAllocateVirtualMemory
NtQueryPerformanceCounter
NtOpenMutant
NtSetSystemInformation
NtDeleteObjectAuditAlarm
RtlFreeHeap
RtlSetTimeZoneInformation
LdrLoadAlternateResourceModule
NtCreateSymbolicLinkObject
RtlUpcaseUnicodeToCustomCPN
RtlDeleteCriticalSection
RtlFormatMessage
ZwSetIoCompletion
RtlPcToFileHeader
NtReplyPort
ZwCreateFile
ZwCreatePort
ZwAlertThread
NtResumeThread
RtlCreateTagHeap
LdrProcessRelocationBlock
ZwResetEvent
RtlRegisterWait
RtlDeleteResource
ZwWriteRequestData
ZwCreateIoCompletion

wininet

IsUrlCacheEntryExpiredA
CreateUrlCacheGroup
FtpRenameFileW
HttpOpenRequestW
UpdateUrlCacheContentPath
InternetShowSecurityInfoByURLW
InternetSetFilePointer
InternetErrorDlg
SetUrlCacheHeaderData
DetectAutoProxyUrl
CreateUrlCacheEntryW
CreateUrlCacheContainerW
InternetAutodialHangup
FindNextUrlCacheContainerA
FindFirstUrlCacheEntryW
InternetShowSecurityInfoByURLA
InternetReadFileExW
InternetAutodialCallback
DeleteUrlCacheContainerW
DeleteIE3Cache
InternetOpenA
SetUrlCacheGroupAttributeA
FindFirstUrlCacheEntryExA

winmm

midiInGetID
mixerOpen
midiOutGetID
midiOutGetNumDevs
midiConnect
GetDriverModuleHandle
waveInGetDevCapsA
midiOutReset
wod32Message
waveInMessage
mciGetDeviceIDW
mmTaskBlock
timeSetEvent
midiInPrepareHeader
joySetThreshold
mixerGetDevCapsA
timeGetTime
midiOutGetErrorTextA
mmioRenameA
midiOutSetVolume
mmioRead
midiInReset
mmioGetInfo
midiOutLongMsg
waveInGetNumDevs
auxGetVolume
auxOutMessage
waveOutGetPlaybackRate
SendDriverMessage
waveInGetPosition
waveOutBreakLoop
waveInOpen
sndPlaySoundW
mciSendCommandW
OpenDriver
mciSendCommandA
mciSendStringW
midiDisconnect
mmioInstallIOProcA
midiOutUnprepareHeader

msacm32

acmStreamConvert
acmFormatChooseW
acmDriverID
acmDriverPriority
acmFormatTagDetailsA
acmFormatTagEnumA
acmFormatTagDetailsW
acmDriverDetailsA
acmFilterChooseW
acmDriverDetailsW
acmStreamPrepareHeader
acmDriverAddW
acmGetVersion
acmStreamMessage
XRegThunkEntry
acmMetrics
acmFilterTagEnumA
acmFormatDetailsA
acmMessage32
acmStreamReset
acmFormatDetailsW

kernel32

SetProcessWorkingSetSize
GetNumberFormatA
BackupWrite
GetVolumeInformationA
InterlockedDecrement
GetProcAddress
LoadResource
RtlMoveMemory
OpenMutexW
EnumResourceTypesA
CreateHardLinkW
GetProfileStringW
SetVolumeMountPointA
FindAtomW
CreateTimerQueueTimer
GlobalFindAtomA
SetThreadPriority
HeapAlloc
WriteProfileSectionA
UpdateResourceA
CreateMutexA
RemoveDirectoryA
GetProcessAffinityMask
FindNextFileW
LocalSize
InitializeCriticalSection
QueryPerformanceCounter
GetModuleHandleA
TlsAlloc

resutils

ResUtilVerifyService
ResUtilIsPathValid
ResUtilVerifyPropertyTable
ResUtilFindDwordProperty
ResUtilSetPropertyParameterBlockEx
ResUtilGetResourceDependency
ResUtilGetProperties
ResUtilStartResourceService
ResUtilFreeEnvironment
ResUtilGetPropertySize
ResUtilSetPropertyTableEx
ResUtilSetPrivatePropertyList
ResUtilGetSzProperty
ResUtilEnumProperties
ResUtilGetBinaryValue
ResUtilSetResourceServiceStartParameters
ResUtilSetSzValue

crypt32

CryptMsgGetParam
CryptHashMessage
CryptGetMessageCertificates
CryptRegisterOIDInfo
CryptDecodeObject
CryptGetOIDFunctionValue
CertAddEnhancedKeyUsageIdentifier
CryptMsgEncodeAndSignCTL
CertFreeCTLContext
CryptMsgCountersign
CryptMemFree
CryptMsgVerifyCountersignatureEncodedEx
CertSetEnhancedKeyUsage
CryptSignAndEncryptMessage
CertCloseStore
CertFindChainInStore
CertRDNValueToStrW
CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CryptMsgCalculateEncodedLength
CertVerifyCertificateChainPolicy
CertDuplicateCTLContext
CryptSIPLoad
CertControlStore
CryptCloseAsyncHandle
CryptProtectData
CertUnregisterPhysicalStore
CryptEncodeObject
CertSetCRLContextProperty
CertGetCTLContextProperty
CryptSIPAddProvider
CertRegisterPhysicalStore
CertGetCRLFromStore
CertGetIntendedKeyUsage
CryptSIPRetrieveSubjectGuid
CertEnumSystemStore
CertAddCTLLinkToStore
CryptHashPublicKeyInfo
CertFreeCertificateContext

psapi

EnumProcesses
InitializeProcessForWsWatch
GetModuleFileNameExW
GetProcessMemoryInfo
QueryWorkingSet
GetModuleBaseNameA
GetDeviceDriverFileNameA
GetModuleFileNameExA
GetMappedFileNameA
EnumDeviceDrivers
GetModuleInformation
EmptyWorkingSet

tapi32

lineDialA
lineGetLineDevStatusW
lineSetAppSpecific
phoneInitializeExA
tapiRequestMakeCallW
MMCSetPhoneInfo
phoneConfigDialogA
MMCGetServerConfig
lineNegotiateExtVersion
lineNegotiateAPIVersion
lineSwapHold
lineDrop
lineCreateAgentSessionA
linePrepareAddToConferenceA
MMCGetAvailableProviders
lineProxyMessage
phoneInitializeExW
phoneSetButtonInfoA
lineGenerateDigitsW
lineSetTollListW
phoneDevSpecific
lineGetCountryW
lineGetCountryA
lineTranslateDialogA
lineProxyResponse
lineGetGroupListW
lineGetLineDevStatusA
lineGetAgentStatusW
lineUncompleteCall
lineShutdown
lineOpenW
lineAddProviderA
lineSetAgentMeasurementPeriod
lineSetCallPrivilege
lineGetDevCapsW
lineRegisterRequestRecipient
MMCGetLineInfo
lineSetAgentStateEx
lineSetAgentGroup
lineGetAppPriorityA
lineHandoffA
lineSetCallTreatment
phoneSetRing
phoneGetStatusW
lineGetAgentActivityListW
MMCConfigProvider
internalConfig
phoneSetData
MMCAddProvider
phoneGetIDA
lineDeallocateCall
tapiGetLocationInfoA
lineGetNewCalls

shlwapi

PathMakePrettyW
StrDupA
PathIsDirectoryEmptyA
PathIsURLW
SHRegSetUSValueW
SHEnumValueW
ChrCmpIA
AssocQueryStringByKeyA
StrCmpIW
SHRegEnumUSValueW
SHRegQueryInfoUSKeyW
SHOpenRegStreamW
PathIsURLA
PathSkipRootA
UrlCreateFromPathW
PathRemoveBlanksW
PathSetDlgItemPathW
StrCSpnW
SHGetValueW
UrlUnescapeA
PathIsPrefixA
PathIsUNCServerW
StrFormatKBSizeW

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c48ae9a56ec5bd23c66bede30c22f50

Headers

DLL Characteristics

File Characteristics

Imports

version

mpr

urlmon

mswsock

user32

ntdll

wininet

winmm

msacm32

kernel32

resutils

crypt32

psapi

tapi32

shlwapi

Sections

.text Size: 73KB - Virtual size: 73KB

.xdata Size: 55KB - Virtual size: 54KB

.rdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 19KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 73KB - Virtual size: 73KB

.xdata
Size: 55KB - Virtual size: 54KB

.rdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 19KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 4KB