de2559d85870b9e09f9769f8c240ba7ae9593825a515c5897e7e32ede5238419

Sharing

Copy URL

Twitter E-mail

General

Target

de2559d85870b9e09f9769f8c240ba7ae9593825a515c5897e7e32ede5238419
Size

827KB
MD5

0be40c1dc5d833ada5a491d7434e4ea4
SHA1

87e06ad1a1321a184ecccc6ac8a5bf5286c26b39
SHA256

de2559d85870b9e09f9769f8c240ba7ae9593825a515c5897e7e32ede5238419
SHA512

64362180a21d69f5a9c6acdc3a240964e52ba4a4da763c096911c0d38392444e7332fc4ffa171c594e4e368b4b78c3b68ae999f6e7bc20999f14226526ed1621
SSDEEP

24576:9rxXLDRiqJ+MLK+0JdAEo1mGajnVmLUx:9VLDEmp+RJgQJjnIAx

Score

N/A

Malware Config

Signatures

Files

de2559d85870b9e09f9769f8c240ba7ae9593825a515c5897e7e32ede5238419
.exe windows x86

a48e34671acc607673efacd058db13e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

OpenTnefStream
OpenStreamOnFile@24
HrGetOmiProvidersFlags@8
MAPISendMail
MNLS_MultiByteToWideChar@24
LpValFindProp@12
SzFindLastCh@8
UNKOBJ_Free@8
BMAPISaveMail
cmc_act_on
BMAPIDetails
MNLS_lstrlenW@4
FtAddFt@16
MAPIDeleteMail

wmi

ControlTraceA
WmiCloseBlock
WmiQueryGuidInformation
ControlTraceW
WmiQuerySingleInstanceW
TraceEventInstance
WmiDevInstToInstanceNameW
WmiFreeBuffer
WmiDevInstToInstanceNameA
CloseTrace
RegisterTraceGuidsW
RemoveTraceCallback
GetTraceLoggerHandle
WmiOpenBlock

shell32

StrNCmpIA
RealShellExecuteExW
StrRStrIW
SHHelpShortcuts_RunDLL
FreeIconList
DragQueryFileAorW
SHBrowseForFolderW
Control_RunDLLA
StrCmpNA
ExtractIconExW
DoEnvironmentSubstW
StrNCmpA
SHLoadNonloadedIconOverlayIdentifiers
FindExecutableA
SHFormatDrive
SHExtractIconsW
SHEnumerateUnreadMailAccountsW
DllGetVersion
SHGetSettings
InternalExtractIconListA
ShellExec_RunDLLA
StrRStrIA

d3dim700

Direct3DCreate
FlushD3DDevices
Direct3DCreateDevice
Direct3D_HALCleanUp
SetLOD
SurfaceFlipNotify
D3DBreakVBLock
GetPriority
GetLOD
PaletteUpdateNotify
SetPriority
PaletteAssociateNotify
D3DMalloc
D3DTextureUpdate
CreateTexture
DestroyTexture
D3DFree
D3DRealloc

advapi32

OpenSCManagerA
GetEffectiveRightsFromAclW
SaferiChangeRegistryScope
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheck
RegDeleteKeyA
SetSecurityDescriptorSacl
SaferIdentifyLevel
RegCreateKeyExW
SetSecurityDescriptorGroup
InitiateSystemShutdownW
SetEntriesInAccessListW
ConvertAccessToSecurityDescriptorA

kernel32

WriteConsoleInputA
LoadLibraryW
GetModuleHandleW
CloseProfileUserMapping
HeapLock
CopyLZFile
EnumCalendarInfoExA
GetLocaleInfoA
WaitCommEvent
GetCurrentThread
DeleteCriticalSection
TerminateJobObject

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a48e34671acc607673efacd058db13e7

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

wmi

shell32

d3dim700

advapi32

kernel32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 1024B - Virtual size: 820B