325f43c62aa5b037e617650d527aa0aac906a3ba65794be3d8a14dea3b9160a7

Sharing

Copy URL

Twitter E-mail

General

Target

325f43c62aa5b037e617650d527aa0aac906a3ba65794be3d8a14dea3b9160a7
Size

2.9MB
MD5

d1cbeb81b3206dd4045c77f2cdc321e2
SHA1

547eabe6c10639954f55edf54964eed0f267ceea
SHA256

325f43c62aa5b037e617650d527aa0aac906a3ba65794be3d8a14dea3b9160a7
SHA512

7c7f13f6b211376085ec78e1e987eeb2eda2d3aa189a156207adddae741631e0bc29f32e021b96dd277492ee5bcc2680c5a46d066e6537ce47c9a49ad3bdc23f
SSDEEP

24576:YQ7wfI6yo+ygOV7ZeS0MAyWSRmTo+0PF3aVPj:GIRqVQrNtSYs+0PlaR

Score

N/A

Malware Config

Signatures

Files

325f43c62aa5b037e617650d527aa0aac906a3ba65794be3d8a14dea3b9160a7
.exe windows x86

5e39ef9aa461f613f663259f923a9352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileWithProgressA
OpenFileMappingW
GetNumberOfConsoleInputEvents
GetOEMCP
GetConsoleAliasesW
OpenJobObjectW
GetHandleInformation
DeleteTimerQueueEx
AreFileApisANSI
GetEnvironmentStringsW
LCMapStringW
OpenJobObjectA
RemoveDirectoryA
GetDriveTypeW
LoadLibraryExA
SetConsoleTextAttribute
FindFirstFileA
GetPrivateProfileStructW
GetWindowsDirectoryA
GetMailslotInfo
SetThreadIdealProcessor
CreateWaitableTimerW
GetComputerNameW
SetEnvironmentVariableA
GetUserDefaultLangID
SetStdHandle
GetLogicalDriveStringsW
SetThreadPriorityBoost
GetProfileSectionA
FoldStringA
GetCurrentDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
GetPrivateProfileSectionA
OpenMutexW
GetPrivateProfileStringA
GetProfileIntW
PostQueuedCompletionStatus
GetFileType
FindVolumeClose
Module32Next
ExitThread
GetTempPathA
DeleteAtom
DeleteVolumeMountPointA
GetLogicalDriveStringsA
OpenSemaphoreA
VerifyVersionInfoW
GetDateFormatW
CopyFileW
AddAtomA
GetCalendarInfoW
GetVolumeInformationW
OpenEventW
ReadProcessMemory
GlobalMemoryStatus
GetVersion
GetEnvironmentStrings
SearchPathA
GetExitCodeProcess
SetCurrentDirectoryW
GetUserDefaultUILanguage
GetVolumeInformationA
RtlUnwind
GetConsoleScreenBufferInfo
IsBadWritePtr
IsDBCSLeadByte
IsDBCSLeadByteEx
CreateSemaphoreW
GetThreadContext
GetConsoleCursorInfo
GetFileAttributesExW
ResetEvent
GetEnvironmentVariableW
FindAtomA
GetBinaryTypeA
GetConsoleCP
FindResourceExA
CreateMutexW
SetComputerNameExA
FreeEnvironmentStringsW
GetPrivateProfileIntW
GetStdHandle
OpenProcess
CreateTapePartition
GetPrivateProfileSectionW
CompareStringA
ExpandEnvironmentStringsA
SetTapePosition
GetCurrentProcess
SetUnhandledExceptionFilter
DisconnectNamedPipe
GetNamedPipeInfo
GetConsoleAliasExesA
Module32First
MultiByteToWideChar
SetErrorMode
GetAtomNameW
GlobalDeleteAtom
GetFileInformationByHandle
GetLocaleInfoW
ReleaseMutex
Toolhelp32ReadProcessMemory
HeapCreate
TerminateThread
GetModuleFileNameW
SetThreadLocale
ExpandEnvironmentStringsW
GetVolumePathNameW
CreateJobObjectA
FreeEnvironmentStringsA
GetModuleFileNameA
CreateFileW
VirtualAlloc
MapUserPhysicalPagesScatter
CreateJobObjectW
SetProcessWorkingSetSize
GetPrivateProfileSectionNamesA
GetLogicalDrives
ConvertThreadToFiber
CreateProcessW
OpenWaitableTimerW
SetVolumeMountPointA
SetConsoleActiveScreenBuffer
SetThreadPriority
FormatMessageA
GetCurrencyFormatA
GetPrivateProfileIntA
GetModuleHandleA
DeleteTimerQueue
CancelWaitableTimer
FlushInstructionCache
GetDiskFreeSpaceA
DosDateTimeToFileTime
AddAtomW
SetPriorityClass
SetTapeParameters
CreateSemaphoreA
CreateFileMappingW
GetTapeStatus
GetNamedPipeHandleStateA
ReleaseSemaphore
FreeLibraryAndExitThread
ResumeThread
SetFileTime
GetAtomNameA
FileTimeToDosDateTime
SetFileAttributesA
SetEvent
GetCommandLineW
GetTempFileNameW
FindFirstVolumeA
ReplaceFileA
MapViewOfFile
GetConsoleOutputCP
GetProcessVersion
CreateNamedPipeA
GetDevicePowerState
GetProfileIntA
GetThreadLocale
GetOverlappedResult
CreateFileMappingA
GetProcAddress
ReadDirectoryChangesW
Module32NextW
GetNumberFormatW
OpenFileMappingA
WritePrivateProfileStringA
QueryPerformanceFrequency
GetProfileStringA
GetFileAttributesExA
GetSystemDefaultLangID
GetCalendarInfoA
CreateHardLinkA
DeviceIoControl
LCMapStringA
GetDiskFreeSpaceW
VirtualProtect
GetWindowsDirectoryW
SetConsoleMode
GetSystemDefaultLCID
GetVolumePathNameA
GlobalHandle
CopyFileExW
GetStringTypeExW
MapViewOfFileEx
CreateWaitableTimerA
GetFileTime
GetLocaleInfoA
SetCalendarInfoW
EnumCalendarInfoW
lstrcatA
SwitchToThread
CreateDirectoryA
GetDateFormatA
DefineDosDeviceA
Module32FirstW
GetConsoleWindow
SetProcessAffinityMask
GetLongPathNameA
BindIoCompletionCallback
MoveFileWithProgressW
GetConsoleMode
SetMailslotInfo
SetWaitableTimer
GetPrivateProfileSectionNamesW
SetConsoleCtrlHandler
SetThreadContext
UnlockFile
GetCurrentThread
ConvertDefaultLocale
SetHandleInformation

rpcrt4

UuidCreateNil
I_RpcBindingInqTransportType
RpcMgmtEnableIdleCleanup
RpcBindingInqAuthClientW
RpcAsyncGetCallStatus
RpcNetworkIsProtseqValidA
RpcBindingReset
RpcServerUseProtseqW
RpcBindingToStringBindingW
RpcRevertToSelf
NDRCContextBinding
UuidCreate
NdrServerCall2
RpcBindingSetAuthInfoExW
NdrMesTypeAlignSize2
RpcStringBindingComposeW
RpcBindingServerFromClient
RpcServerUseProtseqIfW
RpcSsContextLockExclusive
RpcMgmtEpEltInqDone
NdrUserMarshalBufferSize
RpcBindingFree
RpcMgmtStatsVectorFree
RpcRaiseException
RpcCancelThread
NdrClientCall
NdrStubCall
RpcServerUseProtseqEpW
RpcMgmtIsServerListening
NdrPointerUnmarshall
RpcStringBindingComposeA
RpcServerRegisterAuthInfoA
NdrConvert2
NdrOleAllocate
RpcServerYield
RpcServerUnregisterIf
NdrClientCall2
RpcUserFree
NdrStubCall2
RpcBindingCopy

user32

LoadStringA
GetCursor
CloseWindowStation
NotifyWinEvent
GetSystemMenu
GetWindowLongA
IsDialogMessageW
GetWindowPlacement
SetWindowRgn
GetShellWindow
CharLowerBuffW
GetIconInfo
SetCapture
GetPropW
InvalidateRgn
SetWindowPos
CallNextHookEx
GetScrollInfo
EnumChildWindows
GetNextDlgTabItem
EnumWindows
LockWindowUpdate
RemovePropA
SetScrollInfo
RegisterWindowMessageA
DrawEdge
DispatchMessageA
LoadBitmapA
GetThreadDesktop
AppendMenuW
CheckMenuItem
GetUpdateRect
CloseDesktop
OpenDesktopW
InsertMenuW
SendDlgItemMessageW
FillRect
SetCursor
GetMessagePos
CallWindowProcW
DestroyIcon
GetSystemMetrics
ReleaseDC
IsWindowUnicode
InflateRect
GetMessageA
MonitorFromPoint
DrawFocusRect
ScreenToClient
UnhookWindowsHookEx
AppendMenuA
DestroyWindow
LoadMenuA
FrameRect
CopyImage
SetWindowTextA
SetDlgItemTextW
GetKeyboardLayout
GetAltTabInfoA
WindowFromDC
EqualRect
GetDlgItemInt
GetWindowThreadProcessId

comctl32

FlatSB_GetScrollPos
CreatePropertySheetPageW
ImageList_SetOverlayImage
ImageList_LoadImageA
ImageList_Copy
ImageList_SetImageCount
ImageList_SetIconSize
InitializeFlatSB
ImageList_BeginDrag
ImageList_Add
_TrackMouseEvent
ImageList_DragShowNolock
PropertySheetA
ImageList_LoadImageW
ImageList_SetDragCursorImage
FlatSB_SetScrollProp
ImageList_GetIconSize
ImageList_DragEnter
ImageList_Draw
InitCommonControlsEx
ImageList_GetImageCount
CreateStatusWindowW
FlatSB_SetScrollInfo
ImageList_Create
ImageList_AddMasked
ImageList_EndDrag

advapi32

IsValidSid
SetTokenInformation
RegQueryMultipleValuesA
RegNotifyChangeKeyValue
AddAce
RegSetValueExW
GetTokenInformation
GetCurrentHwProfileA
GetSidSubAuthorityCount
CryptGetHashParam
RegQueryMultipleValuesW
AddAccessAllowedAce
GetKernelObjectSecurity
SetKernelObjectSecurity
RegDeleteValueW
GetSidSubAuthority
RegSetValueW
RegSetValueA
RegCreateKeyExA
OpenServiceW
CryptAcquireContextW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
ReportEventW
FreeSid
RegCreateKeyW
CryptDestroyHash
CloseServiceHandle
EqualSid
CryptCreateHash
RegEnumKeyExW
MakeSelfRelativeSD
GetAclInformation
ChangeServiceConfigW
RegEnumKeyW
QueryServiceStatus
LsaQueryInformationPolicy
RegCreateKeyA
SetThreadToken
CopySid
AddAccessDeniedAce
RegSetValueExA
RegQueryValueExW
RegDeleteKeyW
OpenProcessToken
AreAllAccessesGranted
CryptHashData
InitializeSecurityDescriptor
RegQueryValueExA
GetCurrentHwProfileW
RegEnumKeyExA
RegCreateKeyExW
AddAuditAccessAce
GetSidIdentifierAuthority
CreateWellKnownSid
RegisterEventSourceW
OpenServiceA
RegDeleteKeyA
AreAnyAccessesGranted
InitializeAcl
GetSidLengthRequired
OpenSCManagerW
RegSetKeySecurity
GetUserNameW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHChangeNotify
SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW
SHBindToParent
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHFileOperationW
SHGetDesktopFolder

ole32

CreateOleAdviseHolder
HWND_UserSize
CoFileTimeToDosDateTime
CLSIDFromString
OleIsRunning
OleMetafilePictFromIconAndLabel
HGLOBAL_UserMarshal
CoFileTimeNow
CoMarshalInterface
HGLOBAL_UserFree
OleRegEnumVerbs
OleLoad
IIDFromString
OleCreateLinkToFile
OleRegEnumFormatEtc
HPALETTE_UserSize
GetHGlobalFromStream
CoCancelCall
CreateStreamOnHGlobal
CoInitializeEx
CoGetInterfaceAndReleaseStream
GetRunningObjectTable
OleBuildVersion
CoGetCurrentLogicalThreadId
CoInitializeSecurity
CreateDataCache
OleUninitialize
CoAllowSetForegroundWindow
OleSetClipboard
CoUnmarshalHresult
HICON_UserMarshal

oleaut32

GetActiveObject
VariantCopyInd
SysReAllocStringLen
SafeArrayGetLBound
VariantInit
SetErrorInfo
VariantChangeTypeEx

Sections

.text
Size: 942KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.09u
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dd4
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oidg
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f1k
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ixu6
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.okrc5
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e39ef9aa461f613f663259f923a9352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 942KB - Virtual size: 941KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 256KB

.09u Size: 483KB - Virtual size: 482KB

.dd4 Size: 335KB - Virtual size: 334KB

.oidg Size: 313KB - Virtual size: 312KB

.f1k Size: 266KB - Virtual size: 266KB

.ixu6 Size: 80KB - Virtual size: 80KB

.okrc5 Size: 393KB - Virtual size: 392KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 942KB - Virtual size: 941KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 256KB

.09u
Size: 483KB - Virtual size: 482KB

.dd4
Size: 335KB - Virtual size: 334KB

.oidg
Size: 313KB - Virtual size: 312KB

.f1k
Size: 266KB - Virtual size: 266KB

.ixu6
Size: 80KB - Virtual size: 80KB

.okrc5
Size: 393KB - Virtual size: 392KB

.rsrc
Size: 96KB - Virtual size: 95KB