006322cce4faca663bdbbcd197ad4be52e2f3de2d73ba1aeab2b41e2f9e5ea1b

Sharing

Copy URL Twitter E-mail

General

Target

006322cce4faca663bdbbcd197ad4be52e2f3de2d73ba1aeab2b41e2f9e5ea1b
Size

120KB
MD5

e117833330e417f3444dd14364357026
SHA1

276a9724e305ea074fd5c2dadb18c2602bbd5166
SHA256

006322cce4faca663bdbbcd197ad4be52e2f3de2d73ba1aeab2b41e2f9e5ea1b
SHA512

ae774e9dd547058063623a2cc16470ef867f4baa9ddb5cacc672d3628350a9bbc87ca9e7cd84258e1655acbdacdb858ccbcdad469a02a9f6a85e4e4ab196c557
SSDEEP

1536:XEqPu/vASdju6AtK7Wy2ZP6kqHfjny3xNAK97utEhxco/oTwevMqltuzCdXHTpA:04unAy/wUWv6kqHfbcm2cVUEMWJTpA

Score

N/A

Malware Config

Signatures

Files

006322cce4faca663bdbbcd197ad4be52e2f3de2d73ba1aeab2b41e2f9e5ea1b
.dll windows x86

b60c2dee27462cb689692080e4ad05b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
GetProcAddress
LocalCompact
QueryPerformanceCounter
SetCommConfig
WaitNamedPipeW
_lcreat
GetPrivateProfileSectionNamesA
OpenFileMappingA
HeapSize
ClearCommError
GetThreadPriorityBoost
OpenEventW
GetEnvironmentVariableW
DuplicateConsoleHandle
GetSystemTime
ResetEvent
UnregisterWait
BeginUpdateResourceA
LoadLibraryA
SetTapePosition
GetConsoleAliasExesA
FreeLibrary
SetCurrentDirectoryW
SetHandleCount
SetProcessShutdownParameters
GlobalGetAtomNameA
EnumResourceLanguagesW
GetLastError
OpenConsoleW
MultiByteToWideChar
SetConsoleNumberOfCommandsW
GetCommModemStatus
ReadConsoleOutputAttribute
SetConsoleCursorPosition
CreateJobObjectA
BackupSeek
HeapLock
DefineDosDeviceA
FindFirstVolumeMountPointW
RegisterConsoleVDM
CompareFileTime
FatalExit
IsBadReadPtr
TlsSetValue
InitializeCriticalSectionAndSpinCount
SetConsoleNumberOfCommandsA
SetCommMask
ConvertThreadToFiber
GetFileSize
SetVDMCurrentDirectories
FindFirstFileW
FindNextVolumeW
WriteFileGather
GetNamedPipeInfo
CreateEventW
VirtualProtect
GetConsoleAliasesA
GetLogicalDriveStringsA
CreateWaitableTimerW
GetProcessVersion
GetProfileIntA
SetCurrentDirectoryA
GlobalCompact
IsBadWritePtr
GetPrivateProfileSectionW
lstrcpyW
GetDriveTypeA
SetConsoleMaximumWindowSize
GetLocalTime
TransactNamedPipe
GetNumberOfConsoleMouseButtons
CreateFileA
WaitNamedPipeA
GetLocaleInfoA
CreateMailslotA
GetEnvironmentStringsW
WaitForMultipleObjects
EraseTape
GetFileSizeEx
IsValidLocale
GetVersion
GetHandleInformation
GetModuleHandleA
VirtualAlloc
FindFirstChangeNotificationA

user32

SetCursor
GetMessageExtraInfo
GetCursor
DefWindowProcA
ArrangeIconicWindows
TrackPopupMenuEx
RegisterWindowMessageA
DialogBoxParamW
SendMessageA
CharUpperBuffA
OemKeyScan
DrawFocusRect
IsCharLowerW
CascadeChildWindows
IMPQueryIMEA
MessageBoxW
DestroyCaret
GetGUIThreadInfo
GetWindowThreadProcessId
DeleteMenu
IsClipboardFormatAvailable
GetMenuBarInfo
DialogBoxIndirectParamW
WINNLSGetIMEHotkey
DdeNameService
DrawStateA
ShowWindowAsync
GetWindowWord
BeginDeferWindowPos
CreateDialogParamW
DrawIcon
SetScrollInfo
SetFocus
ChangeDisplaySettingsExA
DdeCmpStringHandles
IsDlgButtonChecked
GetMenuContextHelpId
GetMenuStringW
GetNextDlgTabItem
CharToOemBuffA
RegisterClipboardFormatA
CreateMenu

gdi32

GetObjectA
CreateFontIndirectW
StretchBlt
CreateEllipticRgnIndirect
DPtoLP
EnumFontFamiliesExW
AddFontResourceA
IntersectClipRect
WidenPath
CreatePatternBrush
CreateDIBitmap
Arc
SetDCBrushColor
GetRandomRgn
CombineRgn
GetStretchBltMode
CreatePen
GetEnhMetaFileDescriptionA
CreateCompatibleDC
SetPixelFormat
OffsetClipRgn
PolyDraw
FillPath
GetStockObject
CreateICW
SetICMMode
GetViewportExtEx
EndFormPage
GetTextMetricsA
MoveToEx
SetDIBits
GdiGetDevmodeForPage
PolyTextOutA
GetCharacterPlacementA
DeleteDC
GdiGetPageCount
SelectObject
EnumICMProfilesA
GetCharWidthW
SetROP2
CreateCompatibleBitmap
RectInRegion
SetViewportOrgEx
FlattenPath

advapi32

SystemFunction005
LogonUserA
ElfOpenEventLogW
EnumDependentServicesA
RegisterEventSourceA
SystemFunction018
QueryServiceLockStatusA
AreAllAccessesGranted
LsaLookupSids
EnumDependentServicesW
SystemFunction027
GetSecurityDescriptorOwner
BuildSecurityDescriptorW
CryptDestroyHash
SystemFunction019
AddAccessAllowedAceEx
EncryptFileW
InitiateSystemShutdownA
LsaLookupNames
CryptExportKey
ConvertAccessToSecurityDescriptorW
RegOpenKeyExA
RegLoadKeyA
SystemFunction017
BuildImpersonateExplicitAccessWithNameW
LsaSetSystemAccessAccount
ElfReadEventLogW
RegEnumValueA
GetTrusteeFormW
CancelOverlappedAccess
ElfCloseEventLog
SetEntriesInAuditListW
GetLengthSid
TrusteeAccessToObjectA
LsaFreeMemory
ConvertAccessToSecurityDescriptorA
SetEntriesInAclW
CryptEnumProvidersA
LsaEnumerateAccounts
LogonUserW
RegDeleteValueA
GetTrusteeFormA
ElfChangeNotify
SystemFunction029
SetEntriesInAclA
ElfOldestRecord
CryptSetProvParam
RegisterEventSourceW
ObjectPrivilegeAuditAlarmW
GetSecurityDescriptorLength
RegCreateKeyW
GetOldestEventLogRecord
LsaEnumeratePrivileges
LsaOpenPolicy
QueryRecoveryAgentsOnEncryptedFile
BuildImpersonateTrusteeW
CryptGetDefaultProviderW
LookupAccountSidW
RegDeleteKeyA
SetNamedSecurityInfoA
SetTokenInformation
LsaCreateTrustedDomain
IsValidSecurityDescriptor
AccessCheckByTypeAndAuditAlarmA
AreAnyAccessesGranted
StartServiceA

shell32

StrRStrA
WOWShellExecute
StrChrW
StrStrIA
Shell_NotifyIconA
SHGetDiskFreeSpaceA
StrNCmpA
ExtractAssociatedIconExW
SHFileOperationW
SHEmptyRecycleBinW
StrRStrW
StrChrIW
SHGetSettings
SHGetDataFromIDListW
StrRChrIW
DoEnvironmentSubstA
SHGetSpecialFolderPathA
StrRStrIA
StrChrIA
SheSetCurDrive
StrCmpNIA
SHGetSpecialFolderPathW
StrStrW
StrStrA
StrRChrIA
FindExecutableW
SHGetPathFromIDListA

shlwapi

StrCmpIW
PathRelativePathToW
UrlApplySchemeW
PathIsFileSpecW
PathCommonPrefixA
StrTrimA
SHQueryInfoKeyA
SHEnumKeyExA
PathAddExtensionW
SHQueryValueExA
SHRegQueryInfoUSKeyW
StrCSpnIW
UrlHashW
UrlEscapeW
PathGetDriveNumberW
UrlGetPartW
PathGetArgsW
SHGetInverseCMAP
PathIsUNCW
SHRegGetUSValueA
PathAppendW
PathIsContentTypeW
PathIsSystemFolderA
PathIsFileSpecA
ChrCmpIW
PathFindOnPathA
PathIsRelativeA
UrlCreateFromPathW
StrToIntExA
PathFindOnPathW
SHEnumKeyExW
PathIsPrefixW
SHQueryInfoKeyW
SHOpenRegStreamW
SHRegEnumUSValueA
UrlGetLocationW
SHEnumValueW
SHRegSetUSValueA
PathRemoveBackslashA
PathAppendA
PathRemoveFileSpecW
PathQuoteSpacesW
StrNCatW
SHRegQueryUSValueW
SHRegCreateUSKeyW
SHRegEnumUSKeyW
PathRenameExtensionA
PathIsURLW
GetMenuPosFromID
StrIsIntlEqualW
PathGetCharTypeW
StrFormatByteSizeA

winspool.drv

DeletePrintProcessorA
GetPrintProcessorDirectoryA
DEVICECAPABILITIES
SetPrinterDataW
WritePrinter
FreePrinterNotifyInfo
AddPrintProcessorW
ResetPrinterA
AddPrinterDriverA
ord100
SetPrinterDataA
ExtDeviceMode
OpenPrinterA
DeletePrinterConnectionW
DeleteMonitorW
EnumPrintProcessorsA
SetPortW
DeletePrintProvidorW
QueryRemoteFonts
DocumentPropertiesA
GetFormA
EndPagePrinter
EndDocPrinter
AddPortExA
AddPrinterW
DeleteMonitorA

msvcrt

_mbsnset
fputc
_mbsspn
_unlink
iswspace
_fgetchar
_osver
__isascii
fwrite
_fstat
_wfopen
_memicmp
_ltow
fputs
_wcsncoll
fseek
fclose
fopen
fprintf
ferror
_mbctombb
_ismbslead
fsetpos
sprintf
fwprintf
_isatty
fread
longjmp
printf
_wctime
ftell
_safe_fprem
memset
feof
sin

Exports

Exports

Dfaekocttv
Exjtmvr
Fphxzxtfqw
Iasvvuzewf
Ioqukueu
Rfmu
Yqmlvsvc

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b60c2dee27462cb689692080e4ad05b6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 52KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 52KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 6KB