d81cc7888ddb3e894eb17490e8a8cd2c553580a743830afaf9ff3ac08abf456e

Sharing

Copy URL Twitter E-mail

General

Target

d81cc7888ddb3e894eb17490e8a8cd2c553580a743830afaf9ff3ac08abf456e
Size

1.0MB
MD5

7d38cd011c5b0b1c4c09d66c24fa1777
SHA1

f1a765f768e5d30d801728cb2710b6c46676eba6
SHA256

d81cc7888ddb3e894eb17490e8a8cd2c553580a743830afaf9ff3ac08abf456e
SHA512

46336e80b7f46b7184bca13c0cfda2e1f936664cf90119853633352f2c6baf45814af8e37649a5bca42b941e4c4cd68886bdb00b18c9aa06e69083a7141f5f0c
SSDEEP

12288:CQk1Hif2ajZL//QcJtPEyv2XXYDAxEpmQ3iWgZoqORKMcy6eBLIeS5O3adqs:Cb1Hi+eZYYPEFXsXmAgZo1t7LtSzdqs

Score

N/A

Malware Config

Signatures

Files

d81cc7888ddb3e894eb17490e8a8cd2c553580a743830afaf9ff3ac08abf456e
.exe windows x86

c0725f02c2c937a62b8b4d6e29b331f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessTimes
GetSystemDirectoryW
PrepareTape
FindResourceExA
GetConsoleCP
GetConsoleMode
GetVolumeInformationW
VerSetConditionMask
LocalFileTimeToFileTime
FormatMessageA
SetPriorityClass
DisconnectNamedPipe
SetConsoleOutputCP
GetVolumePathNameA
GetCurrencyFormatW
GetDateFormatA
CreateJobObjectW
GetModuleFileNameW
OpenJobObjectW
OpenEventW
GetDiskFreeSpaceExA
GetProcessVersion
GetNamedPipeHandleStateW
DeleteTimerQueueEx
DeleteVolumeMountPointA
ExpandEnvironmentStringsW
FlushInstructionCache
SetProcessWorkingSetSize
DeleteAtom
SetCurrentDirectoryA
SetWaitableTimer
FreeEnvironmentStringsA
GetNamedPipeHandleStateA
GetPrivateProfileSectionNamesW
GetSystemDirectoryA
GetCurrencyFormatA
SwitchToThread
DeviceIoControl
GetTempPathW
GetConsoleAliasesA
MapUserPhysicalPages
IsSystemResumeAutomatic
OpenEventA
VirtualAlloc
DuplicateHandle
GetLocaleInfoA
OpenProcess
LCMapStringA
GetConsoleAliasExesLengthA
lstrcpyA
EnumCalendarInfoA
CreateMutexA
GetTimeFormatW
PeekNamedPipe
OpenMutexW
SetUnhandledExceptionFilter
GetFileAttributesW
SetFileAttributesA
CreateDirectoryExW
CreateWaitableTimerA
FindNextFileW
GetDevicePowerState
CreateHardLinkW
QueryInformationJobObject
GetShortPathNameA
GetCompressedFileSizeW
GetProcessWorkingSetSize
GetConsoleAliasesW
FormatMessageW
IsValidCodePage
OpenWaitableTimerW
GetDateFormatW
CreateProcessA
GetConsoleCursorInfo
GetMailslotInfo
GetTapeStatus
ChangeTimerQueueTimer
GetPrivateProfileSectionNamesA
GlobalMemoryStatus
GetShortPathNameW
SetConsoleCP
GetPrivateProfileStringA
WaitForSingleObjectEx
GetCPInfo
HeapSetInformation
CreateSemaphoreA
GetStdHandle
GetLogicalDriveStringsA
SetProcessAffinityMask
GetEnvironmentStrings
GetFullPathNameA
GetModuleHandleA
GetComputerNameExW
GetStringTypeA
SetComputerNameExA
SetEnvironmentVariableW
IsValidLocale
DosDateTimeToFileTime
SetStdHandle
SetHandleCount
MapUserPhysicalPagesScatter
CreateMailslotA
FindAtomW
FreeUserPhysicalPages
GetConsoleAliasW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
MulDiv
LoadResource
GetStartupInfoW
GetFileAttributesA
GetModuleHandleW
CreateMutexW
FindNextChangeNotification
ReplaceFileA
ReadProcessMemory
GetSystemTime
ProcessIdToSessionId
SetFileTime
LocalReAlloc
OpenJobObjectA
GetStringTypeExA
SetThreadPriority
CreateWaitableTimerW
GetVersion
GetEnvironmentVariableW
Toolhelp32ReadProcessMemory
BindIoCompletionCallback
GetProfileIntW
OpenFileMappingW
GetDiskFreeSpaceExW
GetCurrentThread
GetNumberFormatA
FindResourceA
SetMailslotInfo
GetEnvironmentVariableA
GetDiskFreeSpaceW
OpenWaitableTimerA
GetPriorityClass
FindVolumeClose
GetWindowsDirectoryW
SetTapeParameters

rpcrt4

NdrConformantStringBufferSize
RpcBindingToStringBindingW
RpcMgmtEpEltInqNextW
RpcStringBindingComposeA
RpcBindingSetOption
NdrServerCall2
RpcServerListen
RpcAsyncCompleteCall
RpcErrorResetEnumeration
MesDecodeBufferHandleCreate
NdrUserMarshalBufferSize
I_RpcBindingInqTransportType
RpcServerUseProtseqEpA
RpcBindingInqAuthInfoA
NdrSimpleTypeMarshall
RpcErrorLoadErrorInfo
RpcServerRegisterAuthInfoA
NdrPointerBufferSize
RpcServerRegisterAuthInfoW
RpcMgmtEpEltInqDone
UuidCreateSequential
NdrUserMarshalFree
NdrConvert
RpcCancelThreadEx
NdrPointerFree
NdrMesTypeFree2
NdrConformantArrayUnmarshall
RpcBindingSetObject
RpcEpRegisterW
RpcServerTestCancel
RpcMgmtSetServerStackSize
RpcBindingSetAuthInfoExW
RpcBindingInqObject
NdrOleFree
UuidCreate
NdrClientCall
UuidCreateNil
RpcBindingSetAuthInfoA
RpcUserFree
RpcCertGeneratePrincipalNameW
RpcBindingInqAuthClientA
NdrConformantStringMarshall
NdrClearOutParameters

user32

GetAltTabInfoA

comctl32

CreatePropertySheetPageW
CreateStatusWindowW
ImageList_Copy
ImageList_LoadImageW
ImageList_Write
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_Draw
_TrackMouseEvent
ImageList_GetImageCount
CreatePropertySheetPageA
CreateToolbarEx
ImageList_DrawEx
ImageList_Remove
ImageList_DrawIndirect
ImageList_Destroy
ImageList_SetDragCursorImage
FlatSB_SetScrollInfo
PropertySheetA
FlatSB_GetScrollPos
ImageList_GetIconSize
ImageList_Read
ImageList_EndDrag
ImageList_DragEnter
ImageList_AddMasked
ImageList_BeginDrag
ImageList_SetBkColor
PropertySheetW
FlatSB_SetScrollPos
ImageList_DragMove
ImageList_SetOverlayImage
ImageList_GetImageInfo
ImageList_LoadImageA
InitCommonControlsEx
FlatSB_GetScrollInfo
FlatSB_SetScrollProp
ord17
ImageList_SetImageCount
ImageList_DragLeave
InitializeFlatSB
ImageList_GetIcon
ImageList_Create
DestroyPropertySheetPage
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetBkColor
ImageList_SetIconSize
ImageList_Replace

advapi32

RegSetValueExA
RegQueryValueExA
AddAuditAccessAce
SetTokenInformation
RegNotifyChangeKeyValue
IsValidSid
AreAllAccessesGranted
GetTokenInformation
RegSetKeySecurity
CryptReleaseContext
ControlService
GetSidLengthRequired
GetCurrentHwProfileW
AreAnyAccessesGranted
SetKernelObjectSecurity
OpenThreadToken
RegQueryInfoKeyA
AddAccessAllowedAce
RegSetValueW
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSidSubAuthority
AddAce
DeregisterEventSource
LsaOpenPolicy
RegDeleteKeyW
RegEnumValueW
OpenServiceW
RegOpenKeyExA
RegQueryMultipleValuesW
AdjustTokenPrivileges
CryptHashData
SetFileSecurityW
GetSidSubAuthorityCount
RegCreateKeyExW
AddAccessDeniedAce
GetKernelObjectSecurity
InitializeSecurityDescriptor
RegQueryMultipleValuesA
InitializeAcl
GetSidIdentifierAuthority
RegCreateKeyExA
RegSetValueExW
RegSetValueA
GetCurrentHwProfileA

Sections

.text
Size: 877KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2ns
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f1g
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vvx5b
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1job
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uny
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0725f02c2c937a62b8b4d6e29b331f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

Sections

.text Size: 877KB - Virtual size: 876KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 262KB

.2ns Size: 26KB - Virtual size: 25KB

.f1g Size: 9KB - Virtual size: 8KB

.vvx5b Size: 28KB - Virtual size: 27KB

.1job Size: 26KB - Virtual size: 25KB

.uny Size: 30KB - Virtual size: 30KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 877KB - Virtual size: 876KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 262KB

.2ns
Size: 26KB - Virtual size: 25KB

.f1g
Size: 9KB - Virtual size: 8KB

.vvx5b
Size: 28KB - Virtual size: 27KB

.1job
Size: 26KB - Virtual size: 25KB

.uny
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 39KB - Virtual size: 39KB