6b3f4168537305ff29048d822fdf4720ad1713a9b81618a43abe4099aa3ee95c

Sharing

Copy URL Twitter E-mail

General

Target

6b3f4168537305ff29048d822fdf4720ad1713a9b81618a43abe4099aa3ee95c
Size

1.3MB
MD5

ac50734cca70b3152b5d1f371c0f8fb6
SHA1

c171256c48488541d08f7ffce059950a1d1ec372
SHA256

6b3f4168537305ff29048d822fdf4720ad1713a9b81618a43abe4099aa3ee95c
SHA512

003cf52c08deff968c751275a75621d06ac7ee469c921deac00225c85f475da451c3f547a2a794f383ff4517cb6030a429da8957c396df57f269c1d7fb32c28c
SSDEEP

24576:hN1ZDG3a7RK3kN+xFGKFe7qgCVkQ/MO1WMLhMU2/9tWVpd/I5Qk9:/1ZjK3kg7GKFIyhUMhMU8

Score

N/A

Malware Config

Signatures

Files

6b3f4168537305ff29048d822fdf4720ad1713a9b81618a43abe4099aa3ee95c
.exe windows x86

5f1bf434954062c941c8633a3dc061dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
SetConsoleTextAttribute
GetCalendarInfoA
CreateMutexW
SetFileAttributesA
CopyFileW
GetSystemDirectoryA
EnumCalendarInfoExW
CreateDirectoryA
AreFileApisANSI
GetConsoleMode
FindFirstVolumeW
SetThreadExecutionState
OpenThread
GetConsoleCP
ConvertDefaultLocale
GetFullPathNameA
GetConsoleAliasesW
OpenJobObjectW
GetStringTypeW
GetPrivateProfileStringW
GetOEMCP
SetHandleInformation
GetCurrencyFormatW
GetFullPathNameW
FormatMessageA
GetPrivateProfileStringA
LCMapStringA
SetTapePosition
ResetEvent
ResumeThread
GetProfileIntA
GetStringTypeExA
CreateTimerQueueTimer
DuplicateHandle
GetProcessVersion
ReleaseMutex
GetFileAttributesExA
GetVolumeInformationA
IsBadWritePtr
GetUserDefaultLCID
FindVolumeMountPointClose
CreateFileMappingW
ExpandEnvironmentStringsW
GetProfileSectionW
GetPrivateProfileSectionW
GetThreadPriority
GlobalDeleteAtom
LocalReAlloc
SetConsoleCP
ReplaceFileW
FindNextChangeNotification
GetConsoleScreenBufferInfo
FormatMessageW
GetProfileStringW
SetPriorityClass
Module32Next
CreateFileW
CreateDirectoryExA
SetThreadLocale
GetEnvironmentVariableW
GetProfileStringA
SetEnvironmentVariableW
lstrcmpiA
GetProfileIntW
GetThreadContext
Module32FirstW
SetConsoleActiveScreenBuffer
CancelIo
GetSystemDefaultLCID
ReadDirectoryChangesW
GetFileTime
SetTapeParameters
GetPrivateProfileSectionNamesA
MoveFileWithProgressA
FindResourceExA
GetDateFormatA
OpenMutexW
GetLongPathNameW
GetNumberFormatW
GetNumberFormatA
FreeEnvironmentStringsA
GetUserDefaultUILanguage
GlobalUnlock
CompareStringA
GetCPInfoExA
GetSystemWindowsDirectoryW
GetCurrentDirectoryA
CreateJobObjectA
GetStdHandle
FindFirstVolumeMountPointA
SetProcessPriorityBoost
OpenWaitableTimerA
GetDiskFreeSpaceExW
TryEnterCriticalSection
TlsAlloc
SetStdHandle
EraseTape
GetTempPathW
OpenEventW
MapUserPhysicalPagesScatter
SetCalendarInfoA
Module32First
GetVolumePathNameW
ReadFile
GetEnvironmentStrings
GetPrivateProfileStructW
GetNamedPipeInfo
SetSystemTimeAdjustment
GetEnvironmentVariableA
GetConsoleWindow
SetSystemPowerState
Toolhelp32ReadProcessMemory
FlushConsoleInputBuffer
OpenEventA
GetModuleHandleW
GetFileAttributesA
CreateTapePartition
CreateHardLinkA
CreateSemaphoreW
IsDBCSLeadByteEx
GetCurrentThread
EnumCalendarInfoW
DeleteTimerQueueEx
CreateEventW
GetHandleInformation
SetCalendarInfoW
SetLocaleInfoW
WaitForSingleObjectEx
DeleteTimerQueue
SetErrorMode
GetSystemDirectoryW
DeviceIoControl
MoveFileWithProgressW
GetFileType
GetLogicalDriveStringsA
GetPrivateProfileSectionA
CopyFileExA
GetConsoleAliasExesA
MapUserPhysicalPages
GetCompressedFileSizeA
SwitchToThread
AddAtomA
GetSystemDefaultLangID
SetFileTime
VerSetConditionMask
MoveFileW
FlushInstructionCache
MulDiv
IsSystemResumeAutomatic
lstrcatA
SetFilePointerEx
CreateDirectoryW
EnumCalendarInfoExA
DeleteVolumeMountPointA
CreateNamedPipeW
FindAtomA
GetExitCodeProcess
DeleteAtom
CreateWaitableTimerA
HeapCreate
OpenProcess
GetConsoleCursorInfo
FindAtomW
CreateIoCompletionPort
GetDevicePowerState
VirtualQuery
GetCompressedFileSizeW
GetLocaleInfoW
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
ExitThread
OpenFileMappingW
FlushFileBuffers
EnumCalendarInfoA
ContinueDebugEvent
CreateProcessA
GetConsoleAliasExesLengthW
GetFileAttributesExW
GetMailslotInfo
MapViewOfFile
GetProcAddress
GetWindowsDirectoryW
DefineDosDeviceA
FileTimeToDosDateTime
GetModuleFileNameW
CreateMailslotW
WriteConsoleW
CopyFileA
FoldStringA
CreateToolhelp32Snapshot
FileTimeToLocalFileTime
GetSystemDefaultUILanguage
GetBinaryTypeA
BindIoCompletionCallback
GetPriorityClass
SetConsoleDisplayMode
SetCurrentDirectoryA
FindResourceW
CreateMailslotA
GetDateFormatW
FindFirstFileExA
QueryInformationJobObject
GetDriveTypeA
GetBinaryTypeW
GetVolumeInformationW
GetStringTypeExW
CopyFileExW
GetCurrencyFormatA
CreateMutexA
GetPrivateProfileIntW
FindResourceExW
SetConsoleCtrlHandler
GetCurrentProcess
Module32NextW
GetModuleFileNameA
GetUserDefaultLangID
SetComputerNameExW
SetUnhandledExceptionFilter
GetVolumePathNameA
LoadResource
ResetWriteWatch
VirtualAlloc
CreateTimerQueue
GetNamedPipeHandleStateA
GetLongPathNameA
GetPrivateProfileIntA
GetModuleHandleA
SetEndOfFile
GetDiskFreeSpaceA
GetVolumeNameForVolumeMountPointA
ReplaceFileA
VerifyVersionInfoW
PeekNamedPipe
GetLogicalDriveStringsW
CreateWaitableTimerW
GetShortPathNameA
GetCurrentConsoleFont
GetCPInfo
SetProcessAffinityMask
DeleteTimerQueueTimer
ProcessIdToSessionId
FindFirstFileA
GetProcessTimes
GetShortPathNameW

rpcrt4

RpcServerUseProtseqIfW
IUnknown_AddRef_Proxy
RpcAsyncInitializeHandle
RpcMgmtSetServerStackSize
NdrGetUserMarshalInfo
RpcBindingInqAuthClientExA
RpcEpRegisterNoReplaceW
RpcServerInqDefaultPrincNameW
RpcServerUnregisterIfEx
RpcSsGetContextBinding
RpcSsDestroyClientContext
NdrClientCall2
RpcMgmtInqStats
NdrInterfacePointerBufferSize
RpcBindingSetAuthInfoExW
RpcAsyncAbortCall
RpcNetworkIsProtseqValidW
RpcBindingToStringBindingW
NdrSimpleStructBufferSize
RpcServerInqCallAttributesA
RpcErrorSaveErrorInfo
NdrClientInitializeNew
RpcServerListen
RpcImpersonateClient
RpcMgmtInqServerPrincNameW
NdrUserMarshalBufferSize
RpcBindingSetObject
RpcServerRegisterIfEx
NdrConvert2
RpcEpRegisterW
NdrAsyncServerCall
UuidCreate
MesDecodeBufferHandleCreate
NDRCContextBinding
RpcMgmtIsServerListening
MesEncodeFixedBufferHandleCreate
NdrCorrelationInitialize
RpcServerUseProtseqEpA
RpcServerRegisterIf2
IUnknown_QueryInterface_Proxy
NdrAsyncClientCall
UuidToStringW
RpcServerRegisterAuthInfoW
MesIncrementalHandleReset
MesEncodeIncrementalHandleCreate
RpcStringBindingComposeW
RpcErrorGetNumberOfRecords
RpcBindingCopy
NdrClearOutParameters
MesEncodeDynBufferHandleCreate
RpcErrorLoadErrorInfo
NdrStubCall2
RpcFreeAuthorizationContext
NdrSimpleStructMarshall
RpcRevertToSelf
RpcRevertToSelfEx
RpcServerUseProtseqEpExW
MesHandleFree
RpcMgmtStopServerListening
RpcMgmtSetComTimeout
RpcBindingSetAuthInfoExA
RpcErrorAddRecord

user32

GetAltTabInfoA
GetTopWindow
DeferWindowPos
ActivateKeyboardLayout
InflateRect
GetKeyState
CheckMenuItem
LoadStringA
CharUpperA
BeginDeferWindowPos
CloseWindowStation
DrawFocusRect
EndDialog
GetIconInfo
GetScrollInfo
RedrawWindow
GetCursor
EndDeferWindowPos
wvsprintfW
LoadBitmapA
PostQuitMessage
SystemParametersInfoA
ScrollWindow
IsWindowVisible
GetWindowPlacement
GetWindowTextLengthW
ClientToScreen
FillRect
LoadMenuW
OpenDesktopW
CreatePopupMenu
CreateDialogParamW
LoadIconA
ReleaseCapture
CallNextHookEx
SetFocus
DestroyMenu

comctl32

ImageList_DragShowNolock
CreatePropertySheetPageW
ImageList_Draw
ImageList_Destroy
CreateToolbarEx
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
FlatSB_GetScrollPos
ImageList_GetDragImage
ImageList_GetIcon
FlatSB_SetScrollProp
ImageList_SetIconSize
PropertySheetA
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIconSize
CreatePropertySheetPageA
ImageList_SetDragCursorImage
ImageList_Replace
PropertySheetW
ImageList_GetBkColor
ImageList_EndDrag
ImageList_DrawEx
InitCommonControlsEx
ImageList_Write
_TrackMouseEvent
FlatSB_GetScrollInfo
FlatSB_SetScrollPos
ImageList_LoadImageA
ImageList_Remove
ImageList_Copy
CreateStatusWindowW
ImageList_BeginDrag
ord17
ImageList_SetOverlayImage
FlatSB_SetScrollInfo
ImageList_Create
ImageList_Read
ImageList_DragMove
ImageList_DragLeave
ImageList_LoadImageW
ImageList_SetBkColor
InitializeFlatSB
ImageList_DrawIndirect
DestroyPropertySheetPage
ImageList_GetImageInfo

advapi32

GetSecurityDescriptorControl
RegQueryMultipleValuesA
RegDeleteValueA
OpenSCManagerW
OpenProcessToken
RegCloseKey
GetCurrentHwProfileW
SetNamedSecurityInfoW
AddAuditAccessAce
DeregisterEventSource
GetSidLengthRequired
RegOpenKeyA
CreateProcessAsUserW
GetSecurityDescriptorSacl
ReportEventW
RegFlushKey
IsValidSecurityDescriptor
RegOpenKeyW
CryptAcquireContextA
GetAclInformation
RegCreateKeyExA
RegQueryValueW
CloseServiceHandle
RegQueryInfoKeyA
CryptAcquireContextW
CryptDestroyHash
SetKernelObjectSecurity
AllocateAndInitializeSid
AddAce
ControlService
GetCurrentHwProfileA
RegCreateKeyExW
GetSidSubAuthority
AddAccessDeniedAce
SetTokenInformation
AreAllAccessesGranted
InitializeAcl
GetKernelObjectSecurity
RegSetValueExA
RegSetValueW
AreAnyAccessesGranted
GetSidIdentifierAuthority
RegNotifyChangeKeyValue
GetTokenInformation
RegQueryMultipleValuesW
RegSetValueExW
RegSetValueA
RegQueryValueExA
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegSetKeySecurity
AddAccessAllowedAce
LsaQueryInformationPolicy
CopySid
RegOpenKeyExA
CheckTokenMembership
CryptDestroyKey
SetSecurityDescriptorDacl
RegEnumKeyExA
LsaOpenPolicy
GetAce
RegOpenKeyExW
CryptGenRandom
CryptCreateHash
CryptReleaseContext
RegQueryValueExW
SetThreadToken
CreateWellKnownSid
ImpersonateLoggedOnUser
GetSecurityDescriptorGroup
ChangeServiceConfigW
RegEnumKeyA
OpenThreadToken
OpenSCManagerA
RegDeleteKeyW
RegCreateKeyW
GetLengthSid
GetSecurityDescriptorLength
LsaFreeMemory

ole32

HBITMAP_UserFree
StringFromCLSID
CoRevokeInitializeSpy
WriteFmtUserTypeStg
OleCreateLink
GetHGlobalFromStream
CoResumeClassObjects
CoImpersonateClient
HMENU_UserUnmarshal
MonikerCommonPrefixWith
OleCreateDefaultHandler
OleRegGetUserType
CoGetInterfaceAndReleaseStream
ProgIDFromCLSID
OleCreate
DoDragDrop
CLSIDFromString
HGLOBAL_UserSize
OleCreateLinkFromData
CoRevokeClassObject
HWND_UserMarshal
HICON_UserFree
OleCreateMenuDescriptor
HMENU_UserFree
OleQueryCreateFromData
CoMarshalHresult
StgCreateDocfileOnILockBytes
HDC_UserSize
HACCEL_UserMarshal
OleFlushClipboard
OleSetContainedObject
CoInstall
CoTaskMemRealloc
CreateDataAdviseHolder
CoIsOle1Class
OleCreateStaticFromData
CoGetContextToken
CoCreateInstance
ReadClassStm
CoLockObjectExternal
CoQueryProxyBlanket
CoWaitForMultipleHandles
OleLoad
CoMarshalInterface
OleRegGetMiscStatus
HPALETTE_UserSize
StgCreateStorageEx
IsAccelerator
DcomChannelSetHResult
OleSetClipboard
CoGetMarshalSizeMax
CoIsHandlerConnected
CoGetTreatAsClass
GetConvertStg
WriteClassStm
CoRegisterClassObject
CoTaskMemFree
CoGetCancelObject
OleGetIconOfClass

oleaut32

VariantChangeTypeEx
VariantChangeType
SafeArrayGetUBound
VariantClear
VariantCopyInd
SafeArrayCreate
SysAllocStringByteLen
VariantCopy
SysFreeString
SysAllocStringLen
SafeArrayPtrOfIndex
GetErrorInfo
VariantInit
SysStringLen
SysReAllocStringLen
SafeArrayGetLBound
GetActiveObject

Sections

.text
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xvf
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0av7
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.55a4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ay4
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.70k
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fr85
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3q8m
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eqd8i
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m6t
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ibum
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yycv6
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdn1b
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f1bf434954062c941c8633a3dc061dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

ole32

oleaut32

Sections

.text Size: 974KB - Virtual size: 973KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 38KB - Virtual size: 293KB

.xvf Size: 23KB - Virtual size: 23KB

.0av7 Size: 30KB - Virtual size: 30KB

.55a4 Size: 4KB - Virtual size: 3KB

.ay4 Size: 26KB - Virtual size: 25KB

.70k Size: 23KB - Virtual size: 22KB

.fr85 Size: 26KB - Virtual size: 25KB

.3q8m Size: 16KB - Virtual size: 15KB

.eqd8i Size: 19KB - Virtual size: 18KB

.m6t Size: 28KB - Virtual size: 28KB

.ibum Size: 14KB - Virtual size: 14KB

.yycv6 Size: 20KB - Virtual size: 20KB

.cdn1b Size: 7KB - Virtual size: 6KB

.rsrc Size: 47KB - Virtual size: 46KB

.text
Size: 974KB - Virtual size: 973KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 38KB - Virtual size: 293KB

.xvf
Size: 23KB - Virtual size: 23KB

.0av7
Size: 30KB - Virtual size: 30KB

.55a4
Size: 4KB - Virtual size: 3KB

.ay4
Size: 26KB - Virtual size: 25KB

.70k
Size: 23KB - Virtual size: 22KB

.fr85
Size: 26KB - Virtual size: 25KB

.3q8m
Size: 16KB - Virtual size: 15KB

.eqd8i
Size: 19KB - Virtual size: 18KB

.m6t
Size: 28KB - Virtual size: 28KB

.ibum
Size: 14KB - Virtual size: 14KB

.yycv6
Size: 20KB - Virtual size: 20KB

.cdn1b
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 47KB - Virtual size: 46KB