cf58859fc234522e0f37ea9b9812d1c1e751079324097027e67c9aa036771f37

Sharing

Copy URL Twitter E-mail

General

Target

cf58859fc234522e0f37ea9b9812d1c1e751079324097027e67c9aa036771f37
Size

615KB
MD5

bf42821955ca7e854404591d34de88e7
SHA1

1b92cdc7899ff8ac1f327a23536a2dd2c0b263a0
SHA256

cf58859fc234522e0f37ea9b9812d1c1e751079324097027e67c9aa036771f37
SHA512

13691b842f11155ca622448ecee15409abd1fcb84ab2815d74f6cc99a59bc05cafcd1cb8fb36397ab05d9c56597b534017629d845c7c1b4716fbb767d56f4ed6
SSDEEP

12288:XgEovyJR0lsbVtzD0Hg1PIn7z7KNcx5rPPucjdwRZXNnZybEk00:wELJGubzD0HjKWx5z2cjSnZ/0

Score

N/A

Malware Config

Signatures

Files

cf58859fc234522e0f37ea9b9812d1c1e751079324097027e67c9aa036771f37
.exe windows x86

1376c46a814d3479f666cc2bad3c4746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetCaretPos
PostMessageA
LoadImageA
SetCursorPos
GetMessageA
GetWindowTextA
DialogBoxParamA
wsprintfA
IsCharLowerA
IsZoomed
DrawIcon
LoadCursorA
GetWindowLongA
DispatchMessageA
CreateWindowExA

kernel32

CopyFileA
PurgeComm
CompareStringA
GetProcessTimes
GetModuleHandleA
CreateMutexA
GetDiskFreeSpaceA
InterlockedDecrement
GetTickCount
GetBinaryTypeA
GetNumberFormatA
InterlockedExchange
CloseHandle
GetProcAddress
GetComputerNameA
GetFullPathNameA
ReadFile
GetTimeFormatA
SetEndOfFile
GetCurrentDirectoryA
GetProcessHeap
CreateSemaphoreA
GetConsoleTitleA

onex

OneXDeInitialize
OneXInitialize
OneXAddTLV
OneXFreeMemory

wtsapi32

WTSEnumerateServersA
WTSQueryUserToken
WTSSendMessageA
WTSCloseServer
WTSWaitSystemEvent
WTSVirtualChannelWrite
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSSetUserConfigA
WTSSetSessionInformationA
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSVirtualChannelOpen
WTSEnumerateProcessesA
WTSUnRegisterSessionNotification

shimeng

SE_IsShimDll
SE_InstallBeforeInit
SE_InstallAfterInit
SE_DllLoaded
SE_ProcessDying

msimg32

AlphaBlend
DllInitialize
TransparentBlt
GradientFill
vSetDdrawflag

shlwapi

UrlIsNoHistoryA
UrlIsOpaqueA
UrlCreateFromPathA
UrlCompareA
PathCommonPrefixA
UrlUnescapeA
UrlHashA
UrlCanonicalizeA
PathCombineA
PathCompactPathA
UrlGetPartA
UrlGetLocationA
UrlEscapeA
UrlIsA

cabinet

FCIAddFile
FCIDestroy
FCIFlushCabinet
FCICreate

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1376c46a814d3479f666cc2bad3c4746

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

onex

wtsapi32

shimeng

msimg32

shlwapi

cabinet

Sections

.text Size: 598KB - Virtual size: 598KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB