999c50c6fc18c5baf2989723eb5f057bdeac0c9c9bdd32eed550f4555e9b4866

Sharing

Copy URL

Twitter E-mail

General

Target

999c50c6fc18c5baf2989723eb5f057bdeac0c9c9bdd32eed550f4555e9b4866
Size

1.1MB
MD5

fdacaecef500948a1fff6fc0f0e63443
SHA1

8f44bd3adb2f39ba463af564851492bfcbf5e398
SHA256

999c50c6fc18c5baf2989723eb5f057bdeac0c9c9bdd32eed550f4555e9b4866
SHA512

2a204f3a9cc2532d52641dac605fef6455ad734b9632820ea49ff984ce96289662d3cc117f44d0b53bd4e86ea19e6e890688f45b243e8628b20c931e91592fea
SSDEEP

24576:xgd4GDqrT8CuTHAj2+FpTcyUL++y59WTkV9/W:xcT69FRTcRnyyTk+

Score

N/A

Malware Config

Signatures

Files

999c50c6fc18c5baf2989723eb5f057bdeac0c9c9bdd32eed550f4555e9b4866
.exe windows x86

0d95d5f47c7b0a5b94585561e32407a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
ResetEvent
SetProcessPriorityBoost
CreateSemaphoreW
GetCPInfo
GetConsoleAliasExesW
CreateWaitableTimerA
GetDateFormatW
GetTapeStatus
SetComputerNameExW
DefineDosDeviceA
GetFileTime
OpenJobObjectA
GetProcessAffinityMask
MulDiv
ExpandEnvironmentStringsW
GetConsoleAliasExesLengthW
SetConsoleMode
FindResourceExA
GetCalendarInfoW
FindFirstFileA
GetStringTypeA
FindResourceA
GetVolumeInformationW
GetConsoleAliasExesA
SetTapePosition
PostQueuedCompletionStatus
SetHandleInformation
GetStringTypeExW
SetEvent
SetHandleCount
GetNumberOfConsoleInputEvents
GetConsoleAliasExesLengthA
MoveFileExW
GetThreadContext
FlushViewOfFile
FormatMessageW
GetConsoleMode
SetEnvironmentVariableA
SetThreadPriorityBoost
GetFullPathNameA
CreateMailslotW
ConvertDefaultLocale
GetLocaleInfoA
WideCharToMultiByte
AddAtomA
GetPrivateProfileSectionNamesA
SetThreadAffinityMask
CreateToolhelp32Snapshot
ConvertThreadToFiber
PeekNamedPipe
SetEnvironmentVariableW
GetVolumePathNameA
SetFileAttributesW
SetConsoleCtrlHandler
SetCalendarInfoW
GetOEMCP
GetProfileStringW
GetConsoleOutputCP
GetTempPathW
DeleteAtom
GetConsoleAliasesA
CopyFileW
GetVersion
CreateFileMappingW
SetTapeParameters
GetSystemDirectoryA
GetFileSize
CreateFileW
OpenMutexW
FindFirstVolumeMountPointA
SuspendThread
FreeUserPhysicalPages
GetNumberFormatW
SetPriorityClass
SetCurrentDirectoryA
IsSystemResumeAutomatic
ReleaseSemaphore
GetTimeFormatA
ResetWriteWatch
ReplaceFileA
GetCompressedFileSizeW
GetDiskFreeSpaceExW
DuplicateHandle
Module32FirstW
CreateHardLinkW
FlushConsoleInputBuffer
FoldStringW
Module32First
GetProcAddress
GetCurrentThread
EnumCalendarInfoW
DeleteTimerQueue
VirtualAlloc
PrepareTape
MapUserPhysicalPagesScatter
FindFirstVolumeA
GetBinaryTypeW
SetConsoleTextAttribute
OpenSemaphoreW
Module32NextW
GetPrivateProfileStringA
CompareStringW
CreateTapePartition
GetConsoleScreenBufferInfo
SetMailslotInfo
GetPrivateProfileSectionW
GlobalUnlock
LCMapStringA
CreateEventA
CreateNamedPipeW
GetTempPathA
SetCalendarInfoA
GetTimeFormatW
FindAtomW
ExpandEnvironmentStringsA
BindIoCompletionCallback
OpenThread
GetAtomNameA
GetCPInfoExW
GetNamedPipeHandleStateW
OpenProcess
SetThreadLocale
CompareStringA
CreateMutexW
DefineDosDeviceW
GetEnvironmentStrings
SetLocaleInfoA
GetProfileSectionW
IsDBCSLeadByteEx
DosDateTimeToFileTime
DeleteTimerQueueTimer
GetFileType
GetEnvironmentVariableA
CreateNamedPipeA
GetConsoleAliasW
GetThreadTimes
GetDiskFreeSpaceExA
SetStdHandle
GetDriveTypeA
AddAtomW
OpenEventA
CreateHardLinkA
SetConsoleActiveScreenBuffer
VerifyVersionInfoW
GetPrivateProfileStructW
GetFileAttributesA
GetLongPathNameA
CreateDirectoryW
ReleaseMutex
IsBadWritePtr
GetStringTypeW
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
FindFirstFileExA
GetPrivateProfileIntW
TlsFree
GetTempFileNameW
GetModuleFileNameA
ReadDirectoryChangesW
SetErrorMode
GetModuleHandleW
GetShortPathNameW
GetAtomNameW
SetFileTime
SetCurrentDirectoryW
SetThreadExecutionState
SetEndOfFile
GetDiskFreeSpaceW
OpenFileMappingW
GetNamedPipeInfo
GetProcessTimes
GetUserDefaultLCID
GetLogicalDriveStringsW
CreateDirectoryA
GetDevicePowerState
FindResourceExW

rpcrt4

NdrPointerMarshall
RpcMgmtEpEltInqDone
UuidCompare
NdrMesTypeFree2
RpcServerUseProtseqEpW
RpcBindingSetOption
RpcStringFreeA
RpcStringBindingComposeA
RpcMgmtStopServerListening
RpcStringFreeW
RpcServerInqDefaultPrincNameW
NdrSimpleStructMarshall
NdrMesTypeAlignSize2
RpcEpRegisterW
RpcGetAuthorizationContextForClient
RpcServerUseProtseqEpExA
RpcEpUnregister
RpcBindingInqAuthInfoExW
RpcStringBindingParseA
MesBufferHandleReset
RpcServerYield
UuidFromStringA
RpcServerUseProtseqW
RpcBindingVectorFree
RpcCertGeneratePrincipalNameW
NdrConformantArrayMarshall
NdrUserMarshalMarshall
IUnknown_QueryInterface_Proxy
RpcMgmtIsServerListening
NdrCorrelationInitialize
RpcMgmtEnableIdleCleanup
NdrConformantStringBufferSize
RpcStringBindingComposeW

user32

GetDlgItem
FrameRect
GetDC
SetTimer
AdjustWindowRectEx
IsDialogMessageW
GetAltTabInfoA
LoadCursorA
GetThreadDesktop
SendDlgItemMessageA
CharUpperW
WindowFromPoint
CreateDialogParamW
MonitorFromPoint
GetWindowLongW
BeginPaint
MessageBoxW
CreateAcceleratorTableW
MapDialogRect
LoadMenuA
CopyRect
EqualRect
PtInRect
CharPrevW
OpenClipboard
IsRectEmpty

comctl32

ImageList_Draw
_TrackMouseEvent
ImageList_SetImageCount
FlatSB_SetScrollPos
ImageList_Read
ImageList_DragMove
ImageList_Copy
CreatePropertySheetPageA

advapi32

SetServiceStatus
GetSidLengthRequired
InitializeAcl
RegQueryMultipleValuesA
AreAllAccessesGranted
RegEnumKeyExW
GetSidSubAuthorityCount
AddAccessDeniedAce
GetTokenInformation
AddAccessAllowedAce
RegCreateKeyExW
AddAuditAccessAce
SetKernelObjectSecurity
EqualSid
OpenSCManagerW
QueryServiceConfigW
CopySid
CryptGenRandom
CryptReleaseContext
GetSecurityDescriptorOwner
LsaOpenPolicy
ImpersonateLoggedOnUser
RegEnumValueA
RegQueryValueExW
GetAclInformation
AdjustTokenPrivileges
RegEnumKeyW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
SetFileSecurityW
RegOpenKeyW
ReportEventW
CloseServiceHandle
LsaQueryInformationPolicy
SetTokenInformation
RegDeleteValueW
OpenSCManagerA
GetKernelObjectSecurity
RegCreateKeyExA
GetCurrentHwProfileW
RegDeleteKeyA
RegQueryValueExA
RegSetValueW
GetSidIdentifierAuthority
RegisterEventSourceW
CreateWellKnownSid
RegSetValueExA
RegSetValueExW
FreeSid
RegNotifyChangeKeyValue
RegQueryInfoKeyW
ControlService
AreAnyAccessesGranted
RegQueryInfoKeyA
GetSidSubAuthority
SetSecurityDescriptorOwner
RegQueryMultipleValuesW
GetCurrentHwProfileA
DuplicateTokenEx
RegSetValueA
OpenThreadToken
RegSetKeySecurity
InitializeSecurityDescriptor

shell32

ShellExecuteW
SHGetFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
SHBindToParent
SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

HPALETTE_UserSize
OleGetIconOfClass
HBITMAP_UserUnmarshal
StgCreateDocfileOnILockBytes
GetHGlobalFromILockBytes
CoDisconnectObject
CoGetMalloc
HWND_UserUnmarshal
IIDFromString
CoRegisterClassObject
OleDoAutoConvert
CoDosDateTimeToFileTime
RevokeDragDrop
OleNoteObjectVisible
CoImpersonateClient
CoCopyProxy
DoDragDrop
StgConvertPropertyToVariant
HACCEL_UserSize
StgOpenStorageOnILockBytes
OleDuplicateData
CoMarshalInterThreadInterfaceInStream
OleDraw
OleLockRunning
HDC_UserSize
ProgIDFromCLSID

oleaut32

SafeArrayGetLBound
SysFreeString
SafeArrayGetUBound
SysAllocStringByteLen
VariantCopyInd
GetErrorInfo
VariantClear
VariantInit
VariantChangeType
SysStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayCreate
VariantChangeTypeEx
SysAllocStringLen
SysReAllocStringLen
GetActiveObject

msvcrt

memcmp

Sections

.text
Size: 840KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.scx
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z76sr
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wxe8
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.76m
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d95d5f47c7b0a5b94585561e32407a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 840KB - Virtual size: 840KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 68KB - Virtual size: 326KB

.scx Size: 23KB - Virtual size: 22KB

.z76sr Size: 17KB - Virtual size: 17KB

.wxe8 Size: 23KB - Virtual size: 23KB

.76m Size: 9KB - Virtual size: 8KB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 840KB - Virtual size: 840KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 68KB - Virtual size: 326KB

.scx
Size: 23KB - Virtual size: 22KB

.z76sr
Size: 17KB - Virtual size: 17KB

.wxe8
Size: 23KB - Virtual size: 23KB

.76m
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 87KB - Virtual size: 86KB