b0f393a996b1bdd3a9046e8e71e50810bf92caa20bc832c8df3dc195e9d21143

Sharing

Copy URL Twitter E-mail

General

Target

b0f393a996b1bdd3a9046e8e71e50810bf92caa20bc832c8df3dc195e9d21143
Size

127KB
MD5

76b18405b5322fd71eadd1e6ce239693
SHA1

7f8ac640c89b6dd3b8b9c62d4602fefe9b82969d
SHA256

b0f393a996b1bdd3a9046e8e71e50810bf92caa20bc832c8df3dc195e9d21143
SHA512

83d7d33de5d116c5edab67cc11d4cfdb8413c1da3721866922f55f4b782f6ae270e97ebc10d3b76968411eadb03708af66fdd443146fc81945ab92b3f0ab1095
SSDEEP

3072:barjIjkVFD0oK/1zMobZZL5tVzc0sGovc:bSpD0F3LzRc0lYc

Score

N/A

Malware Config

Signatures

Files

b0f393a996b1bdd3a9046e8e71e50810bf92caa20bc832c8df3dc195e9d21143
.exe windows x86

5884993fcb52f6d4d35646e1a295e29e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleA

oleacc

ObjectFromLresult

shlwapi

PathRemoveFileSpecA
PathGetDriveNumberW
PathFindFileNameA
SHSetValueW
PathGetArgsW
PathUnmakeSystemFolderW
PathUnquoteSpacesW
SHDeleteEmptyKeyW

msimg32

GradientFill

imagehlp

StackWalk
CheckSumMappedFile
SymGetLineFromName
RemoveRelocations
SymUnloadModule
SymMatchFileName

msvcrt

__p__fmode
__set_app_type
_XcptFilter
__setusermatherr
__p__commode
exit
_acmdln
__getmainargs
_initterm
_adjust_fdiv
_except_handler3
_controlfp
_exit

mpr

WNetConnectionDialog1A
WNetGetNetworkInformationA
WNetConnectionDialog
WNetCancelConnectionW

winspool.drv

GetPrinterDriverW
DeletePrinterKeyA
AdvancedDocumentPropertiesA
GetFormW
DeleteFormW
GetPrinterDataW
DeleteMonitorA
OpenPrinterW

oleaut32

VarBoolFromUI4
SafeArrayGetElemsize
VarUI4FromUI1
VarBstrFromDate

gdi32

GetObjectType
PlayMetaFileRecord
GdiComment
CloseFigure
SetBitmapBits
StretchDIBits
GetCharWidth32W
CreateBitmap
GetSystemPaletteEntries
GetCurrentPositionEx
SetPixelV

rpcrt4

I_UuidCreate
NdrConformantStructBufferSize
MesHandleFree
RpcMgmtEpUnregister
RpcNetworkIsProtseqValidW
RpcBindingInqAuthInfoExW
NdrXmitOrRepAsFree
NdrNonConformantStringBufferSize
NdrComplexStructUnmarshall
DceErrorInqTextW
RpcMgmtInqServerPrincNameW
UuidCompare
NdrComplexStructMarshall
NdrServerInitializeMarshall
RpcBindingSetAuthInfoW
NdrFullPointerXlatFree
I_RpcBindingInqDynamicEndpointA
RpcMgmtEpEltInqNextW
NdrVaryingArrayMemorySize
NdrFixedArrayBufferSize
NdrVaryingArrayMarshall
RpcObjectSetInqFn
RpcServerUseProtseqW
NdrInterfacePointerBufferSize
NdrUserMarshalSimpleTypeConvert
NdrClearOutParameters
RpcMgmtEnableIdleCleanup
RpcEpRegisterNoReplaceW
MesEncodeFixedBufferHandleCreate
RpcSmSwapClientAllocFree
NdrConvert2
NdrNonConformantStringUnmarshall
NdrClientContextMarshall
I_RpcBindingCopy
RpcServerRegisterAuthInfoA
I_RpcAsyncAbortCall
RpcAsyncInitializeHandle
data_size_ndr
NdrComplexStructBufferSize
NdrServerInitializeUnmarshall
RpcServerUseProtseqEpExW
NdrXmitOrRepAsBufferSize
MesIncrementalHandleReset
RpcServerUseAllProtseqsIfEx
double_from_ndr
NdrXmitOrRepAsMemorySize
NdrServerInitializePartial
NdrConformantStringBufferSize
NdrServerContextUnmarshall
RpcBindingInqObject
RpcSmAllocate
RpcServerUseAllProtseqsIf
RpcMgmtEpEltInqNextA
RpcAsyncGetCallStatus
NdrConformantStructMemorySize
RpcAsyncAbortCall
UuidCreateNil
NdrConformantVaryingStructBufferSize
RpcMgmtStatsVectorFree
RpcBindingToStringBindingA
NDRCContextMarshall
I_RpcIfInqTransferSyntaxes

advapi32

GetUserNameA

kernel32

GetStartupInfoA
GetSystemInfo
EnumSystemLocalesA
GetSystemTimeAsFileTime
CopyFileW
FreeConsole
GlobalHandle
GetQueuedCompletionStatus
FlushViewOfFile
GetModuleHandleA
FileTimeToLocalFileTime
GetThreadLocale
GetWindowsDirectoryA
GetFileTime

wininet

GetUrlCacheEntryInfoExA
InternetReadFile
InternetQueryDataAvailable
GopherCreateLocatorA
InternetGetCookieA
HttpQueryInfoA
FtpRemoveDirectoryA
FtpGetFileW
FindFirstUrlCacheEntryExA
FindNextUrlCacheEntryExW
GopherOpenFileA
InternetOpenW
InternetGetConnectedState

urlmon

FindMimeFromData
CoInternetQueryInfo
WriteHitLogging

msi

ord10

winmm

midiOutClose
joyReleaseCapture
mmioStringToFOURCCA
midiStreamStop
mmioOpenW
midiOutGetNumDevs
midiStreamRestart
mmioAscend
mmioAdvance
mixerGetControlDetailsA
mmioRead
auxGetNumDevs
waveInStop
waveInGetErrorTextW
midiInPrepareHeader
midiInGetErrorTextW
timeKillEvent
mmioClose
mciSetYieldProc
waveOutSetVolume
midiStreamClose
midiInMessage
waveInAddBuffer
midiInStop
waveInPrepareHeader
midiOutOpen
waveOutReset

resutils

ResUtilGetBinaryProperty
ResUtilDupString
ResUtilGetBinaryValue
ResUtilVerifyPrivatePropertyList

comctl32

CreatePropertySheetPageA
ImageList_SetIconSize
ImageList_Add
ImageList_SetOverlayImage

clusapi

CloseClusterNotifyPort
RegisterClusterNotify
GetClusterInformation
SetClusterNetworkName
ClusterRegSetKeySecurity
FailClusterResource
ClusterNodeEnum
ResumeClusterNode
GetClusterResourceState
CreateClusterResource
GetClusterResourceNetworkName
ClusterEnum
ClusterNetworkOpenEnum
ClusterOpenEnum
GetClusterNetInterface
ClusterResourceEnum
ClusterRegGetKeySecurity
GetClusterNetworkState
ClusterGroupOpenEnum
GetClusterNetworkId
OnlineClusterResource

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5884993fcb52f6d4d35646e1a295e29e

Headers

File Characteristics

Imports

comdlg32

oleacc

shlwapi

msimg32

imagehlp

msvcrt

mpr

winspool.drv

oleaut32

gdi32

rpcrt4

advapi32

kernel32

wininet

urlmon

msi

winmm

resutils

comctl32

clusapi

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 560B

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 560B