575f3bdabefb81e398da24f019133dfb12466824b47850ee30bbd691bbbe5de6

Sharing

Copy URL Twitter E-mail

General

Target

575f3bdabefb81e398da24f019133dfb12466824b47850ee30bbd691bbbe5de6
Size

1.1MB
MD5

7d5eaa663474821837128d3433dc0cfe
SHA1

bfb7aa019daaaa26fdb617cb72bf3acbe650af01
SHA256

575f3bdabefb81e398da24f019133dfb12466824b47850ee30bbd691bbbe5de6
SHA512

eaa0bd933a21ff6af4fca6a78617f7df02f0c75731a40378381c91e2889aa02afe56b174e08cdce15de95c5c5890fde4354e1edf42beaa75e1ffc46422a4f9cb
SSDEEP

12288:Pf3FWBabzgJWkBLQ5ARRhh1BLtGYxt9fzqB4b8zAGafBZeW2Fliz+mvyyJGVmJpW:XF0a/gt0637PLtdnFBg2fHvWQtzJG7BF

Score

N/A

Malware Config

Signatures

Files

575f3bdabefb81e398da24f019133dfb12466824b47850ee30bbd691bbbe5de6
.exe windows x86

4277d5258fc981421b79c2ffdd8921b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
GetSystemWindowsDirectoryA
GetVolumePathNameW
GetAtomNameA
LCMapStringW
AddAtomW
CopyFileExW
ResetWriteWatch
MapViewOfFileEx
ExpandEnvironmentStringsW
ResetEvent
GetCurrentDirectoryA
lstrcpynA
DeleteVolumeMountPointA
ProcessIdToSessionId
GetPriorityClass
RegisterWaitForSingleObject
GetCurrentThread
FindResourceA
GetLongPathNameA
GetNamedPipeInfo
GetTimeFormatA
GetOverlappedResult
MoveFileA
CreateDirectoryA
CopyFileW
GetDateFormatW
SetTapeParameters
GetSystemDefaultUILanguage
GetProfileSectionW
GetConsoleCursorInfo
GetSystemDefaultLangID
GetDevicePowerState
DuplicateHandle
ReplaceFileA
QueryInformationJobObject
GetFullPathNameW
CreateEventA
OpenFileMappingW
FormatMessageA
GetEnvironmentVariableW
GetCPInfoExW
GetLongPathNameW
GetShortPathNameW
GetMailslotInfo
GetCurrentProcess
DnsHostnameToComputerNameW
GetCurrencyFormatA
VerifyVersionInfoW
GlobalMemoryStatus
SwitchToThread
GetCurrentDirectoryW
CreateMutexW
lstrcmpiA
DisconnectNamedPipe
GetPrivateProfileStructA
GetUserDefaultLCID
FreeEnvironmentStringsA
FindResourceExW
SetThreadPriorityBoost
GetCalendarInfoA
GetACP
GetPrivateProfileStringA
OpenEventW
SetThreadAffinityMask
GetConsoleOutputCP
GetLocaleInfoW
GetFileAttributesExW
GetThreadLocale
GetNamedPipeHandleStateW
SetLocaleInfoW
CreateWaitableTimerW
SetCalendarInfoA
GetSystemDirectoryA
GetUserDefaultUILanguage
CopyFileA
AssignProcessToJobObject
EnumCalendarInfoExA
CreateDirectoryExW
OpenFileMappingA
GetConsoleMode
SetEvent
OpenMutexW
FormatMessageW
FindAtomA
GetThreadPriority
SetThreadExecutionState
ConvertThreadToFiber
GetProfileStringA
SetInformationJobObject
FindResourceW
GetPrivateProfileSectionNamesA
GetDiskFreeSpaceW
OpenEventA
GetEnvironmentStrings
IsBadWritePtr
SetThreadIdealProcessor
DeleteTimerQueueTimer
GetTempPathA
PeekNamedPipe
GetCurrentConsoleFont
GetProcessAffinityMask
CreateJobObjectA
FindFirstFileA
CancelWaitableTimer
GetFileInformationByHandle
GetNumberFormatA
GetConsoleAliasExesA
GetFullPathNameA
SetEnvironmentVariableA
GetProfileIntA
DefineDosDeviceA
CompareStringW
MoveFileWithProgressA
GetConsoleAliasesA
SetVolumeMountPointA
FindFirstVolumeMountPointA
VirtualAlloc
SetErrorMode
ReadDirectoryChangesW
ExpandEnvironmentStringsA
DeleteTimerQueue
GetProcessIoCounters
FreeUserPhysicalPages
Toolhelp32ReadProcessMemory
SleepEx
GetNamedPipeHandleStateA
OpenSemaphoreA
GetPrivateProfileIntW
GetConsoleAliasesW
SetTapePosition
GetComputerNameExW
VerSetConditionMask
SetComputerNameExA
CreateNamedPipeW
GetDiskFreeSpaceA
GlobalDeleteAtom
GetTimeFormatW
GetDiskFreeSpaceExA
IsSystemResumeAutomatic
SetConsoleActiveScreenBuffer
RemoveDirectoryA
OpenThread
GetVolumeInformationA
SetNamedPipeHandleState
GetUserDefaultLangID
GetConsoleCP
PostQueuedCompletionStatus
DnsHostnameToComputerNameA
FlushViewOfFile
GetProcessVersion
WideCharToMultiByte
WaitForMultipleObjectsEx
GetSystemTime
SetSystemPowerState
DeviceIoControl
GetNumberOfConsoleInputEvents
VirtualProtect
GetSystemDefaultLCID
LoadResource
EnumCalendarInfoW
OpenProcess
HeapCreate
GetCPInfoExA
SetThreadLocale
SetConsoleCtrlHandler
GetWindowsDirectoryW
FoldStringA
SetThreadContext
GetPrivateProfileStructW
SetConsoleOutputCP
LocalReAlloc
GetVersion
GetProcessPriorityBoost
GetBinaryTypeW
OpenSemaphoreW
GetSystemDirectoryW
GetShortPathNameA
MultiByteToWideChar
SetComputerNameExW
DefineDosDeviceW
DosDateTimeToFileTime
SetLocaleInfoA
CreateMailslotA
SetMailslotInfo
GetFileAttributesW
ContinueDebugEvent
lstrcatW
ResumeThread
LCMapStringA
GetStringTypeExW
GetExitCodeThread
CreateJobObjectW
SetCalendarInfoW
GetHandleInformation
GetNumberFormatW
CreateHardLinkA
SetStdHandle
FindNextChangeNotification
CreateDirectoryW
GetCurrencyFormatW
UnregisterWait
SetProcessPriorityBoost
TryEnterCriticalSection
GetFileSize
SetConsoleDisplayMode
GetComputerNameW
GetPrivateProfileSectionNamesW
GetConsoleWindow
CreateMutexA
SetWaitableTimer
FlushFileBuffers
GetStringTypeW
MoveFileWithProgressW
Module32FirstW
IsBadReadPtr
MulDiv
GetPrivateProfileStringW
CreateFileMappingA
ChangeTimerQueueTimer
ReadProcessMemory
Module32NextW
FlushInstructionCache
GetDiskFreeSpaceExW
CreateSemaphoreW
HeapSize
FoldStringW
EraseTape
GetModuleFileNameW
GetVolumeNameForVolumeMountPointA
MapViewOfFile
GetLogicalDriveStringsA
GetConsoleScreenBufferInfo
IsDBCSLeadByteEx
FlushConsoleInputBuffer
GetProfileStringW
DeleteTimerQueueEx
GetModuleHandleA
GetPrivateProfileSectionW
CreateProcessA
GetVolumePathNameA

rpcrt4

RpcSsFree
RpcServerUnregisterIf
RpcServerInqCallAttributesW
RpcMgmtStopServerListening
RpcIfInqId
I_RpcBindingInqTransportType
RpcStringFreeA
RpcSsGetContextBinding
RpcServerUseProtseqEpExW
RpcMgmtEpEltInqNextW
RpcNetworkIsProtseqValidA
NdrUserMarshalUnmarshall
RpcServerUseProtseqA
RpcImpersonateClient
UuidEqual
RpcStringBindingComposeA
RpcMgmtSetCancelTimeout
RpcRaiseException
RpcSsContextLockExclusive
RpcMgmtEpEltInqBegin
RpcErrorResetEnumeration
NdrUserMarshalFree
RpcEpUnregister
NdrCorrelationInitialize
RpcAsyncAbortCall
RpcCancelThreadEx
RpcStringBindingParseW
NdrConformantStringUnmarshall
NdrConformantStringBufferSize
RpcBindingSetAuthInfoW
RpcServerListen
RpcMgmtInqServerPrincNameW
NdrSimpleStructUnmarshall
UuidFromStringW
RpcErrorAddRecord
RpcRevertToSelf
RpcMgmtSetServerStackSize
RpcMgmtInqComTimeout
MesEncodeFixedBufferHandleCreate
RpcBindingInqObject
NdrStubCall
RpcServerInqCallAttributesA
IUnknown_AddRef_Proxy
NdrMesTypeDecode2
RpcBindingReset
NdrStubCall2
NdrDcomAsyncClientCall
NdrInterfacePointerFree
NdrSimpleStructBufferSize
MesDecodeBufferHandleCreate
RpcCertGeneratePrincipalNameW
NdrAsyncClientCall

user32

GetMessageTime
RegisterClipboardFormatA
GetAltTabInfoA
SetPropW
GetDlgItem
wvsprintfA
DialogBoxParamW
RegisterClipboardFormatW
LockWindowUpdate
InvalidateRgn

comctl32

ImageList_GetImageCount
CreateToolbarEx
ImageList_EndDrag
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_LoadImageA
ImageList_DragMove
InitializeFlatSB
InitCommonControlsEx
ImageList_SetImageCount
FlatSB_GetScrollPos
ImageList_Write
ImageList_DrawEx
ord17
ImageList_SetIconSize
FlatSB_SetScrollPos
ImageList_GetIconSize
CreatePropertySheetPageA
ImageList_Draw
FlatSB_SetScrollInfo
ImageList_Add
ImageList_AddMasked
ImageList_Copy
ImageList_Read
ImageList_Remove
CreateStatusWindowW
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_LoadImageW
CreatePropertySheetPageW
ImageList_Create
PropertySheetW
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_SetDragCursorImage
PropertySheetA
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_Replace
ImageList_GetDragImage
FlatSB_SetScrollProp
DestroyPropertySheetPage
ImageList_DragShowNolock
ImageList_GetIcon
ImageList_DragLeave
ImageList_SetOverlayImage

advapi32

RegOpenKeyW
RegSetValueExA
AddAccessDeniedAce
AddAccessAllowedAce
AddAuditAccessAce
SetTokenInformation
RegQueryMultipleValuesW
GetCurrentHwProfileW
RegCreateKeyW
GetSecurityDescriptorLength
RegQueryValueW
AddAce
AdjustTokenPrivileges
CloseServiceHandle
CryptReleaseContext
LsaClose
ControlService
CopySid
GetSecurityDescriptorControl
OpenServiceW
OpenServiceA
CryptAcquireContextA
OpenProcessToken
ImpersonateLoggedOnUser
RegConnectRegistryW
RegFlushKey
RegOpenKeyA
CryptGenRandom
RegEnumKeyExA
CreateProcessAsUserW
OpenThreadToken
OpenSCManagerW
StartServiceA
SetKernelObjectSecurity
IsValidSid
RegEnumValueA
RegCreateKeyExW
InitializeSecurityDescriptor
MakeSelfRelativeSD
RegEnumKeyA
RegSetValueA
SetServiceStatus
GetSidIdentifierAuthority
GetLengthSid
GetUserNameW
RegQueryMultipleValuesA
DuplicateTokenEx
GetKernelObjectSecurity
InitializeAcl
RegSetKeySecurity
GetCurrentHwProfileA
RegCreateKeyExA
GetTokenInformation
RegNotifyChangeKeyValue
RegQueryInfoKeyA
CheckTokenMembership
RegOpenKeyExW
AreAnyAccessesGranted
ChangeServiceConfigW
SetNamedSecurityInfoW
RegQueryValueExA
CryptDestroyKey
RegOpenKeyExA
GetSidLengthRequired
QueryServiceStatus
SetSecurityDescriptorOwner
RegSetValueExW
GetSecurityDescriptorOwner
AreAllAccessesGranted
GetSidSubAuthorityCount
RegSetValueW
GetSidSubAuthority

shell32

SHFileOperationW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHBindToParent
SHChangeNotify
SHGetSpecialFolderPathW
SHBrowseForFolderW

ole32

CLSIDFromProgID
HMENU_UserSize
HICON_UserSize
CoRegisterPSClsid
CoGetMalloc
OleRegGetMiscStatus
CoLoadLibrary
OleLockRunning
OleRegEnumVerbs
CreateClassMoniker
OleSave
CoGetCurrentLogicalThreadId
CoCopyProxy
StgOpenPropStg
HDC_UserMarshal
HPALETTE_UserMarshal
CoGetStandardMarshal
CreateStreamOnHGlobal
RevokeDragDrop
CreateAntiMoniker
OleDuplicateData
PropVariantClear
OleQueryCreateFromData
HICON_UserUnmarshal
CoFreeUnusedLibraries
CoRegisterSurrogate
CoAllowSetForegroundWindow
CreateBindCtx
OleIsCurrentClipboard
StgIsStorageFile
CoCancelCall
CLIPFORMAT_UserSize
OleDoAutoConvert
CoGetTreatAsClass
HWND_UserSize
CoFileTimeNow
CoCreateFreeThreadedMarshaler
OleGetClipboard
HWND_UserUnmarshal
CoGetCallerTID
OleRegGetUserType
CoGetObjectContext
CoUnmarshalHresult
OleCreateLinkToFile
HBITMAP_UserMarshal
RegisterDragDrop
OleQueryLinkFromData
GetConvertStg
CoTaskMemRealloc
OleTranslateAccelerator
CoGetInterfaceAndReleaseStream
HBITMAP_UserUnmarshal
CoDosDateTimeToFileTime
HACCEL_UserSize
OleLoadFromStream
CoGetObject
OleCreateStaticFromData
HWND_UserFree
CreateFileMoniker
OleCreateFromFile

oleaut32

VariantClear
SysFreeString
GetErrorInfo
CreateErrorInfo
SafeArrayCreate
VariantInit
VariantCopyInd
SysReAllocStringLen
VariantChangeType
SafeArrayGetLBound
SysAllocStringByteLen
SafeArrayGetUBound
SysStringLen
VariantCopy
GetActiveObject
SysAllocStringLen
VariantChangeTypeEx
SafeArrayPtrOfIndex

msvcrt

memcmp

Sections

.text
Size: 973KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2g7
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.f3f
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eudx
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7dqo4
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rf2lh
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.b6ma0
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.k7dfl
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.syr
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.68wk
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4277d5258fc981421b79c2ffdd8921b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 973KB - Virtual size: 973KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 262KB

.2g7 Size: 16KB - Virtual size: 15KB

.f3f Size: 14KB - Virtual size: 14KB

.eudx Size: 3KB - Virtual size: 3KB

.7dqo4 Size: 14KB - Virtual size: 13KB

.rf2lh Size: 21KB - Virtual size: 20KB

.b6ma0 Size: 3KB - Virtual size: 3KB

.k7dfl Size: 10KB - Virtual size: 9KB

.syr Size: 14KB - Virtual size: 14KB

.68wk Size: 8KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 973KB - Virtual size: 973KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 262KB

.2g7
Size: 16KB - Virtual size: 15KB

.f3f
Size: 14KB - Virtual size: 14KB

.eudx
Size: 3KB - Virtual size: 3KB

.7dqo4
Size: 14KB - Virtual size: 13KB

.rf2lh
Size: 21KB - Virtual size: 20KB

.b6ma0
Size: 3KB - Virtual size: 3KB

.k7dfl
Size: 10KB - Virtual size: 9KB

.syr
Size: 14KB - Virtual size: 14KB

.68wk
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 36KB