567870617ed1a2a6b9175d809962b5e4f4f9501b3870f843e7c3910b775c0690

Sharing

Copy URL Twitter E-mail

General

Target

567870617ed1a2a6b9175d809962b5e4f4f9501b3870f843e7c3910b775c0690
Size

1.2MB
MD5

2ce75d5ce48c837093489cbce188ac05
SHA1

143f61aa1b060e762bcc4c6b9451fbcc42b39f8d
SHA256

567870617ed1a2a6b9175d809962b5e4f4f9501b3870f843e7c3910b775c0690
SHA512

13f057bcaca4dc794b183779fce56cc30e885aac24320278e0d8ddfddbb79b4372c865ad4b4392db77806fe9bdf02261557065f02f551173e4937fc8256e9480
SSDEEP

24576:G+uJ1Pa3kpZXzheeF3ecYgfFYh0vemyNnaK7GWQ76xsLToaK7nbq:u1a3kc+3ZfSh0en7ZQOmLTg7nb

Score

N/A

Malware Config

Signatures

Files

567870617ed1a2a6b9175d809962b5e4f4f9501b3870f843e7c3910b775c0690
.exe windows x86

db43d504861d5ac05d09cf5b6838c5ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

HMENU_UserFree
CoTaskMemFree
CLIPFORMAT_UserSize
OleSetClipboard
CoFreeLibrary
StgIsStorageFile
CoDosDateTimeToFileTime
StgCreatePropStg
StringFromCLSID
PropStgNameToFmtId
HBITMAP_UserSize
ReleaseStgMedium
GetHGlobalFromStream
HMENU_UserUnmarshal
CLSIDFromProgID

gdi32

SaveDC
SetEnhMetaFileBits
StretchBlt
SelectClipRgn
GetTextExtentPoint32A
GetStockObject
GetDeviceCaps
SetBkColor
SelectObject
LineTo

comctl32

ImageList_DragLeave
ImageList_DragMove
ImageList_BeginDrag
ImageList_Create
ImageList_ReplaceIcon

imm32

ImmGetGuideLineW
ImmIsUIMessageW
ImmRegisterWordA
ImmEnumInputContext
ImmInstallIMEA
ImmGetConversionStatus
ImmGetProperty
ImmNotifyIME
ImmGetConversionListA
ImmEnumRegisterWordA
ImmConfigureIMEW
ImmGetCompositionFontA
ImmSetCompositionWindow
ImmGetGuideLineA

comdlg32

GetOpenFileNameA
CommDlgExtendedError

ntdsapi

DsReplicaFreeInfo
DsFreeNameResultW
DsBindWithSpnW
DsAddSidHistoryA
DsReplicaConsistencyCheck
DsServerRegisterSpnA
DsListRolesA
DsListServersInSiteW
DsFreePasswordCredentials
DsInheritSecurityIdentityA
DsListInfoForServerA
DsCrackNamesA

urlmon

CreateFormatEnumerator
HlinkSimpleNavigateToString
URLOpenBlockingStreamA
RegisterMediaTypeClass
IsLoggingEnabledA
URLOpenStreamA
URLOpenBlockingStreamW
GetComponentIDFromCLSSPEC
RegisterFormatEnumerator
CreateAsyncBindCtxEx
UrlMkSetSessionOption

advapi32

GetUserNameW
RegQueryValueExW

pdh

PdhGetCounterInfoA
PdhGetDataSourceTimeRangeA
PdhEnumMachinesA
PdhCloseQuery
PdhGetDefaultPerfCounterA

mprapi

MprConfigInterfaceSetInfo
MprConfigTransportCreate
MprAdminMIBEntrySet
MprInfoBlockRemove
MprConfigTransportGetInfo

clusapi

ClusterRegOpenKey

setupapi

SetupRemoveFileLogEntryW
SetupQueueCopySectionA
SetupDiGetDeviceInstallParamsA
SetupGetLineByIndexA
SetupCommitFileQueueA
SetupDiGetHwProfileListExW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInterfaceW
SetupBackupErrorA
SetupDiCancelDriverInfoSearch
SetupFreeSourceListA
SetupQueueRenameSectionA
SetupDecompressOrCopyFileA
SetupOpenLog
SetupInstallServicesFromInfSectionExW
SetupDiGetDeviceRegistryPropertyA
SetupInstallServicesFromInfSectionA

shell32

ShellAboutA
SHAppBarMessage
FindExecutableA
DragAcceptFiles
ShellAboutW
SHFileOperationA
ShellExecuteA
DragQueryFileW
SHCreateProcessAsUserW
SHGetFileInfoA
ShellExecuteExA
Shell_NotifyIconA
SHQueryRecycleBinW

oleaut32

VarR8FromBool
VarBstrFromR8
VarCyFromI1
VarUI2FromI4
VarUI2FromR4
GetErrorInfo

kernel32

GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCommandLineA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
LoadLibraryA
FreeLibrary
GetModuleFileNameA
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemInfo
VirtualProtect
HeapReAlloc
Sleep
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
RtlUnwind
InitializeCriticalSection
GetConsoleCP
FatalAppExitA
ExitProcess
HeapFree
SetFilePointer
HeapAlloc
LCMapStringW
ReadFile
GetStringTypeW
WideCharToMultiByte
RaiseException
WriteConsoleInputW
GetCurrentThread
GetCurrentThreadId
GetLastError
SetLastError
TlsSetValue
TlsAlloc
GetModuleHandleA
GetProcAddress
GetOEMCP
InterlockedDecrement
GetCPInfo
OutputDebugStringA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
EnumCalendarInfoExA
DebugSetProcessKillOnExit
ExpandEnvironmentStringsW
OpenProcess
EnumResourceLanguagesW
BackupWrite
TerminateJobObject
WriteConsoleOutputCharacterW
EraseTape
WriteConsoleOutputW
FindResourceExW
CopyFileW
ZombifyActCtx
SetFirmwareEnvironmentVariableA
VirtualAllocEx
GetCommProperties
GetProcessWorkingSetSize
PrepareTape
InterlockedPushEntrySList
ExitProcess
VirtualAlloc
VirtualFree
lstrcmpiW
LoadLibraryW
lstrlenW
GetModuleHandleW
FindCloseChangeNotification
DeleteTimerQueueEx
VirtualFreeEx
SetCommTimeouts
lstrcmpA
SetFileAttributesA
CreateMutexA
GetThreadTimes
SetStdHandle
MoveFileExA
LocalUnlock
GetDriveTypeW
FindNextVolumeA
WriteFile
HeapUnlock
GetFileAttributesExA
IsBadHugeReadPtr
WriteFileEx
TryEnterCriticalSection
QueueUserWorkItem
WaitForMultipleObjectsEx
SetProcessPriorityBoost
IsWow64Process
FreeUserPhysicalPages
HeapSize
IsBadStringPtrA
PostQueuedCompletionStatus
MoveFileWithProgressW
PeekConsoleInputA
ReadConsoleInputW
SetConsoleCP
CreateThread
lstrcatA
SetDefaultCommConfigW
WriteConsoleA
SetCommBreak
CreateFileA
IsDBCSLeadByteEx
SetVolumeLabelW
GetTempPathW
GetCompressedFileSizeA
FindResourceExA
SetLocaleInfoA
SystemTimeToFileTime
OpenFileMappingA
CancelDeviceWakeupRequest
EnumLanguageGroupLocalesW
RemoveDirectoryA
CreateHardLinkA
GetCompressedFileSizeW
GetWriteWatch
UnlockFileEx
lstrcmpiA
GetNamedPipeHandleStateA
SetProcessShutdownParameters
ReadConsoleOutputAttribute
SetSystemPowerState
FormatMessageW
LocalSize
GetSystemRegistryQuota
EnumResourceNamesA
GetACP
EnumSystemCodePagesW
ResetWriteWatch
lstrcpyA
GetConsoleMode
LCMapStringA
GetStringTypeA
GetFirmwareEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
DeleteVolumeMountPointW
GetProcessTimes
FindFirstFileExW
CancelIo
LocalFlags
SetCommMask
IsBadReadPtr
AddRefActCtx
TransmitCommChar
FindVolumeMountPointClose
SetThreadIdealProcessor
GetGeoInfoA
VirtualQuery
LocalCompact
DeleteFiber
ConvertFiberToThread
GetSystemWindowsDirectoryA
PulseEvent
DisconnectNamedPipe
FindFirstChangeNotificationA
GetHandleInformation
GetFileAttributesExW
EnumUILanguagesW
GetSystemWow64DirectoryA
InterlockedIncrement
CreateDirectoryExW
Process32NextW
ActivateActCtx
GetEnvironmentVariableW
Process32First
GetConsoleFontSize
ReadConsoleInputA
GlobalUnWire
GetProfileIntA
LocalFileTimeToFileTime
WaitForDebugEvent
GetVolumeNameForVolumeMountPointW
GetProfileIntW
MultiByteToWideChar
GetAtomNameA
UnhandledExceptionFilter
FlushConsoleInputBuffer
FoldStringA
CompareStringA
FindActCtxSectionGuid
SetConsoleCtrlHandler
ProcessIdToSessionId
GetDiskFreeSpaceA
OpenJobObjectA
EnumCalendarInfoA
FindNextVolumeW
GetCommModemStatus
SetConsoleTextAttribute
GetVolumePathNamesForVolumeNameA
Process32FirstW
TlsFree
AddAtomA
TlsGetValue
FindFirstVolumeA
InterlockedExchange
GetCurrentDirectoryW
BuildCommDCBA
GetNamedPipeHandleStateW
GetConsoleProcessList
WriteProfileStringW
GetMailslotInfo
ReadConsoleOutputA
QueryDosDeviceA
DnsHostnameToComputerNameW
SetDefaultCommConfigA
SystemTimeToTzSpecificLocalTime
GetFileAttributesA
FileTimeToLocalFileTime
ReadDirectoryChangesW
AddAtomW
Module32FirstW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 956KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db43d504861d5ac05d09cf5b6838c5ae

Headers

File Characteristics

Imports

ole32

gdi32

comctl32

imm32

comdlg32

ntdsapi

urlmon

advapi32

pdh

mprapi

clusapi

setupapi

shell32

oleaut32

kernel32

Sections

.text Size: 136KB - Virtual size: 132KB

.data Size: 8KB - Virtual size: 17KB

.flat Size: 956KB - Virtual size: 953KB

.rsrc Size: 84KB - Virtual size: 1.2MB

.text
Size: 136KB - Virtual size: 132KB

.data
Size: 8KB - Virtual size: 17KB

.flat
Size: 956KB - Virtual size: 953KB

.rsrc
Size: 84KB - Virtual size: 1.2MB