3fddba56261587a6d803baf88afa5110d53b3eeed676b4c0930d782b31ec4e52

Sharing

Copy URL Twitter E-mail

General

Target

3fddba56261587a6d803baf88afa5110d53b3eeed676b4c0930d782b31ec4e52
Size

108KB
MD5

258cc3d31ca57857f20d6515d1bbf2b5
SHA1

26003f23d09400b2f170190ffbcfca7bb999d55f
SHA256

3fddba56261587a6d803baf88afa5110d53b3eeed676b4c0930d782b31ec4e52
SHA512

9b20f0b56495a62031c4bf186d6ca9a39ab173e2d9c5b970dd2a5fbfa6fb38eb031bdb990f512276761b2d5be2732841ef768b172029dd4f6f2c8a96a7635829
SSDEEP

3072:2E5zdOUzwmAcpW17UdpvaVJuxA+IOg1kXC:lzMcqobvGwYky

Score

N/A

Malware Config

Signatures

Files

3fddba56261587a6d803baf88afa5110d53b3eeed676b4c0930d782b31ec4e52
.exe windows x86

cdae531bf7cf84886846d7cea0e3426d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
DragQueryFileA
SHGetFolderPathW
ShellExecuteExW
SHBindToParent
SHGetSpecialFolderPathW
ShellExecuteA
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW

oleaut32

VariantChangeTypeEx
RegisterTypeLib
SetErrorInfo
SafeArrayPutElement
GetActiveObject
GetErrorInfo
VariantInit
CreateErrorInfo
SafeArrayGetLBound
SysFreeString
VariantCopy
VariantChangeType
SafeArrayCreate
VariantCopyInd
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
VariantClear
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SysReAllocStringLen
LoadTypeLib
SafeArrayGetUBound
SafeArrayGetElement

shlwapi

UrlCanonicalizeW
wnsprintfW
PathFindFileNameW
PathStripToRootA
StrRChrW
StrCatW
SHGetValueW
SHStrDupW
PathAppendW
SHDeleteKeyW
PathRemoveExtensionW
PathRemoveFileSpecA
StrStrIA
PathIsRootW
wnsprintfA
StrStrIW
PathStripToRootW
PathAppendA
StrTrimW
SHDeleteValueA
StrCmpNW
PathFindExtensionA
StrCatBuffW
PathCombineW
StrChrIW
PathRemoveFileSpecW
PathIsRelativeW
StrChrW
AssocQueryStringW
PathRemoveBackslashW
PathIsURLW
SHDeleteKeyA
SHDeleteValueW
SHSetValueW
SHRegGetBoolUSValueW
StrCmpNIA

ole32

StgIsStorageFile
CreateBindCtx
StringFromCLSID
OleRegGetMiscStatus
CoCreateFreeThreadedMarshaler
OleRegGetUserType
CoCreateInstanceEx
CoRegisterClassObject
CoGetObjectContext
CoUnmarshalInterface
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
ReleaseStgMedium
OleRun
CoTaskMemFree
StgCreateDocfile
CoGetMalloc
OleLoadFromStream
OleSaveToStream
OleInitialize
MkParseDisplayName
CreateILockBytesOnHGlobal
CLSIDFromString
CoInitializeEx
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
CreateDataAdviseHolder
StringFromGUID2
GetRunningObjectTable
PropVariantClear
CoUninitialize
CoCreateGuid
CoFreeUnusedLibraries
PropVariantCopy
CoReleaseMarshalData
ProgIDFromCLSID
CoImpersonateClient
WriteClassStm
CoInitialize
CreateItemMoniker
StringFromIID
CoInitializeSecurity
CoMarshalInterface
CoCreateInstance
OleRegEnumVerbs
CoSetProxyBlanket

version

GetFileVersionInfoSizeW
VerLanguageNameA
VerFindFileW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW

rpcrt4

RpcBindingToStringBindingW
CStdStubBuffer_IsIIDSupported
UuidToStringW
RpcServerRegisterAuthInfoW
IUnknown_QueryInterface_Proxy
RpcStringFreeA
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
RpcBindingVectorFree
NdrOleAllocate
RpcStringFreeW
RpcServerUseProtseqEpW
UuidToStringA
RpcRevertToSelf
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
UuidFromStringW
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Connect
RpcServerRegisterIfEx
RpcImpersonateClient
NdrClientCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrDllGetClassObject
RpcBindingSetAuthInfoExW
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
IUnknown_Release_Proxy
NdrServerCall2

user32

CreateDialogParamW
GetClassNameA
SetWindowPos
EndDialog
wsprintfW
SendMessageW
RedrawWindow
CreateWindowExW
MessageBoxW
PostMessageW
WinHelpW
DestroyWindow
GetDlgItem
GetKeyState
IsDlgButtonChecked
GetMessageW
CallNextHookEx
GetDlgItemTextA
IntersectRect
SetWindowRgn
FindWindowW
RegisterClassW
ShowWindow
LoadBitmapA
CreatePopupMenu
PostMessageA
KillTimer
InflateRect
SetForegroundWindow
DialogBoxParamA
CallWindowProcA
LoadBitmapW
SetWindowTextA
PeekMessageW
MsgWaitForMultipleObjects
CharUpperA
ReleaseCapture
SetDlgItemTextW
GetActiveWindow
FillRect
GetWindowDC
GetSysColorBrush
GetWindowLongW
IsChild
CheckMenuItem
GetDlgCtrlID
GetWindowThreadProcessId
SetWindowTextW
UnhookWindowsHookEx
GetMenu
BeginPaint
UnregisterClassW
GetCapture
EnableWindow
GetMenuItemCount
GetFocus
GetAsyncKeyState
GetForegroundWindow
DrawIcon
GetWindow
IsWindowEnabled
GetMessagePos
UpdateWindow
CharUpperW
SendDlgItemMessageA
EnumChildWindows
MessageBeep
MessageBoxA
CharNextA
SystemParametersInfoA
SetCapture
DestroyIcon
IsWindow
LoadCursorW
GetWindowTextLengthW
MapWindowPoints
CreateWindowExA
SetFocus
LoadIconW
GetClassNameW
SendDlgItemMessageW
LoadIconA
DestroyMenu
InvalidateRect
FindWindowA
GetDesktopWindow
GetSystemMenu
ScreenToClient
GetWindowRect
ReleaseDC
GetWindowPlacement
GetWindowLongA
GetSubMenu
SetTimer
PeekMessageA
PostQuitMessage
GetDC
GetClientRect

comdlg32

FindTextW
PrintDlgExW
ChooseColorW
CommDlgExtendedError
FindTextA
PrintDlgW
ChooseFontA
ChooseColorA
PageSetupDlgA
ChooseFontW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameW
PrintDlgA
GetFileTitleW
PageSetupDlgW
GetSaveFileNameA
GetFileTitleA

advapi32

RegDeleteValueW
RegEnumKeyW
AdjustTokenPrivileges
CloseServiceHandle
GetSidSubAuthorityCount
StartServiceW
ChangeServiceConfigW
InitializeAcl
RevertToSelf
QueryServiceStatus
LsaFreeMemory
LsaQueryInformationPolicy
OpenSCManagerW
OpenServiceW
CryptHashData
RegEnumKeyA
LookupAccountSidW
RegCloseKey
EqualSid
CryptDestroyKey
SetFileSecurityW
QueryServiceConfigW
DuplicateTokenEx
ReportEventW
GetAclInformation
LockServiceDatabase
RegSetValueA
OpenThreadToken
ImpersonateLoggedOnUser
CryptAcquireContextA
RegQueryInfoKeyA
UnlockServiceDatabase
CheckTokenMembership
SetNamedSecurityInfoW
RegOpenKeyW
GetSecurityDescriptorOwner
RegQueryValueExW
CryptGetHashParam
CryptDestroyHash
IsValidSid
RegEnumValueW
RegQueryValueA
RegEnumKeyExA
AddAce
LookupPrivilegeValueA
RegNotifyChangeKeyValue
CryptCreateHash
RegDeleteKeyA
ConvertSidToStringSidW
RegDeleteKeyW
CryptReleaseContext
GetSecurityDescriptorLength
LsaOpenPolicy
GetAce
RegSetValueExW
GetTraceEnableLevel
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
GetSidSubAuthority
AddAccessAllowedAce
GetSecurityDescriptorDacl
RegQueryValueW
RegCreateKeyExA
OpenProcessToken
RegCreateKeyA
SetSecurityDescriptorGroup
CopySid
RegisterTraceGuidsW
IsValidSecurityDescriptor
RegFlushKey
RegEnumKeyExW
GetTokenInformation
GetTraceEnableFlags
OpenServiceA
OpenSCManagerA
DeleteService

msvcrt

_wcslwr
atoi
_strlwr
_finite
_fileno
strtoul
wcscpy
_wfopen
swprintf
sscanf
wcscat
__set_app_type
__CxxFrameHandler
fclose
_errno
_XcptFilter
free
_stat
__badioinfo
floor
fread
_purecall
_wtol
toupper
__wgetmainargs
time
_CxxThrowException
_acmdln
_ltoa
memmove
__p__osver
exit
_rotl
srand
_initterm
_CIsqrt
_write
wcstombs
malloc
??3@YAXPAX@Z
iswctype
_onexit
__p__iob
wcschr
_CIpow
ceil
_ultoa
iswspace
_ftol
wcsrchr
printf
_amsg_exit
_wcsdup
wcslen
rand
_c_exit

ntdll

RtlRaiseStatus
RtlDetermineDosPathNameType_U
RtlInitializeCriticalSectionAndSpinCount
NtAdjustPrivilegesToken
DbgBreakPoint
RtlUnicodeStringToAnsiString
wcslen
RtlSetGroupSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
_stricmp
RtlReAllocateHeap
NtOpenEvent
NtSetInformationFile
RtlOpenCurrentUser
RtlInitializeResource
NtEnumerateValueKey
RtlGetDaclSecurityDescriptor
NtMapViewOfSection
wcschr
NtClose
RtlxUnicodeStringToOemSize
atoi
RtlInitString
RtlQueryEnvironmentVariable_U
memmove
RtlAppendUnicodeStringToString
NtConnectPort
RtlSetSaclSecurityDescriptor
RtlGetFullPathName_U
RtlValidRelativeSecurityDescriptor
RtlRunDecodeUnicodeString
NtUnmapViewOfSection
NtTerminateProcess
NtSetInformationThread
RtlDeleteSecurityObject
RtlFormatCurrentUserKeyPath
RtlUnicodeStringToInteger
RtlInitializeGenericTable
RtlAllocateAndInitializeSid
RtlQueryInformationAcl
RtlSetDaclSecurityDescriptor
NtWaitForSingleObject
NtCreateSection
NtQueryDirectoryObject
RtlFreeUnicodeString
_alloca_probe
RtlCreateUserThread
RtlCreateSecurityDescriptor
wcsncpy
NtQueryVolumeInformationFile
NtSetInformationProcess
RtlGetSaclSecurityDescriptor
NtQuerySystemInformation
_wcslwr
sprintf
RtlAdjustPrivilege
RtlxOemStringToUnicodeSize
RtlGetNtProductType
RtlQueueWorkItem
NtQueryAttributesFile
atol
NtAllocateLocallyUniqueId
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlSizeHeap
RtlNewSecurityObject
RtlDestroyEnvironment
RtlGetVersion
RtlPrefixUnicodeString

kernel32

FreeEnvironmentStringsA
GetSystemDirectoryA
GetUserDefaultLCID
VirtualProtect
GetSystemTime
GetTickCount
GetFileSize
CreateThread
WaitForSingleObject
GetCurrentProcess
GetThreadLocale
GetProcessHeap
ReleaseSemaphore
FormatMessageW
OpenEventA
OutputDebugStringA
GetWindowsDirectoryW
VirtualQuery
SetHandleCount
FileTimeToSystemTime
HeapFree
SetThreadPriority
ResetEvent
FindResourceW
HeapSize
LoadResource
SetEndOfFile
lstrcmpA
lstrcatW
GetACP
GetOEMCP
SetErrorMode
GetModuleFileNameW
InterlockedDecrement
IsDBCSLeadByte
lstrlenA
CreateFileMappingA
GetFileAttributesA
FindFirstFileA
ReleaseMutex
SetEvent
DeleteCriticalSection
OutputDebugStringW
IsBadWritePtr
GetFileAttributesW
WriteFile
GetEnvironmentStrings
QueryPerformanceCounter
WriteConsoleW
GetCurrentProcessId
lstrcpyW
VirtualAlloc
GlobalLock
ExpandEnvironmentStringsW
RaiseException
UnmapViewOfFile
GetSystemDirectoryW
lstrlenW
LockResource
GetStdHandle
GetCurrentThread
LCMapStringW
SetStdHandle
EnterCriticalSection
InterlockedExchange
GetTempPathA
GetExitCodeThread
CreateFileA
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GlobalUnlock
LCMapStringA
GetModuleFileNameA
GetStartupInfoA
DeleteFileA
GetVersion
GetEnvironmentStringsW
GetLastError
GetFullPathNameW
FindFirstFileW
CreateMutexA
IsDebuggerPresent
SetFilePointer

gdi32

SetStretchBltMode
GetRgnBox
ExcludeClipRect
Rectangle
GetTextColor
SetTextColor
EndPage
EnumFontFamiliesExW
UnrealizeObject
CreateSolidBrush
CreateDCW
CreateBrushIndirect
CreateHalftonePalette
CreateDCA
SelectPalette
OffsetRgn
RectVisible
DeleteObject
ScaleViewportExtEx
GetObjectA
CreateBitmap
SetViewportOrgEx
GetBitmapBits
SetBrushOrgEx
ExtTextOutW
OffsetViewportOrgEx
GetBkColor
StretchBlt
GetStockObject
TranslateCharsetInfo
RestoreDC
CreateCompatibleDC
MoveToEx
GetPaletteEntries
ExtSelectClipRgn
EndDoc
GetObjectW
GetViewportExtEx
BitBlt
SetViewportExtEx
GetBkMode
SetBkMode
GetWindowExtEx
GetTextAlign
SaveDC
TextOutA
GetMapMode
DeleteMetaFile
PlayMetaFile
CreateRectRgn
CreateRectRgnIndirect
GetDeviceCaps
CreateDIBitmap
CreatePatternBrush
CloseMetaFile
SetBkColor
GetNearestColor
TextOutW
PatBlt
SetMapMode
GetClipBox
SetROP2
CreatePalette
CreateDIBSection
SelectObject
CreateFontIndirectA
GetCurrentObject

comctl32

ImageList_ReplaceIcon
PropertySheetA
ImageList_Create
CreatePropertySheetPageW
ImageList_Destroy
PropertySheetW
InitCommonControlsEx
ImageList_Draw
InitCommonControls

Sections

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdae531bf7cf84886846d7cea0e3426d

Headers

DLL Characteristics

File Characteristics

Imports

shell32

oleaut32

shlwapi

ole32

version

rpcrt4

user32

comdlg32

advapi32

msvcrt

ntdll

kernel32

gdi32

comctl32

Sections

DATA Size: 3KB - Virtual size: 3KB

.text Size: 100KB - Virtual size: 100KB

.tls Size: 512B - Virtual size: 144KB

.textbss Size: 1024B - Virtual size: 1004B

.rsrc Size: 1KB - Virtual size: 1KB

DATA
Size: 3KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 100KB

.tls
Size: 512B - Virtual size: 144KB

.textbss
Size: 1024B - Virtual size: 1004B

.rsrc
Size: 1KB - Virtual size: 1KB