7f679aab396f9a8fa82694a05041c1b7e8fb79d56b5be2df15e35ccbf07f69c0

Sharing

Copy URL Twitter E-mail

General

Target

7f679aab396f9a8fa82694a05041c1b7e8fb79d56b5be2df15e35ccbf07f69c0
Size

123KB
MD5

05149e9db22d4a2b3e1a7f1ca9d0e120
SHA1

47921d8eea37a464817b4ce464914b0b3679d73e
SHA256

7f679aab396f9a8fa82694a05041c1b7e8fb79d56b5be2df15e35ccbf07f69c0
SHA512

84133dd23c828ed7a88fe5fe986d047bfe3ab7408e1950673560b8c2c6f876d65c73862d2277db5d726277858e2635b390d9bd4b7013d6663f4ed1bdf8a08446
SSDEEP

3072:0bHRHAe/dOfLDB4mc9RDmYU7rLOQXe08xa/jIv/OQOv:QHZAkODDH4RiXTejxR/XO

Score

N/A

Malware Config

Signatures

Files

7f679aab396f9a8fa82694a05041c1b7e8fb79d56b5be2df15e35ccbf07f69c0
.exe windows x86

1c187945b7330ea3cf51ea3b72cf0933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

CreateStubFromTypeInfo
NDRSContextMarshallEx
MesDecodeIncrementalHandleCreate
NdrConformantStructBufferSize
NdrAsyncClientCall
NdrByteCountPointerUnmarshall
DllRegisterServer
DceErrorInqTextW
NDRSContextMarshall
NdrByteCountPointerFree
NDRCContextMarshall
MesIncrementalHandleReset
MesHandleFree
NdrByteCountPointerBufferSize
NdrAllocate
DllGetClassObject
NDRcopy
NDRCContextBinding
CStdStubBuffer_CountRefs
MesInqProcEncodingId
NdrClientInitialize
MesBufferHandleReset

ole32

WriteFmtUserTypeStg
CoCreateInstanceEx

rsaenh

CPSetHashParam
CPGenKey
CPCreateHash
DllUnregisterServer
CPGetKeyParam
DllRegisterServer
CPDeriveKey
CPExportKey
CPEncrypt
CPGetHashParam
CPDestroyKey
CPSetKeyParam
CPGetUserKey
CPReleaseContext
CPVerifySignature
CPSetProvParam
CPDestroyHash
CPGetProvParam
CPGenRandom
CPSignHash
CPDecrypt
CPDuplicateKey
CPDuplicateHash
CPImportKey
CPHashData
CPHashSessionKey

user32

SendMessageA
DefWindowProcA
GetDesktopWindow
SetCursor
GetClientRect
GetSysColor
GetSystemMetrics
SetFocus
SetTimer
GetWindowLongA
wsprintfA
DestroyWindow

olecli32

OleSaveToStream
MfGetData
BmChangeData
ObjQueryName
ObjQuerySize
ObjRename
DefCreateLinkFromFile
ErrSetHostNames
DibDraw
CheckNetDrive
OleCreateInvisible
MfRelease
GenRelease
MfEnumFormat
BmGetData

msvcrt

wcsncpy
realloc
_iob
fwrite
malloc
wcscmp
_initterm
_local_unwind2
_wcsicmp
strtol
_snwprintf
_itow
wcsncmp
_strnicmp
_vsnwprintf
swprintf
__dllonexit
free
wcscpy
_except_handler3
_wtoi
wcslen
_onexit

shell32

SHCoCreateInstance
Shell_GetImageLists
DAD_DragMove
IsNetDrive
SHChangeNotifyDeregister
DriveType
PifMgr_OpenProperties
DllGetClassObject
Shell_GetCachedImageIndex
DragAcceptFiles
DragFinish
RestartDialog
PickIconDlg
DAD_DragLeave
DAD_DragEnterEx
GetFileNameFromBrowse
SHChangeNotifyRegister
Shell_MergeMenus
DllCanUnloadNow
PathResolve
SHILCreateFromPath
IsLFNDrive
SHDefExtractIconW
DllUnregisterServer
PathQualify
SHGetSetSettings
DllRegisterServer
SHStartNetConnectionDialogW
DllGetVersion
DllInstall

advapi32

GetTokenInformation
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegEnumValueW
CloseServiceHandle
RegQueryValueExA
RegEnumKeyExW
OpenProcessToken
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
AllocateAndInitializeSid
RegDeleteValueW
RegOpenKeyExA
RegEnumKeyExA
OpenThreadToken
FreeSid
RegDeleteKeyA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

shlwapi

PathAddExtensionA
StrFormatByteSize64A
PathIsDirectoryEmptyA

kernel32

VirtualFree
LockResource
OutputDebugStringW
SizeofResource
AddAtomW
CreateProcessW
GetFullPathNameW
GetCurrentProcess
IsValidCodePage
ExitProcess
GetCurrentDirectoryW
CreateMutexW
MulDiv
ExpandEnvironmentStringsA
IsBadCodePtr
CreateDirectoryA
CreateFileMappingW
lstrcatW
VirtualAlloc
WriteConsoleW
SetFileAttributesA
FindResourceA
LoadResource
CreateMutexA
DeviceIoControl
CopyFileW
GetComputerNameW
GetLastError

oleacc

DllUnregisterServer
GetRoleTextA
AccessibleObjectFromPoint
GetRoleTextW
WindowFromAccessibleObject
ObjectFromLresult
GetStateTextW
GetOleaccVersionInfo
LIBID_Accessibility
LresultFromObject
IID_IAccessibleHandler
IID_IAccessible
CreateStdAccessibleProxyA
CreateStdAccessibleProxyW
DllGetClassObject
GetStateTextA
DllCanUnloadNow
AccessibleChildren
AccessibleObjectFromEvent
CreateStdAccessibleObject
AccessibleObjectFromWindow

Sections

.textbss
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c187945b7330ea3cf51ea3b72cf0933

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ole32

rsaenh

user32

olecli32

msvcrt

shell32

advapi32

shlwapi

kernel32

oleacc

Sections

.textbss Size: - Virtual size: 108KB

.idata Size: 36KB - Virtual size: 35KB

.text Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 70KB - Virtual size: 69KB

.debug Size: 6KB - Virtual size: 6KB

.textbss
Size: - Virtual size: 108KB

.idata
Size: 36KB - Virtual size: 35KB

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 70KB - Virtual size: 69KB

.debug
Size: 6KB - Virtual size: 6KB