ad1b75a870878fcd47fb6bee8ae1d5d4bef3953555bf2f1dc8e3857a2e60ac6e

Sharing

Copy URL Twitter E-mail

General

Target

ad1b75a870878fcd47fb6bee8ae1d5d4bef3953555bf2f1dc8e3857a2e60ac6e
Size

184KB
MD5

7599d5919745385851e310c31135d0cc
SHA1

3c473d1f04329bc2a59d8f363867b7a477c83af4
SHA256

ad1b75a870878fcd47fb6bee8ae1d5d4bef3953555bf2f1dc8e3857a2e60ac6e
SHA512

2c031a3d6291de5d4b67f11a5dc5223cf2a4466a5ed428e25c5059be74816b09e1897e49fcbc794e696f9ff544879f8a53fc05587a020295906f98b9308565b7
SSDEEP

3072:n8VQx2rXe/sOoZgREwN2OITgdyg0EiitPx6iBI5xpq0+dT5SsLASL:n8Vc2rXe/shsXoOrRIiSV+dNSsLV

Score

N/A

Malware Config

Signatures

Files

ad1b75a870878fcd47fb6bee8ae1d5d4bef3953555bf2f1dc8e3857a2e60ac6e
.exe windows x86

531e7a7eaaaa784aa57bdeda2f3e3e82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteTimerQueueEx
QueryInformationJobObject
GetDiskFreeSpaceW
DnsHostnameToComputerNameA
FatalAppExitA
GetAtomNameA
ExitProcess
OpenProcess

comctl32

FlatSB_SetScrollPos
ImageList_Create
FlatSB_GetScrollPos
ImageList_AddMasked
DrawStatusTextW
CreateMappedBitmap

ws2_32

WSAGetServiceClassInfoW
WSCUnInstallNameSpace
WSASetLastError
WSASocketW
WSAAsyncGetServByName
WSAInstallServiceClassA
connect
WSASetBlockingHook
getservbyname
WSANtohs
WSAIoctl
WSASocketA
bind
WSAAccept
send
WSCWriteNameSpaceOrder
WSAUnhookBlockingHook
WSAEnumProtocolsA
WSALookupServiceNextW
WSAInstallServiceClassW
__WSAFDIsSet
WSACreateEvent
getprotobynumber
WSALookupServiceBeginA
WSAEnumNameSpaceProvidersA

clusapi

CreateClusterResource
ClusterNetInterfaceControl
GetClusterNotify
OpenCluster
OpenClusterGroup
BackupClusterDatabase
ClusterControl
SetClusterNetworkPriorityOrder
ClusterResourceControl
GetClusterNetInterfaceState

advapi32

ElfRegisterEventSourceA
DuplicateTokenEx
SetNamedSecurityInfoA
SystemFunction025
ConvertSecurityDescriptorToAccessNamedW
IsValidSecurityDescriptor
RegisterTraceGuidsW
EnumServicesStatusExW
BuildTrusteeWithObjectsAndNameA
GetUserNameW

tapi32

lineUnparkW
phoneSetData
phoneClose
MMCShutdown
lineRegisterRequestRecipient
phoneDevSpecific
lineGetAddressIDA
lineSetDevConfigW
NonAsyncEventThread
lineConfigDialogW
lineConfigProvider
lineSetAgentState
lineGetCallInfoW
lineGetLineDevStatusA
lineConfigDialogEditW

mswsock

GetServiceW
rcmd
EnumProtocolsA
SetServiceW
MigrateWinsockConfiguration
getnetbyname
rexec
dn_expand
TransmitFile
SetServiceA
GetNameByTypeW
AcceptEx
sethostname
inet_network

ntdll

NtDeleteFile
RtlCopyString
LdrDisableThreadCalloutsForDll
ZwCreateJobObject
ZwQueryQuotaInformationFile
RtlIntegerToChar
ZwCreateSymbolicLinkObject
RtlAbsoluteToSelfRelativeSD
ZwAlertResumeThread
NtAlertResumeThread
RtlRandom
NtCancelTimer
RtlLargeIntegerToChar
NtSetInformationFile
RtlInitializeAtomPackage
NtPrivilegeObjectAuditAlarm
NtAccessCheck
ZwCreateSection
ZwQueryDirectoryObject
RtlCutoverTimeToSystemTime
ZwQueryInformationProcess
RtlPcToFileHeader
ZwAllocateVirtualMemory
RtlGetLongestNtPathLength
VerSetConditionMask
NtQuerySystemInformation
RtlAddAccessDeniedAceEx
NtQueryDirectoryFile
ZwCreateThread
NtSetLdtEntries
RtlDeleteTimerQueue

advpack

SetPerUserSecValues
RegisterOCX
ExecuteCab
UserUnInstStubWrapper

wininet

GopherCreateLocatorA
FtpCommandA
FreeUrlCacheSpaceW
UpdateUrlCacheContentPath
HttpSendRequestExA
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
InternetGetLastResponseInfoW
FtpSetCurrentDirectoryA
InternetFindNextFileA
SetUrlCacheGroupAttributeW
DeleteIE3Cache
InternetWriteFile
InternetErrorDlg
GetUrlCacheEntryInfoExW
FindNextUrlCacheEntryA
GetUrlCacheEntryInfoA
FtpPutFileA
SetUrlCacheEntryInfoW
GopherOpenFileW
FtpGetCurrentDirectoryA
IsHostInProxyBypassList
SetUrlCacheConfigInfoW
HttpSendRequestExW
HttpSendRequestW
InternetCrackUrlA
InternetCanonicalizeUrlW
InternetGetConnectedState

wtsapi32

WTSSetSessionInformationW
WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSVirtualChannelClose
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSSetUserConfigA
WTSVirtualChannelQuery
WTSSendMessageA
WTSFreeMemory
WTSVirtualChannelPurgeInput
WTSQueryUserConfigA
WTSVirtualChannelOpen
WTSVirtualChannelRead

comdlg32

PrintDlgExA
GetFileTitleA
Ssync_ANSI_UNICODE_Struct_For_WOW
GetOpenFileNameA
PrintDlgW
PrintDlgExW
FindTextA
PageSetupDlgA
ReplaceTextW
ChooseFontW
FindTextW
PageSetupDlgW
GetSaveFileNameW

crypt32

CertOIDToAlgId
CertFindRDNAttr
PFXImportCertStore
CertCreateSelfSignCertificate
CryptMsgControl
CryptQueryObject
CryptFreeOIDFunctionAddress
CryptFormatObject
CryptImportPublicKeyInfoEx
CertEnumCertificatesInStore
CertAddEncodedCertificateToSystemStoreA
CertFindSubjectInSortedCTL
CertSetStoreProperty
CertCreateCTLContext
PFXExportCertStoreEx
CertDuplicateCRLContext
CryptExportPKCS8
CryptSIPRemoveProvider
CertFindAttribute
CertGetCertificateContextProperty
CryptInitOIDFunctionSet
CryptEncryptMessage
CryptUnregisterOIDInfo
CertEnumCRLsInStore
CertEnumCTLsInStore
CertOpenStore
CryptEnumOIDFunction
CryptMsgOpenToDecode
CryptRegisterOIDInfo
CertFindCTLInStore
CertSetCTLContextProperty

shlwapi

PathIsContentTypeW
ColorHLSToRGB
StrToIntExA
SHSetThreadRef
StrCatBuffW
PathIsUNCW
PathCanonicalizeW
SHDeleteOrphanKeyW
PathQuoteSpacesA
PathIsRootW
StrRetToStrA
SHRegGetBoolUSValueA
SHGetThreadRef
SHRegCreateUSKeyA
PathIsDirectoryEmptyA
PathStripPathW
UrlIsA
StrCmpW
PathMakePrettyA
SHRegWriteUSValueW
StrChrA
PathFileExistsA
PathIsFileSpecW
SHRegOpenUSKeyW
StrFormatByteSizeW
PathIsFileSpecA
SHCreateShellPalette
UrlCombineA
StrNCatW
SHRegDeleteUSValueA
PathRemoveBlanksW
PathCanonicalizeA

user32

DrawFrame

mpr

MultinetGetConnectionPerformanceW
WNetGetUserW
WNetGetResourceInformationA
WNetOpenEnumW
WNetConnectionDialog1A
WNetCloseEnum
WNetDisconnectDialog1A
WNetGetNetworkInformationW
WNetGetResourceParentA
WNetConnectionDialog1W
WNetOpenEnumA
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetAddConnectionW
WNetGetResourceParentW
WNetAddConnectionA
WNetUseConnectionA
WNetGetUniversalNameA
WNetCancelConnection2A

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531e7a7eaaaa784aa57bdeda2f3e3e82

Headers

File Characteristics

Imports

kernel32

comctl32

ws2_32

clusapi

advapi32

tapi32

mswsock

ntdll

advpack

wininet

wtsapi32

comdlg32

crypt32

shlwapi

user32

mpr

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 31KB - Virtual size: 339KB

.rsrc Size: 73KB - Virtual size: 72KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 31KB - Virtual size: 339KB

.rsrc
Size: 73KB - Virtual size: 72KB