b08a24f1c9d395c4b010fa6370cabc6c12e6279d6699d0862e94e87c6981ca2e

Sharing

Copy URL Twitter E-mail

General

Target

b08a24f1c9d395c4b010fa6370cabc6c12e6279d6699d0862e94e87c6981ca2e
Size

267KB
MD5

60b51006eac0192679bbee3de091f78d
SHA1

03825fb3e029c619a888b226592c072b57d881b8
SHA256

b08a24f1c9d395c4b010fa6370cabc6c12e6279d6699d0862e94e87c6981ca2e
SHA512

1126106064fe82ff38ae4d5cd1090307209dd4f00be32a640523c2f42f0d1cd2fa833ba817e002a40a162b2460e0b8953577ca59acb45d1710be72322bb5282b
SSDEEP

3072:h2zG2nBpZs+L+Jdeei52n5eD2G+IKzFvCyFx2PyEu+p1qUGD53vAixa7mfruExrq:hC/EIH+IKcyFx2Huc1OFvJx3xlR0

Score

N/A

Malware Config

Signatures

Files

b08a24f1c9d395c4b010fa6370cabc6c12e6279d6699d0862e94e87c6981ca2e
.exe windows x86

4b32ca8b20b86a408a67d65af1859f24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegOpenCurrentUser
RegDeleteKeyA
RegQueryValueExW
RegSetValueExA
RegOpenKeyA
RegOpenKeyExW
GetSidSubAuthority
QueryTraceW
GetAclInformation
LsaSetSystemAccessAccount
CloseTrace
SystemFunction028
ElfChangeNotify
ConvertSecurityDescriptorToAccessNamedA
LsaCreateTrustedDomain
RegLoadKeyW
LsaAddAccountRights
WmiQueryAllDataMultipleW
LsaGetRemoteUserName
CredIsMarshaledCredentialA
GetOverlappedAccessResults
LsaQueryTrustedDomainInfo
BuildTrusteeWithObjectsAndNameA
GetMultipleTrusteeW
CredGetSessionTypes
GetTrusteeNameW
LsaLookupPrivilegeValue
WmiSetSingleItemW
SystemFunction025
CryptSetProviderExA
AddAccessDeniedAce
CredRenameW
GetEffectiveRightsFromAclA
SaferiCompareTokenLevels
CredWriteDomainCredentialsA
GetLengthSid
CryptEnumProvidersA
BackupEventLogA
BuildTrusteeWithObjectsAndSidW
CryptVerifySignatureW
SystemFunction009
GetServiceKeyNameW
CryptGetUserKey
CryptImportKey
WmiCloseBlock
RegUnLoadKeyA
WmiSetSingleItemA
SystemFunction034
WmiQuerySingleInstanceMultipleW
ElfCloseEventLog
CryptGetHashParam
AreAnyAccessesGranted
OpenBackupEventLogW
ObjectCloseAuditAlarmW
CryptCreateHash
ConvertToAutoInheritPrivateObjectSecurity
MD5Update
SaferiPopulateDefaultsInRegistry
RegisterIdleTask
ObjectOpenAuditAlarmW
LookupAccountNameW
EnumerateTraceGuids
SystemFunction018
LsaEnumerateAccounts
LsaSetInformationTrustedDomain
WmiSetSingleInstanceA
GetAccessPermissionsForObjectW

ole32

OleRegGetUserType
CreateDataAdviseHolder
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemRealloc
OleRegEnumVerbs
CoTaskMemFree
OleRegGetMiscStatus
CoTaskMemAlloc
StringFromGUID2
OleLoadFromStream
WriteClassStm
OleSaveToStream

kernel32

DeleteCriticalSection
CreateMutexW
FreeLibrary
GetFileType
IsDBCSLeadByte
FindNextFileA
RtlUnwind
WaitForSingleObject
GetSystemInfo
UnhandledExceptionFilter
SetLastError
DeleteFileW
GetTempPathA
EnterCriticalSection
FindResourceA
GlobalLock
HeapDestroy
FindClose
GetConsoleMode
LoadResource
GlobalUnlock
FreeEnvironmentStringsA
GetLocalTime
WriteConsoleA
SetFileAttributesA
TlsAlloc
FreeEnvironmentStringsW
RaiseException
OutputDebugStringA
IsValidCodePage
CreateEventA
WriteConsoleW
SetFilePointer
TlsFree
lstrlenA
TlsSetValue
VirtualProtect
VirtualAlloc
LCMapStringW
CreateFileW
MulDiv
GetProcessHeap
lstrcmpA
WaitForSingleObjectEx
FlushFileBuffers
CreateMutexA
TerminateThread
SetHandleCount
FlushInstructionCache
GetThreadLocale
GetTempPathW
WideCharToMultiByte
VirtualFree
lstrcmpiA
WriteFile
SetStdHandle
IsProcessorFeaturePresent
HeapSize
DeleteFileA
LeaveCriticalSection
GlobalAlloc
LoadLibraryExA
TlsGetValue
VirtualQuery
GetACP
ReleaseMutex
LCMapStringA
GetTempFileNameW
GetStdHandle
GetCurrentThreadId
GetModuleHandleA
IsDebuggerPresent
lstrcpyA
GetConsoleOutputCP
HeapFree
WritePrivateProfileStringA
GetSystemTimeAsFileTime
CloseHandle
ReadFile
SizeofResource
GetCommandLineA
HeapReAlloc
SetUnhandledExceptionFilter
lstrcatA
CreateDirectoryW
CreateFileA
GetConsoleCP
FindFirstFileA
lstrlenW
HeapAlloc
GetOEMCP
CreateThread
WaitForMultipleObjects
VirtualAllocEx

oleaut32

VariantCopy
UnRegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocStringByteLen
LoadRegTypeLi
VariantInit
SysStringByteLen
LoadTypeLi
SysStringLen
SysAllocString
OleCreatePropertyFrame
VariantClear
RegisterTypeLi
VariantChangeType
DispCallFunc

user32

OffsetRect
LoadCursorA
ReleaseDC
DefWindowProcA
IntersectRect
DestroyWindow
UnionRect
EqualRect
UnregisterClassA
PtInRect
GetKeyState
SetFocus
InvalidateRect
GetParent
SetCursor
GetDC
GetForegroundWindow
GetFocus
SetWindowRgn
MessageBoxA
SetWindowPos
GetClientRect
GetWindowLongA
SetWindowLongA
wsprintfA
IsChild
ShowWindow
CallWindowProcA
IsWindow
CharNextA

gdi32

SaveDC
SetMapMode
TextOutA
LPtoDP
SetViewportOrgEx
DeleteMetaFile
CreateDCA
CreateRectRgnIndirect
SetWindowOrgEx
GetDeviceCaps
DeleteDC
CreateMetaFileA
CloseMetaFile
SetWindowExtEx
RestoreDC
SetTextAlign

mapistub

DllCanUnloadNow
cmc_read
cmc_act_on
MAPIOpenLocalFormContainer

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uCulR
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sujWw
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QlzB
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GNqh
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MdXCr
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gexuTBp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdWqF
Size: 1024B - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxkdG
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EISWg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boRpMn
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eiHXDyB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b32ca8b20b86a408a67d65af1859f24

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

kernel32

oleaut32

user32

gdi32

mapistub

Sections

.text Size: 18KB - Virtual size: 18KB

.uCulR Size: 2KB - Virtual size: 1KB

.sujWw Size: 3KB - Virtual size: 2KB

.QlzB Size: 1KB - Virtual size: 1KB

.GNqh Size: 2KB - Virtual size: 2KB

.MdXCr Size: 2KB - Virtual size: 2KB

.rdata Size: 212KB - Virtual size: 211KB

.gexuTBp Size: 2KB - Virtual size: 2KB

.mdWqF Size: 1024B - Virtual size: 938B

.data Size: 9KB - Virtual size: 132KB

.kxkdG Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.EISWg Size: 1KB - Virtual size: 1KB

.boRpMn Size: 1024B - Virtual size: 709B

.eiHXDyB Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.uCulR
Size: 2KB - Virtual size: 1KB

.sujWw
Size: 3KB - Virtual size: 2KB

.QlzB
Size: 1KB - Virtual size: 1KB

.GNqh
Size: 2KB - Virtual size: 2KB

.MdXCr
Size: 2KB - Virtual size: 2KB

.rdata
Size: 212KB - Virtual size: 211KB

.gexuTBp
Size: 2KB - Virtual size: 2KB

.mdWqF
Size: 1024B - Virtual size: 938B

.data
Size: 9KB - Virtual size: 132KB

.kxkdG
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.EISWg
Size: 1KB - Virtual size: 1KB

.boRpMn
Size: 1024B - Virtual size: 709B

.eiHXDyB
Size: 2KB - Virtual size: 2KB