9c85a7bbadc6aaca02262b5b40f89a300bbd492dda22776fb037bd4bea9f5db8

Sharing

Copy URL Twitter E-mail

General

Target

9c85a7bbadc6aaca02262b5b40f89a300bbd492dda22776fb037bd4bea9f5db8
Size

836KB
MD5

b9093c6d17b955319dadc95e7c8cf095
SHA1

5f833890e44cf1d4e45f0a6f33a10b60f803a13e
SHA256

9c85a7bbadc6aaca02262b5b40f89a300bbd492dda22776fb037bd4bea9f5db8
SHA512

9bb7c6e8a433938ff8d7837d0a7430c78026923bcc12c28b0293543972b8658f00ee5832a1ecffbcbd1fffa8d2df3ddd06f089e91c69416cfdbe9a032434f37f
SSDEEP

24576:As+NBX+wzweY0ulHpXFLrQBiEjQQjRTP4Z:0NBX+wzlOXhQR9h4Z

Score

N/A

Malware Config

Signatures

Files

9c85a7bbadc6aaca02262b5b40f89a300bbd492dda22776fb037bd4bea9f5db8
.exe windows x86

1d8e83fb9f18dd7910edb65fce66e009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d8thk

OsThunkDdLock
OsThunkDdUnlock
OsThunkDdGetBltStatus
OsThunkDdResetVisrgn
OsThunkDdGetMoCompBuffInfo
OsThunkD3dContextDestroy
OsThunkDdReleaseDC
OsThunkDdGetMoCompGuids
OsThunkDdSetGammaRamp
OsThunkDdDestroySurface
OsThunkDdLockD3D
OsThunkDdCreateSurfaceEx
OsThunkDdAttachSurface
OsThunkDdGetDriverInfo
OsThunkDdGetAvailDriverMemory
OsThunkDdGetFlipStatus
OsThunkDdCreateSurfaceObject
OsThunkDdAlphaBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdBlt
OsThunkDdGetScanLine
OsThunkDdBeginMoCompFrame

advapi32

SetSecurityDescriptorOwner
GetTrusteeNameA
GetNamedSecurityInfoExA
GetInformationCodeAuthzLevelW
TrusteeAccessToObjectA
SystemFunction026
SetEntriesInAclW
LookupAccountSidW
WmiMofEnumerateResourcesW
ElfRegisterEventSourceW
QueryUsersOnEncryptedFile
LsaSetQuotasForAccount
CommandLineFromMsiDescriptor
CryptGetDefaultProviderA
CryptSetProvParam
RegDisablePredefinedCache
ElfOldestRecord
LsaClose
GetAce
EnumerateTraceGuids
ReadEventLogW
RegEnumKeyA
OpenSCManagerW
SetSecurityInfoExA
StartServiceW
CreateTraceInstanceId
QueryServiceStatusEx
CredGetTargetInfoA
GetInheritanceSourceA
CredRenameW
CryptSetHashParam
GetInformationCodeAuthzPolicyW
CryptVerifySignatureW
SetSecurityInfo

kernel32

SetupComm
LoadModule
LoadLibraryW
CreateTimerQueueTimer
GetProcessHeaps
CreatePipe
HeapWalk
ScrollConsoleScreenBufferA
WriteConsoleA
GetSystemInfo
SetTermsrvAppInstallMode
GetTickCount
UTUnRegister
HeapReAlloc
DeleteTimerQueue
MoveFileWithProgressW
ExpandEnvironmentStringsW
GlobalUnlock
GlobalMemoryStatus
DebugBreak
SetThreadAffinityMask
DeactivateActCtx
OutputDebugStringA
WriteProcessMemory
FileTimeToDosDateTime
GetStartupInfoA
RemoveDirectoryA
SetThreadIdealProcessor
GetTimeFormatW
TzSpecificLocalTimeToSystemTime
GetSystemWindowsDirectoryA
GetLongPathNameA
OpenMutexW
SetHandleContext
EnumSystemLanguageGroupsA
GetUserDefaultLCID
WriteProfileSectionW
CreateJobObjectW
DeleteAtom
SetConsoleCtrlHandler
WriteConsoleInputW
Heap32ListNext
FormatMessageA
WriteConsoleW
SetLastError
CreateNamedPipeW
IsValidLocale
EnumLanguageGroupLocalesW

msdart

?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?sm_wDefaultSpinCount@CCritSec@@1GA
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
FXMemDetach
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?Size@CLKRHashTable@@QBEKXZ

sqlunirl

_CreateDirectoryEx_@12
_PostThreadMessage_@16
_TranslateAccelerator@12
_WriteProfileString_@12
_GetEnvironmentStrings_@4
_SearchPath_@24
_NDdeSetTrustedShare_@12
_GetProp@8
_CommConfigDialog_@12
_GetDiskFreeSpaceEx_@16
_LoadMenuIndirect_@4
_EnumResourceLanguages_@20
_LoadMenu@8
_DefFrameProc_@20
_SendNotifyMessage_@16
_OpenFileMapping_@12
_RegQueryValueEx_@24
_ReadConsoleInput_@16
_LoadImage_@24
_OpenWaitableTimer_@12
_FindExecutable_@12
_CreateColorSpace_@4
_FindWindow_@8
_RegSetValue_@20

cryptdlg

CertConfigureTrustW
EncodeAttrSequence
DecodeAttrSequence
DllUnregisterServer
FormatPKIXEmailProtection
CertViewPropertiesW
CertSelectCertificateW
CertTrustInit
DecodeRecipientID
CertModifyCertificatesToTrust
EncodeRecipientID
CertTrustFinalPolicy
FormatVerisignExtension
CertTrustCleanup
CertViewPropertiesA
GetFriendlyNameOfCertA
CertSelectCertificateA
DllRegisterServer
GetFriendlyNameOfCertW
CertTrustCertPolicy
CertConfigureTrustA

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d8e83fb9f18dd7910edb65fce66e009

Headers

DLL Characteristics

File Characteristics

Imports

d3d8thk

advapi32

kernel32

msdart

sqlunirl

cryptdlg

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 1020B