7a34c1d1c37ff2ca7518cbd7e2af973c557c60848015c4051c640072805d7745

Sharing

Copy URL

Twitter E-mail

General

Target

7a34c1d1c37ff2ca7518cbd7e2af973c557c60848015c4051c640072805d7745
Size

128KB
MD5

a286360434339883e0144a0ed985357f
SHA1

9efb44e0978b223c9908b4832b04a3c089d11e0d
SHA256

7a34c1d1c37ff2ca7518cbd7e2af973c557c60848015c4051c640072805d7745
SHA512

9b06c5586cc1babfc03cfd71a31b2d7f31a4d61e0b7e14259d3c97eb9798ef1ebdc92e58391fb17561ad98eb9cab9e913dc2bd1e4f80d1ccd376e3ceecc2b865
SSDEEP

3072:fLu0zVC7qE3qUhTVTFH6QEu1hFDDngs+Fw/wSa:ju2453rTVTFuu1hFngdFv

Score

N/A

Malware Config

Signatures

Files

7a34c1d1c37ff2ca7518cbd7e2af973c557c60848015c4051c640072805d7745
.dll windows x86

4c8a6896a998e0860871d9ef46d28290

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaRemoveAccountRights
CryptEnumProviderTypesA
LookupPrivilegeDisplayNameA
LsaGetRemoteUserName
RegOpenKeyExA
RegDeleteValueA
CryptVerifySignatureA
AddAccessDeniedObjectAce
AddAuditAccessAce
StartServiceW
ElfReportEventW
I_ScSetServiceBitsW
ElfReadEventLogA
SetEntriesInAccessListA
RegOpenKeyA
RegQueryValueExA
BuildImpersonateExplicitAccessWithNameW
LsaGetUserName
SystemFunction020
ElfRegisterEventSourceA
DeleteAce
GetSidIdentifierAuthority
GetSidLengthRequired
LsaSetDomainInformationPolicy
LsaDelete
UnlockServiceDatabase
SetEntriesInAclA
BuildTrusteeWithSidW
RegEnumKeyExW
ImpersonateNamedPipeClient
RevertToSelf
LsaQuerySecurityObject
LsaLookupSids
SetNamedSecurityInfoExW
SystemFunction027
ElfReportEventA
ChangeServiceConfigA
GetOverlappedAccessResults
GetSecurityDescriptorGroup
ChangeServiceConfig2W
GetSecurityInfoExW
GetNamedSecurityInfoW
CryptDecrypt
DuplicateToken
RegCreateKeyA
ElfClearEventLogFileW
CryptHashData
SystemFunction010
AddAccessDeniedAce
BuildSecurityDescriptorA
CheckTokenMembership
CryptGetHashParam
BuildTrusteeWithNameW
ElfBackupEventLogFileA
BuildImpersonateTrusteeA
LsaQueryTrustedDomainInfo

comctl32

ord4
CreateStatusWindowW
ImageList_LoadImageW
ImageList_Merge
ImageList_Duplicate
ord5
ImageList_BeginDrag
DrawStatusTextW
ImageList_GetImageCount
ord16
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetImageInfo
ImageList_DragEnter
UninitializeFlatSB
ImageList_SetOverlayImage
ImageList_SetIconSize
InitCommonControlsEx
FlatSB_SetScrollRange
ImageList_SetDragCursorImage
ord3
ImageList_ReplaceIcon
ImageList_GetBkColor
FlatSB_SetScrollInfo
ImageList_DrawEx
InitializeFlatSB
ImageList_Add
PropertySheetW
ord17
ImageList_DragMove
ImageList_GetImageRect
ord14
ord6
ImageList_AddMasked
FlatSB_SetScrollProp
ImageList_Replace
ImageList_Copy
ImageList_Remove
ImageList_DragLeave
ImageList_DragShowNolock
ord2
ImageList_SetBkColor
ImageList_EndDrag
CreatePropertySheetPageW
ImageList_GetIcon
FlatSB_GetScrollProp
FlatSB_GetScrollRange
ImageList_SetFilter
ImageList_DrawIndirect
ImageList_GetDragImage
ord8
FlatSB_GetScrollPos
ord13
CreateToolbarEx
ord7
ImageList_GetIconSize
FlatSB_SetScrollPos
ImageList_Draw
FlatSB_EnableScrollBar
ord15
CreatePropertySheetPageA
ImageList_Write

gdi32

GetGlyphOutlineA
EnumFontFamiliesExW
GetTextCharsetInfo
EudcUnloadLinkW
ExtTextOutW
GdiArtificialDecrementDriver
GdiGetSpoolFileHandle
GetTextExtentExPointA
GetLayout
TextOutW
DrawEscape
GetViewportOrgEx
SetBitmapDimensionEx
SetTextJustification
GetDCOrgEx
CloseEnhMetaFile
Polyline
ExtFloodFill
GdiPlayDCScript
ColorMatchToTarget
DeleteObject
StretchDIBits
FillPath
SetPolyFillMode
SetDIBits
SetWindowOrgEx
SetMiterLimit
EudcLoadLinkW
Polygon
CreateEnhMetaFileA
EnumFontsA
SetMapMode
DeleteMetaFile
CreatePen
GetCharWidthW
GetObjectType
AddFontResourceW

kernel32

VirtualAlloc
GetProcAddress
GetLocaleInfoA
SwitchToFiber
SetMailslotInfo
DeleteCriticalSection
CommConfigDialogW
HeapSize
GetBinaryTypeW
CommConfigDialogA
FillConsoleOutputCharacterW
WriteConsoleInputA
OpenSemaphoreA
ClearCommError
GetPrivateProfileSectionNamesW
PeekConsoleInputA
LoadLibraryA
SetConsoleMaximumWindowSize
GetMailslotInfo
GetAtomNameA
FoldStringW
SetProcessAffinityMask
lstrcmpW
InterlockedCompareExchange
ReadConsoleOutputW
CreateThread
ExitThread
GetFileAttributesW
GetEnvironmentStringsA
LCMapStringA
_lwrite
SetConsoleCtrlHandler
lstrcatA
ExpungeConsoleCommandHistoryA
VirtualLock
GetShortPathNameW
EnumResourceNamesW
GetModuleFileNameA
GetConsoleInputExeNameW
CancelTimerQueueTimer
GetEnvironmentVariableA
CreateFileMappingW
GetTapePosition
AddAtomA
HeapDestroy
IsBadStringPtrA
GetConsoleAliasesA
SetConsoleCursor
GetModuleFileNameW
GetPrivateProfileStringW
QueueUserAPC
RemoveDirectoryW
OpenFileMappingW
GetProcessHeaps
TransactNamedPipe
MulDiv
GetVersion
GetPriorityClass
GetModuleHandleA
SetSystemTime
GetVolumeInformationA
GetConsoleCursorInfo
GetThreadPriority
DeleteFileW
GetProcessShutdownParameters
SetFileTime
GetTapeStatus
GlobalUnlock
GlobalHandle
GetConsoleCommandHistoryLengthA
FatalAppExitW
ReadFile
GetConsoleCommandHistoryW
GetProcessWorkingSetSize
IsValidLocale
LocalUnlock
FreeConsole
SetConsoleTextAttribute
SetConsoleActiveScreenBuffer
CreateWaitableTimerW
GetNumberFormatW
GetSystemTime
GetHandleInformation
WriteConsoleOutputCharacterW
GetNumberOfConsoleInputEvents
IsBadReadPtr
GetConsoleCommandHistoryA
OpenProfileUserMapping

shell32

SHGetFileInfoW
SHLoadInProc
DoEnvironmentSubstW
SHUpdateRecycleBinIcon
RealShellExecuteW
SHBrowseForFolderA
SHFreeNameMappings
CheckEscapesW
SHGetPathFromIDListW
StrChrA
ShellAboutA
CommandLineToArgvW
ExtractIconA
RegenerateUserEnvironment
SHInvokePrinterCommandA
StrNCmpIA
ExtractAssociatedIconW
SheChangeDirExW
StrRChrIW
ShellExecuteA
ExtractIconExA
StrChrIW
ShellHookProc
SHGetSpecialFolderLocation
StrCmpNIA
StrRStrW
ord179
StrRStrA
StrRChrIA
SHGetSpecialFolderPathW
StrChrIA
StrStrIW
Shell_NotifyIconW
SHQueryRecycleBinW
SHGetFileInfoA
DragQueryFileW
WOWShellExecute
DragQueryFileAorW
StrNCmpW

shlwapi

PathMatchSpecW
PathAddExtensionW
SHGetInverseCMAP
UrlCanonicalizeA
StrToIntW
PathFindExtensionW
StrNCatW
StrToIntA
PathIsRootA
PathQuoteSpacesW
SHQueryValueExW
PathIsURLW
StrDupW
StrToIntExA
UrlGetPartW
PathCanonicalizeW
PathCanonicalizeA
PathRelativePathToA
StrSpnW
PathIsFileSpecA
StrCmpW
StrCSpnIA

user32

GetForegroundWindow
SendIMEMessageExW
wsprintfW
DeleteMenu
GetMessagePos
GetWindowThreadProcessId
OpenInputDesktop
TabbedTextOutW
RegisterClassExW
GetClassInfoA
IsWindow
EnumDesktopsA
GetScrollRange
SetClassWord
SetRectEmpty
LoadAcceleratorsW
MapVirtualKeyExW
SetCursorPos
CreateWindowStationA
LoadKeyboardLayoutA
RemoveMenu
FlashWindowEx
DdeInitializeW
GetKeyNameTextW
TranslateMessage
SetKeyboardState
TabbedTextOutA
CreateDesktopA
CreatePopupMenu
InsertMenuItemW
SendNotifyMessageW
ValidateRect
UnregisterClassA
ModifyMenuW
PostQuitMessage
DrawCaption
SetActiveWindow
GetKeyNameTextA
CreateDialogIndirectParamA
EnumDisplaySettingsA
DestroyAcceleratorTable
EndDialog
CheckRadioButton
GetUpdateRect
LoadCursorFromFileW
GetProcessWindowStation
DefMDIChildProcA
GetTopWindow
DrawFocusRect
DispatchMessageW
BeginDeferWindowPos
GetMenuItemInfoW
GetClientRect
EnumWindowStationsW
MessageBoxIndirectA
DlgDirSelectComboBoxExW
SetMenu
GetCaretPos
DlgDirListA
EnumPropsA
CopyAcceleratorTableA
GetWindowTextA
GetMenuCheckMarkDimensions
GetMessageA
SetShellWindow
CreateIconFromResourceEx
DdeConnect
GetMenuItemID
EndMenu
CreateIconFromResource
OpenClipboard
RegisterClassA
GetWindowTextLengthA
CountClipboardFormats
HideCaret
OemKeyScan
UpdateWindow
ToAsciiEx
LoadMenuW
SubtractRect
EnableWindow
EnumPropsExW
FrameRect
ClientToScreen
SwitchDesktop
GetWindow
DdeFreeStringHandle
ChangeDisplaySettingsExA
ToAscii
DdeKeepStringHandle
GetClassInfoExA
CharUpperBuffW
SetCursor
SetDoubleClickTime
IsZoomed
CharNextA
SendMessageA
GetOpenClipboardWindow
InvertRect
CallWindowProcW
WaitMessage
GetDialogBaseUnits
CharPrevA
EnableScrollBar
CharUpperA

winmm

midiInGetDevCapsW
waveOutReset
mixerOpen
waveOutSetPlaybackRate
mixerGetNumDevs
joyConfigChanged
auxGetNumDevs
midiInPrepareHeader
mmTaskSignal
waveOutSetPitch
midiInGetErrorTextW
midiOutReset
midiInGetNumDevs
joyGetPos
midiOutGetVolume
mmsystemGetVersion
midiStreamStop
midiInStart
midiStreamOpen
joyGetNumDevs
joyGetDevCapsW
aux32Message
joyGetPosEx
mciSendStringA
mmioWrite
auxGetDevCapsW
mciGetYieldProc
mixerGetID
midiInAddBuffer
midiStreamProperty
mmioInstallIOProcA
midiOutOpen
waveOutGetNumDevs
waveInAddBuffer
mmDrvInstall
WOWAppExit
timeBeginPeriod
waveOutGetErrorTextA
mciSendCommandA
waveOutGetVolume
wid32Message
mixerGetLineInfoA
mci32Message
waveOutGetPlaybackRate
mixerSetControlDetails
midiOutClose
mciGetErrorStringW
waveInGetErrorTextA
mmioInstallIOProcW
midiOutGetErrorTextA
midiInReset
wod32Message
waveInGetPosition
NotifyCallbackData
waveInReset
mmioDescend
mmioStringToFOURCCA
PlaySoundW
midiInGetDevCapsA
midiInStop
mciSetDriverData
mmioRenameW
waveOutOpen
mixerClose
mixerGetDevCapsA
waveOutPause

winspool.drv

AddPrintProvidorW
WritePrinter
ConvertAnsiDevModeToUnicodeDevmode
AddMonitorW
DeletePrinterDriverExA
AddPrintProvidorA
EnumPrinterDataA
DeleteMonitorA
SetFormW
DeletePrintProvidorA
GetPrinterDriverDirectoryW
EXTDEVICEMODE
ord101
EnumFormsW
DeleteFormA
DeletePrinterDataA
ClosePrinter
ord212
AddFormW
AddPrinterDriverExA
DeleteMonitorW
DevicePropertySheets
PlayGdiScriptOnPrinterIC
ord102
ConvertUnicodeDevModeToAnsiDevmode
AddPrinterW
DeletePrinterKeyA
OpenPrinterW
EndPagePrinter
AddMonitorA
ord256
EnumPrintersW
AdvancedDocumentPropertiesA
SetPrinterDataExA
SpoolerPrinterEvent
DeviceMode
FindFirstPrinterChangeNotification
ord100
EnumPrinterDataExA
EnumPrinterDataW
DeletePrintProcessorA
AddPortW
SeekPrinter
FreePrinterNotifyInfo
ord215
GetPrinterDataExA
GetPrinterDataW
StartDocPrinterA
PrinterMessageBoxA
AddPrintProcessorA
EnumPortsW
EnumMonitorsA
DeletePortA
GetPrinterDriverDirectoryA
ord203
PrinterProperties
GetSpoolFileHandle
DeletePrinterConnectionA
AddJobA
ord213
DeletePrinterIC
ConnectToPrinterDlg
CreatePrinterIC
EnumPortsA
ConfigurePortW
GetFormA
SetPrinterDataExW
SpoolerDevQueryPrintW
DeletePrinterDriverA
ADVANCEDSETUPDIALOG
WaitForPrinterChange
FindNextPrinterChangeNotification
DocumentPropertiesW

msvcrt

_mbscmp
_mbsnbcat
_mbsrev
_mbsncmp
_mbsicoll
_mbsnbcnt
_mbsnbicmp
_mbsupr
_beep
memcmp
fputs
_spawnvp
_fgetwchar
_toupper
feof
_wfopen
fwrite
_mbsspnp
_adj_fprem
_strnicoll
wcsftime
sprintf
_mbctombb
_wutime
_cprintf
_spawnlpe
__lc_codepage
_mbclen
fwprintf
fprintf
towlower
_utime
fgetc
ftell
memset
_CIexp
_tolower
_i64toa
wscanf
_wcmdln
fputc
strtoul
ferror
_ismbbkprint
_execlpe
__p__pctype
__p__timezone
strchr
_setmbcp
printf
_ismbbtrail
_searchenv
fclose
getc
_ftol
_getdcwd
_c_exit
fopen
remove
_ultoa
_spawnvpe
vfwprintf
_mbscoll
__p___initenv
fsetpos
_unlock
_pipe
fseek
_wspawnlp
_unlink
_isctype
_tell
wcschr
fread

Exports

Exports

asvogwgr

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c8a6896a998e0860871d9ef46d28290

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

shell32

shlwapi

user32

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 56KB - Virtual size: 52KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 56KB - Virtual size: 52KB

.reloc
Size: 8KB - Virtual size: 6KB