805b414f86e4b9d97e168608b29189d80ec064b2fd94eed96e20f229b85ead2d

Sharing

Copy URL Twitter E-mail

General

Target

805b414f86e4b9d97e168608b29189d80ec064b2fd94eed96e20f229b85ead2d
Size

120KB
MD5

dba972b31096accdae12e8fc9bda81e6
SHA1

daf2efe380d408ef404b95c83dc2a6bcce5a2cbb
SHA256

805b414f86e4b9d97e168608b29189d80ec064b2fd94eed96e20f229b85ead2d
SHA512

a56cdc0e31b2fcf0bb500b4da0232f29c369223ed7c5d70ffa5f9d9762baed76408914b936eb364ea3bdc0e6b1f276826527e918cba4f07328b4b69b7127a9ad
SSDEEP

3072:qor1FlnZVnaLLkf/3UsoDYxY1VBBie3mN4F:qonZVaLLy/UdDzHiD4F

Score

N/A

Malware Config

Signatures

Files

805b414f86e4b9d97e168608b29189d80ec064b2fd94eed96e20f229b85ead2d
.exe windows x86

0cc9737bb4de4795f73d16cde5889d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TransactNamedPipe
RegisterWaitForSingleObjectEx
GetConsoleKeyboardLayoutNameW
LoadLibraryA
EnumCalendarInfoA
DeactivateActCtx
GetNamedPipeHandleStateW
FindResourceA
GetCurrentActCtx
ScrollConsoleScreenBufferW
Thread32First
GetPrivateProfileSectionNamesA
CreateFileW
GetFileInformationByHandle
QueryMemoryResourceNotification
HeapCreate
ResumeThread
VirtualAlloc
EnterCriticalSection
GetEnvironmentVariableW
PulseEvent
CreateProcessInternalW
SetCommBreak
PeekConsoleInputA
MoveFileExA
DeleteCriticalSection
LCMapStringW
UnmapViewOfFile
GetSystemTimeAsFileTime
InitAtomTable
GetSystemDefaultUILanguage
LeaveCriticalSection
EnumTimeFormatsA
GetConsoleAliasesLengthW
GlobalWire
TerminateThread
CreateMutexW
GetVolumePathNamesForVolumeNameA

msdart

?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
??1CLockedSingleList@@QAE@XZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
??4CDoubleList@@QAEAAV0@ABV0@@Z
?CheckTable@CLKRHashTable@@QBEHXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ

msvcrt

_ismbbpunct
_errno
_heapmin
__p__wcmdln
?what@exception@@UBEPBDXZ
_wmakepath
_wexeclpe
setvbuf
fclose
?unexpected@@YAXXZ
_putenv
isalnum
iswcntrl
_wutime
_mbctype
_ismbcdigit
_snwscanf
getchar
_adj_fdiv_m16i
_ismbbalnum
swscanf
tan
_fpclass
_setjmp
??4exception@@QAEAAV0@ABV0@@Z
_wputenv
_mbsdup
_findfirsti64
_pwctype
__p__pwctype
_adj_fprem
ftell
_strnicoll
_stat
_utime64
_getdcwd
_wcsicoll
_sys_nerr

msvcrt40

??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??1fstream@@UAE@XZ
??0exception@@QAE@XZ
??4bad_typeid@@QAEAAV0@ABV0@@Z
_getdrive
_wenviron
_wexecvp
?name@type_info@@QBEPBDXZ
??_Gostream_withassign@@UAEPAXI@Z
_rmdir
_mbsset
_strupr
??_7exception@@6B@
?is_open@ofstream@@QBEHXZ
?overflow@strstreambuf@@UAEHH@Z
_global_unwind2
_mbsrchr
?attach@fstream@@QAEXH@Z
strncmp
_findnexti64
??_Estrstreambuf@@UAEPAXI@Z
atexit
_dstbias
??6ostream@@QAEAAV0@PBC@Z
__iscsym
clock
_getch
??0strstreambuf@@QAE@H@Z
_getdrives
_heapadd
??_7strstream@@6B@
?sbumpc@streambuf@@QAEHXZ
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_ismbstrail
strtod
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0logic_error@@QAE@ABV0@@Z
_mbschr

wintrust

CryptCATAdminReleaseContext
TrustFreeDecode
HTTPSCertificateTrust
OfficeCleanupPolicy
CryptCATCDFEnumMembersByCDFTagEx
CryptCATEnumerateMember
WTHelperGetProvPrivateDataFromChain
WVTAsn1SpcLinkEncode
CryptCATStoreFromHandle
WTHelperIsInRootStore
WintrustAddActionID
OfficeInitializePolicy
WTHelperGetProvCertFromChain
CryptSIPGetRegWorkingFlags
WVTAsn1CatNameValueDecode
WVTAsn1SpcPeImageDataEncode
WintrustLoadFunctionPointers
WVTAsn1SpcLinkDecode
WinVerifyTrust
WTHelperOpenKnownStores
WVTAsn1CatNameValueEncode
WTHelperCheckCertUsage
CryptCATCDFEnumAttributes
TrustOpenStores
DriverFinalPolicy
CryptCATPutMemberInfo
CryptCATVerifyMember
WTHelperGetFileName
WTHelperGetAgencyInfo
WintrustSetRegPolicyFlags
WVTAsn1SpcStatementTypeEncode
WintrustCertificateTrust
WTHelperCertIsSelfSigned

user32

RegisterClassA
DefWindowProcA
PostQuitMessage

oleacc

CreateStdAccessibleProxyW
CreateStdAccessibleObject
AccessibleChildren
LresultFromObject
LIBID_Accessibility
IID_IAccessibleHandler
DllRegisterServer
AccessibleObjectFromEvent
CreateStdAccessibleProxyA
GetRoleTextW
GetOleaccVersionInfo
GetStateTextA
DllGetClassObject
IID_IAccessible
WindowFromAccessibleObject
GetStateTextW
GetRoleTextA
DllUnregisterServer
ObjectFromLresult
AccessibleObjectFromWindow
AccessibleObjectFromPoint

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cc9737bb4de4795f73d16cde5889d47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

msvcrt

msvcrt40

wintrust

user32

oleacc

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 35KB - Virtual size: 200KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 35KB - Virtual size: 200KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 944B