32818737daa6dd743ce5d6a720f91b25791f3cf90ed3fb5d37d041908b6b1ee3

Sharing

Copy URL Twitter E-mail

General

Target

32818737daa6dd743ce5d6a720f91b25791f3cf90ed3fb5d37d041908b6b1ee3
Size

718KB
MD5

f7cfef8a2ff380f6fb6622e98207ce4b
SHA1

2c7c2cd6cf470ddae0421da9f00c9fa8008adbaf
SHA256

32818737daa6dd743ce5d6a720f91b25791f3cf90ed3fb5d37d041908b6b1ee3
SHA512

3f790d22d775bb7e627d1a092714cfed3c8d9e409c6b9f68330bdb4e30c0f025f56b7b0cbbd76f0e71a9864cf1c6cea9c9bc0cc1b79009af9b061a70c11fc446
SSDEEP

12288:rD27lVjiyvA0tqmyz8vEjeYjrbdiBeIUuQsEJ5bp:X27f+ZQM8vEjVLUfhQsibp

Score

N/A

Malware Config

Signatures

Files

32818737daa6dd743ce5d6a720f91b25791f3cf90ed3fb5d37d041908b6b1ee3
.exe windows x86

ec72a9040956aa254c30a3fdd25fc483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

oleaut32

SysAllocStringLen
SysReAllocStringLen
VariantCopy
SysStringLen
VariantInit
SysAllocStringByteLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayCreate
GetActiveObject
SysFreeString
VariantChangeType
VariantClear
VariantChangeTypeEx
SafeArrayGetLBound
GetErrorInfo
VariantCopyInd

shlwapi

SHQueryValueExA
PathFindSuffixArrayW
PathIsUNCW
PathIsUNCServerShareW
PathIsNetworkPathW
StrCatBuffW
StrStrIA
PathCanonicalizeW
ColorHLSToRGB
StrTrimA
UrlUnescapeW
SHRegEnumUSValueW
StrStrIW
PathIsUNCA
StrCatW
StrDupW
PathGetArgsA
StrStrW
PathCompactPathExW
PathIsDirectoryA
PathCompactPathW
PathGetCharTypeW

netapi32

NetServiceInstall
NetGroupAddUser
NetFileEnum
NetFileGetInfo
NetUserModalsGet
NetShareEnum
NetScheduleJobDel
Netbios
NetRenameMachineInDomain
NetApiBufferFree
NetUserAdd
NetapipBufferAllocate
NetWkstaTransportEnum
NetpIsRemote
NetServerGetInfo
NetGroupDel
NetUseGetInfo

user32

DdeInitializeA
PeekMessageA
IsRectEmpty
CharToOemBuffA
GetSysColor
RegisterClipboardFormatA
NotifyWinEvent
SendMessageA
DlgDirListW
OpenDesktopW
RegisterDeviceNotificationA
BeginPaint
LoadImageW
AppendMenuW
EnableScrollBar
GetGUIThreadInfo
GetScrollBarInfo
DefWindowProcA
SetTimer
EmptyClipboard
GetCaretPos

advapi32

StartServiceA
SetTokenInformation
InitializeSecurityDescriptor
AddAccessDeniedAce
RegQueryValueExA
GetEventLogInformation
OpenSCManagerW
OpenSCManagerA
LsaFreeMemory
IsValidSecurityDescriptor
WmiCloseBlock
RevertToSelf
GetSecurityDescriptorLength
CryptVerifySignatureA
IsValidSid
LookupAccountNameW
CryptSignHashW
RegisterTraceGuidsA
RegSetValueA
RegCloseKey
SetSecurityDescriptorOwner

kernel32

GetUserDefaultLCID
GetEnvironmentVariableW
OutputDebugStringW
GetCommState
GetVersionExW
MoveFileWithProgressW
GetModuleFileNameA
InterlockedExchange
OpenWaitableTimerW
FindFirstVolumeMountPointW
GetSystemDefaultLCID
GetTempFileNameW
MoveFileW
GetConsoleCP
GetStdHandle
IsSystemResumeAutomatic
GetAtomNameA
DebugActiveProcess
UnmapViewOfFile
SetProcessWorkingSetSize
FreeEnvironmentStringsW
SetCommState
SetErrorMode
CreateProcessInternalW
FillConsoleOutputCharacterW
FileTimeToLocalFileTime
VirtualAlloc
GetPriorityClass
GetSystemDefaultUILanguage
DuplicateHandle
GetModuleHandleW
WriteProfileStringA
GlobalLock
GetDriveTypeW
GetProfileIntW
GetDefaultCommConfigA
GetVolumeNameForVolumeMountPointW
FreeResource
WriteConsoleOutputA
Process32Next
GetThreadContext
ReadConsoleOutputW
GetSystemPowerStatus
GetSystemDirectoryW
CompareStringW
FindNextFileW
HeapValidate
LoadResource
LeaveCriticalSection
WriteProfileStringW
_llseek
WaitForMultipleObjects

msvcrt

wcslen
_rmdir
__lconv_init
wcsrchr
localeconv
printf
fgetwc
strncmp
_Gettnames
iswdigit
_itoa
isspace
towupper
__p__fmode
floor
_wtoi64
difftime
_EH_prolog
wcstombs
memcmp
strcspn
??1exception@@UAE@XZ
_mbsnbicmp
_mbscpy
_CxxThrowException
_commode
_callnewh
__isascii
isupper
toupper
??_U@YAPAXI@Z
wcsspn
_isnan
_cexit
??0exception@@QAE@ABV0@@Z
_wcsicoll
_getche
_pclose
_snwprintf
_wcsicmp
__crtLCMapStringA
swscanf
isprint
sscanf

Sections

.text
Size: 19KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 552KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec72a9040956aa254c30a3fdd25fc483

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

shlwapi

netapi32

user32

advapi32

kernel32

msvcrt

Sections

.text Size: 19KB - Virtual size: 448KB

.bss Size: 552KB - Virtual size: 982KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 146B

.text
Size: 19KB - Virtual size: 448KB

.bss
Size: 552KB - Virtual size: 982KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 146B