63387489c52ded3a2c092968f92bf7544d5632db5a98a1e7072e590d42941711

Sharing

Copy URL Twitter E-mail

General

Target

63387489c52ded3a2c092968f92bf7544d5632db5a98a1e7072e590d42941711
Size

136KB
MD5

b14b99fcee31d031a2cceb5af8f41880
SHA1

9a57bdf3cd06a0352f97e021e81fff29002d16a5
SHA256

63387489c52ded3a2c092968f92bf7544d5632db5a98a1e7072e590d42941711
SHA512

e8ad2f70f60e59400a34f76f3464185bd0ab068819f3db614314da0164fd42bd15d2e789006f54d283bb237df1b1d2323f3f6599dbfd29ae00498eef2ca58eff
SSDEEP

3072:p3u/HuPGAuD/FSU6VgBxn+3jAO/6HQnlqgmY14XUi:szDBV+3jh/tEgd14XUi

Score

N/A

Malware Config

Signatures

Files

63387489c52ded3a2c092968f92bf7544d5632db5a98a1e7072e590d42941711
.dll windows x86

834a5295cd9b007857a1544d71300a81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildTrusteeWithObjectsAndSidW
ControlService
CryptImportKey
QueryServiceObjectSecurity
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
StartTraceW

gdi32

FixBrushOrgEx
GetBkMode
GetCharABCWidthsA
GetObjectW
CreateFontIndirectW

kernel32

CloseHandle
CreateEventA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
FindResourceW
FreeLibrary
FreeResource
GetACP
GetCurrentDirectoryW
GetCurrentThreadId
GetFileAttributesW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProfileStringW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadPriority
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileW
MultiByteToWideChar
OpenFileMappingW
ReleaseMutex
ResetEvent
SearchPathW
SetErrorMode
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
Sleep
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
_lclose
_llseek
_lread
_lwrite
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
VirtualAlloc
FindResourceA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LoadLibraryA
VirtualQuery
RtlUnwind
IsBadWritePtr
HeapReAlloc
GetCPInfo
GetOEMCP
FatalAppExitA
WriteFile
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetEnvironmentVariableA

ole32

StgConvertVariantToProperty
StringFromIID

oleaut32

VarI4FromI2
RegisterActiveObject

rpcrt4

I_RpcServerAllocateIpPort
NdrRpcSsDefaultFree
NdrServerContextNewUnmarshall
NdrProxyInitialize

user32

RegisterDeviceNotificationW
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
MessageBoxW
LoadStringW
RegisterWindowMessageW
KillTimer
IsWindow
GetPriorityClipboardFormat
GetMessageA
GetAsyncKeyState
DispatchMessageA
DestroyWindow
DefWindowProcW
BroadcastSystemMessageW
SendMessageA
SendMessageTimeoutW
SetMenuDefaultItem
UnregisterDeviceNotification
SetTimer
wsprintfA
wsprintfW
LoadStringA

Exports

Exports

WHHKFS

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

834a5295cd9b007857a1544d71300a81

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 28KB - Virtual size: 30KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 28KB - Virtual size: 30KB

.reloc
Size: 8KB - Virtual size: 5KB