81706b88313fe26d3d5661fe7ffdb7b3c33439a1b36bebe2145886720d6bb1e9

Sharing

Copy URL Twitter E-mail

General

Target

81706b88313fe26d3d5661fe7ffdb7b3c33439a1b36bebe2145886720d6bb1e9
Size

43KB
MD5

4758724948333d3b0b58bddc71d78a40
SHA1

919e092a20292b7481270d712e0cd510026d1e29
SHA256

81706b88313fe26d3d5661fe7ffdb7b3c33439a1b36bebe2145886720d6bb1e9
SHA512

c73c8c1e71dfe74fe0b8d55abbdcc0112350f17d666c4549cbc3909b1df887e76a59a55c0edf692a101a5cfbad39dfdea58b34283479383d32965a53ac937eb7
SSDEEP

768:cQtGTzZnGt9d/BgbmWjyeuvjCBcU5m2LHRPjdvOZ4a7D:chGdCTjyeuwcU3RJvi7

Score

N/A

Malware Config

Signatures

Files

81706b88313fe26d3d5661fe7ffdb7b3c33439a1b36bebe2145886720d6bb1e9
.exe windows x86

326467a73e53f5e0277c95c5796a92fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetFontAssocStatus
DeleteEnhMetaFile
CLIPOBJ_cEnumStart
GetRgnBox
SetVirtualResolution
GetPixel
SetSystemPaletteUse
GetEnhMetaFileA
FONTOBJ_vGetInfo
CreateDCW
SelectFontLocal
RemoveFontResourceExA
GetCurrentPositionEx
BRUSHOBJ_hGetColorTransform

winsta

ServerSetInternetConnectorStatus
ServerLicensingGetAvailablePolicyIds
_WinStationAnnoyancePopup
WinStationRemoveLicense
WinStationShadowStop
WinStationGetProcessSid
WinStationRegisterConsoleNotification
ServerLicensingGetPolicyInformationA
WinStationGetMachinePolicy
WinStationTerminateProcess
_WinStationBreakPoint
WinStationRenameW
WinStationOpenServerW
WinStationDisconnect
WinStationConnectA
WinStationCheckLoopBack
ServerLicensingClose
_WinStationShadowTarget
ServerLicensingLoadPolicy

kernel32

CreateProcessInternalW
InterlockedExchangeAdd
SetFilePointer
GetPrivateProfileSectionW
SetComputerNameExW
PrepareTape
SetConsoleCursor
GetPrivateProfileSectionA
CreateJobSet
GetCompressedFileSizeA
WritePrivateProfileStructA
Toolhelp32ReadProcessMemory
GetPrivateProfileStringA
DnsHostnameToComputerNameA
WriteProfileStringA
CopyFileExW
SetUserGeoID
FindCloseChangeNotification
GetDefaultCommConfigW
SetCalendarInfoW
ReadConsoleInputA
SetFileShortNameA
GetNumberOfConsoleFonts
GetTickCount
LoadLibraryW
DuplicateConsoleHandle
GetConsoleKeyboardLayoutNameW
GetConsoleCommandHistoryW
DefineDosDeviceW
GetVolumeInformationW
PostQueuedCompletionStatus
BackupRead
BaseUpdateAppcompatCache
GetLocaleInfoA
GetCurrentThread
LoadLibraryExW
BindIoCompletionCallback
LocalFree
GetConsoleCommandHistoryLengthA
MoveFileWithProgressA
GetConsoleMode
HeapFree
VerifyVersionInfoW
LoadLibraryExA
EscapeCommFunction
MoveFileExA
LocalUnlock
GetThreadSelectorEntry
GetEnvironmentStringsA

batmeter

PowerCapabilities

ole32

StgCreatePropSetStg
CoLockObjectExternal
CoReleaseMarshalData
CoPushServiceDomain
CoEnableCallCancellation
CoMarshalInterThreadInterfaceInStream
HBRUSH_UserFree
IIDFromString
CoSwitchCallContext
CoGetPSClsid
StgOpenStorage
MkParseDisplayName
ReadStringStream
StgCreateStorageEx
ComPs_NdrDllCanUnloadNow
OleDestroyMenuDescriptor
HBRUSH_UserMarshal
WdtpInterfacePointer_UserSize
CoInitialize
CoInvalidateRemoteMachineBindings
OleGetAutoConvert
CoRegisterMallocSpy
CoTreatAsClass

mapistub

ScInitMapiUtil@4
cmc_send_documents
HrGetOneProp@12
HrGetOmiProvidersFlags@8
WrapProgress@20
EnableIdleRoutine@8
ScLocalPathFromUNC@12
HrSetOmiProvidersFlagsInvalid
MAPIOpenLocalFormContainer@4
HrGetOmiProvidersFlags
UlAddRef@4
ScRelocProps@20
UNKOBJ_ScAllocate@12
__ValidateParameters@8
MNLS_WideCharToMultiByte@32
MAPIDeinitIdle@0
HrSetOneProp@8
MAPIFreeBuffer@4

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

326467a73e53f5e0277c95c5796a92fc

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

winsta

kernel32

batmeter

ole32

mapistub

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 8KB - Virtual size: 7KB