6d630d36811cd37485c5a96e5d8f2effc3a6b77339e420d78208a80049d7d99d

Sharing

Copy URL Twitter E-mail

General

Target

6d630d36811cd37485c5a96e5d8f2effc3a6b77339e420d78208a80049d7d99d
Size

826KB
MD5

c3f5f54d2e134fe3cb1bd76f496be7ae
SHA1

aaa4cfa1a480b11631b2a40f86fb2d1a1ea1a2da
SHA256

6d630d36811cd37485c5a96e5d8f2effc3a6b77339e420d78208a80049d7d99d
SHA512

1848d1c854638de1e0180cedbc7bda6ab0f97dae33ac6fceb119728d4b0e1fd09d53376c9286074971fd4f6e1dfc7e92c31477d1505db94ea07f8646182fff13
SSDEEP

12288:EF9HqsKRbrMy47yjW+D7wxXTdwx0eUvm36oc8vKcFJkfNC0inh6a+PeDO4r5:I9H2/zMwd7UMTUu36dwKriRGePr5

Score

N/A

Malware Config

Signatures

Files

6d630d36811cd37485c5a96e5d8f2effc3a6b77339e420d78208a80049d7d99d
.exe windows x86

39d58d83606c4079a6859008ecc18115

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msls31

LsGetHihLsimethods
LsdnGetDup
LsDisplaySubline
LsdnFinishRegular
LsdnResolvePrevTab
LsDestroyLine
LsExpandSubline
LsResetRMInCurrentSubline
LsdnModifyParaEnding
LsGetLineDur
LsdnGetFormatDepth
LsSetExpansion
LsFetchAppendToCurrentSublineResume
LssbGetVisibleDcpInSubline
LsdnResetObjDim
LsQueryLineCpPpoint
LsQueryCpPpointSubline
LsGetSpecialEffectsSubline
LsQueryLinePointPcp
LsQueryTextCellDetails
LsCompressSubline

kernel32

SystemTimeToFileTime
CreateEventW
LoadLibraryW
WriteFile
WriteConsoleOutputAttribute
GetCurrentThread
TransmitCommChar
_lread
CreateActCtxA
SetFileAttributesA
QueryPerformanceCounter
RtlMoveMemory
EnumerateLocalComputerNamesW
GetModuleHandleW
RemoveVectoredExceptionHandler
GetLocaleInfoW
FindFirstFileW
EnumUILanguagesW
SetConsoleDisplayMode
GetOverlappedResult
GetSystemDirectoryW
GetVolumeInformationW
GetCommConfig

mapistub

FGetComponentPath@20
LpValFindProp@12
HrSetOneProp@8
MAPIInitIdle@4
FreePadrlist@4
WrapStoreEntryID@24
MNLS_lstrlenW@4
ScBinFromHexBounded@12
InstallFilterHook@4
MAPIInitialize
CreateTable@36
WrapProgress@20
FBadRow@4
HrGetOneProp@12
OpenTnefStream

advapi32

LsaSetDomainInformationPolicy
QueryTraceA
GetServiceDisplayNameW
BuildImpersonateExplicitAccessWithNameA
CredDeleteA
ProcessTrace
ObjectCloseAuditAlarmW
GetTrusteeFormA
AddAuditAccessAceEx
FlushTraceW
SystemFunction019
WmiMofEnumerateResourcesW
RegSetValueExA
ComputeAccessTokenFromCodeAuthzLevel
RegCreateKeyExA
GetNamedSecurityInfoExA
WmiSetSingleItemA
QueryServiceConfig2A
CryptSignHashW
RegNotifyChangeKeyValue
OpenThreadToken
SetServiceStatus
RegUnLoadKeyW
SystemFunction007

imm32

ImmReSizeIMCC
ImmGetGuideLineA
ImmDestroyContext
ImmSetStatusWindowPos
ImmSetCompositionFontA
ImmCreateContext
ImmGetIMEFileNameA
ImmLockIMC
ImmSetConversionStatus

wmi

GetTraceLoggerHandle
WmiQueryGuidInformation
ProcessTrace
CloseTrace
WmiSetSingleItemW
EnableTrace
ControlTraceW
WmiOpenBlock
WmiNotificationRegistrationW
WmiMofEnumerateResourcesA
RegisterTraceGuidsW

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d58d83606c4079a6859008ecc18115

Headers

DLL Characteristics

File Characteristics

Imports

msls31

kernel32

mapistub

advapi32

imm32

wmi

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 114KB - Virtual size: 113KB

.reloc Size: 1024B - Virtual size: 864B

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 1024B - Virtual size: 864B