89b570ae788cd810e5883e4c03c268c68b206b4b2eab0196d19d0c99602ab9a2

Sharing

Copy URL Twitter E-mail

General

Target

89b570ae788cd810e5883e4c03c268c68b206b4b2eab0196d19d0c99602ab9a2
Size

44KB
MD5

eb4aed69879e9953df5836f057db96f6
SHA1

d8cbef5aaa96471f2800789cfba0ae6b4414c515
SHA256

89b570ae788cd810e5883e4c03c268c68b206b4b2eab0196d19d0c99602ab9a2
SHA512

b0e254c2630a69c1e0f61804f905bea582ae23acb21af43ac2dba9db45c93a2a5d38fafd76bdd80d3284cbca3a85b4f57759077b90d51c335178054030dd7423
SSDEEP

768:gQtZ4A4xm3BSui1pPPGK+6uV5eQbuy9KyS4mvls4zFX0gh2otM0uML4sj2aqBCHu:gaZ4A4xairnG9s81evlrpXLxtpZ4sj2b

Score

N/A

Malware Config

Signatures

Files

89b570ae788cd810e5883e4c03c268c68b206b4b2eab0196d19d0c99602ab9a2
.exe windows x86

1a4d0e97d0bed115034f13949ea95525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHSetValueW
SHIsLowMemoryMachine
PathIsNetworkPathA
PathIsDirectoryA
SHStrDupW
PathUnquoteSpacesW
PathBuildRootA
StrCmpW
PathQuoteSpacesA
SHRegCloseUSKey
PathUndecorateA
PathIsRelativeA
StrRChrIA
PathAddBackslashW
PathIsUNCServerW
SHCreateStreamOnFileW
ChrCmpIW
PathIsSystemFolderW
UrlCanonicalizeW
PathCanonicalizeA
AssocQueryStringByKeyA
SHEnumKeyExA
SHRegSetUSValueW
StrCSpnIW
SHRegEnumUSKeyW
StrCpyW
StrTrimW
UrlCombineW
StrIsIntlEqualA
SHCopyKeyA
PathMatchSpecA
StrCpyNW
PathIsLFNFileSpecW
StrToIntExA
PathFindNextComponentA

pdh

PdhRelogA
PdhCalculateCounterFromRawValue
PdhGetCounterTimeBase
PdhComputeCounterStatistics
PdhOpenQueryA
PdhEnumObjectsHW
PdhEnumMachinesHW
PdhListLogFileHeaderA
PdhParseCounterPathA
PdhFormatFromRawValue
PdhListLogFileHeaderW
PdhOpenQueryW
PdhBindInputDataSourceA
PdhVbGetDoubleCounterValue
PdhLookupPerfIndexByNameA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhOpenLogA
PdhEnumObjectsW
PdhReadRawLogRecord
PdhGetDataSourceTimeRangeA
PdhGetDefaultPerfObjectHA
PdhEnumObjectItemsHA
PdhMakeCounterPathW
PdhEnumLogSetNamesA
PdhVbOpenQuery
PdhVbGetCounterPathElements
PdhGetLogFileTypeW

ntdll

RtlInsertElementGenericTableAvl
RtlGetSecurityDescriptorRMControl
NtCreateProfile
ZwInitializeRegistry
iswalpha
NtGetWriteWatch
NtPulseEvent
RtlApplyRXact
ZwSetSecurityObject
NtAccessCheckByType
NtQuerySecurityObject
RtlDosSearchPath_U
NtCreateIoCompletion
NtQueryInformationThread
NtNotifyChangeMultipleKeys
DbgPrint
RtlDosApplyFileIsolationRedirection_Ustr
RtlpEnsureBufferSize
ZwSetInformationProcess
RtlRaiseException
RtlSetThreadPoolStartFunc
ZwListenPort
NtGetPlugPlayEvent
NtQueryEaFile
RtlGetCallersAddress
ZwYieldExecution
RtlVerifyVersionInfo
ZwFlushBuffersFile
RtlGetLastNtStatus

kernel32

LoadLibraryW
UnmapViewOfFile
EnumSystemCodePagesW
DeleteVolumeMountPointA
DeleteFileA
HeapCreate
ReadConsoleOutputCharacterA
SetLastError
AddAtomA
LocalHandle
GetProcAddress
GetSystemWow64DirectoryA
Module32First
CancelDeviceWakeupRequest
RemoveDirectoryW

mmcbase

??4CEventBuffer@@QAEAAV0@ABV0@@Z
?Unlock@CEventBuffer@@QAEXXZ
??0CEventBuffer@@QAE@XZ
?InternalLastRefReleased@CMMCStrongReferences@@AAE_NXZ
?Throw@SC@mmcerror@@QAEXJ@Z
?GetHelpFile@SC@mmcerror@@SGPBGXZ
??4SC@mmcerror@@QAEAAV01@J@Z
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
??0SC@mmcerror@@QAE@J@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?GetCode@SC@mmcerror@@QBEJXZ
?TraceAndClear@SC@mmcerror@@QAEXXZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?Throw@SC@mmcerror@@QAEXXZ
??9SC@mmcerror@@QBE_NJ@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?FatalError@SC@mmcerror@@QBEXXZ
?Lock@CEventBuffer@@QAEXXZ
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z

mapi32

FBadRow@4
ScCreateConversationIndex@16
FBadRglpszA@8
SwapPword@8
MNLS_MultiByteToWideChar@24
HrThisThreadAdviseSink@8
LAUNCHWIZARD
FGetComponentPath@20
HrDispatchNotifications@4
cmc_send
BMAPIGetAddress
ScRelocProps@20
ScMAPIXFromSMAPI

ole32

CoRegisterChannelHook
CoInitializeSecurity
IsValidPtrOut
STGMEDIUM_UserFree
CoCreateInstanceEx
OleLoadFromStream
CoInstall
HGLOBAL_UserUnmarshal
OleSetAutoConvert
CreateGenericComposite

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4d0e97d0bed115034f13949ea95525

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

pdh

ntdll

kernel32

mmcbase

mapi32

ole32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 732B

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 732B

.rsrc
Size: 8KB - Virtual size: 8KB