8d1d7000378734b7cfe9f8a3d79a976880a53eb2b273e8b85660a6fed561e56a

Sharing

Copy URL Twitter E-mail

General

Target

8d1d7000378734b7cfe9f8a3d79a976880a53eb2b273e8b85660a6fed561e56a
Size

158KB
MD5

9b23b001f05f1a5fb2c7b03f54f24412
SHA1

7d8560e1a2699c10cfaf9509a63378cb6e659531
SHA256

8d1d7000378734b7cfe9f8a3d79a976880a53eb2b273e8b85660a6fed561e56a
SHA512

8aea4d1b31ea45437fcafe856ee841f49c1a76d562ed1b53f543fd0d16e775fd53514d6e182c8956d3fe3364fce8eb4a566b57087005c51bbc1901a6048c7880
SSDEEP

3072:rxk6VWa4vTPJy0J01jc5cxOdBdl05OISKprflB10Ch9snNFSzV:xViTPDJBmOZlotflB10C/snNF

Score

N/A

Malware Config

Signatures

Files

8d1d7000378734b7cfe9f8a3d79a976880a53eb2b273e8b85660a6fed561e56a
.exe windows x86

c693cd482488bd6838a5c94c8d59a220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetReasonTitleFromReasonCode
TrackPopupMenuEx
GetWindowRect
FindWindowA
wvsprintfA
SetMenuContextHelpId
DlgDirListComboBoxW
GetActiveWindow
GetWindowContextHelpId
LoadCursorFromFileW
OpenInputDesktop
ShowStartGlass
SetWindowWord
SetWindowTextA
GetScrollBarInfo
DialogBoxIndirectParamA
GetWinStationInfo
ReleaseDC
GetCaretBlinkTime
IsCharLowerA
SendMessageCallbackA
LookupIconIdFromDirectory
GetDlgItemInt
RegisterClassW
DrawStateW
PaintDesktop
LoadRemoteFonts
SetMenuInfo
DdeQueryStringW
GetAppCompatFlags2
CloseDesktop

setupapi

SetupDiGetINFClassW
SetupDiOpenDeviceInterfaceW
SetupPromptForDiskW
SetupDiDestroyDeviceInfoList
SetupDiSelectOEMDrv
SetupDiCreateDevRegKeyA
SetupDecompressOrCopyFileW
CM_Query_And_Remove_SubTree_ExW
CM_Query_Remove_SubTree_Ex
pSetupGetGlobalFlags
CM_Remove_SubTree_Ex
CM_Dup_Range_List
SetupOpenInfFileW
IsUserAdmin
SetupFreeSourceListA
SetupDiGetClassInstallParamsA
CM_Get_DevNode_Registry_PropertyA
CM_Enable_DevNode
SetupDefaultQueueCallbackA
CM_Get_Next_Res_Des
SetupDiOpenDeviceInterfaceA
pSetupModifyGlobalFlags
CM_Register_Device_Interface_ExA
SetupDiRegisterDeviceInfo
DoesUserHavePrivilege
CM_Enable_DevNode_Ex
SetupAddInstallSectionToDiskSpaceListW
SetupDiOpenDeviceInfoA
SetupGetBackupInformationA
SetupDiDestroyClassImageList
CM_Get_Class_Key_Name_ExW
SetupAddToDiskSpaceListA
SetupQueueDefaultCopyA
SetupDiAskForOEMDisk
SetupScanFileQueueA
SetupDiGetHwProfileFriendlyNameExA
CM_Set_DevNode_Problem_Ex
pSetupWriteLogEntry
CM_Get_Resource_Conflict_DetailsW
SetupRemoveInstallSectionFromDiskSpaceListA
SetupCopyErrorW
SetupGetLineTextA
SetupCommitFileQueueA
SetupDiCreateDeviceInfoListExW
SetupQueryInfFileInformationW
pSetupStringFromGuid
CM_Get_Depth_Ex
pSetupStringTableDuplicate
SetupDiSetDeviceInstallParamsA
pSetupWriteLogError
SetupCreateDiskSpaceListW
CM_Get_Child_Ex
SetupDiDrawMiniIcon
SetupDestroyDiskSpaceList
CM_Test_Range_Available
SetupDiOpenDeviceInfoW
CM_Get_Res_Des_Data_Size
pSetupSetArrayToMultiSzValue
SetupLogFileA
CM_Delete_Class_Key_Ex
CM_Delete_Range
CM_Get_Version
pSetupOpenAndMapFileForRead
SetupDiGetActualSectionToInstallExW
SetupGetTargetPathW
SetupGetMultiSzFieldA
SetupGetTargetPathA
CM_Get_Device_ID_List_Size_ExW
SetupQueryFileLogW
pSetupMalloc

query

CiSvcMain
?GetWChar@CMemDeSerStream@@UAEXPAGK@Z
??1CRestriction@@QAE@XZ
?Refresh@CDefColumnRegEntry@@QAEXH@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
BeginCacheTransaction
?_ImpersonateIf@CImpersonateRemoteAccess@@AAEHPBG0K@Z
?StrLen@CKey@@QBEIXZ
??1CLangList@@QAE@XZ
?AcceptCommand@CQueryScanner@@QAEXXZ
CollectCIPerformanceData
?ParseStringColumns@@YGPAVCDbColumns@@PBGPAUIColumnMapper@@KPAVPVariableSet@@PAV?$CDynArray@G@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?ReadProperty@CPropertyStore@@QAEHKKAAUtagPROPVARIANT@@@Z
??0CWin32RegAccess@@QAE@PAUHKEY__@@PBG@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
??0CCategorizationSet@@QAE@ABV0@@Z
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
??1CDbColumns@@QAE@XZ
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
?Cleanup@CDbProp@@QAEXXZ
?GetR4@CAllocStorageVariant@@QBEMI@Z
??1CMmStream@@UAE@XZ
?QueryVirtualScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??1CProcess@@QAE@XZ
?GetLong@CMemDeSerStream@@UAEJXZ

ir50_qc

CompressBegin
AllocInstanceData
CompressEnd
Compress
SetCPUID
DllMain
FreeInstanceData
CompressQuery
CompressFramesInfo
SetScalability

kernel32

CreateFileMappingW
IsBadHugeWritePtr
DeleteCriticalSection
MapUserPhysicalPagesScatter
SetConsoleCP
ReadConsoleW
GlobalFlags
GlobalGetAtomNameA
GetCurrencyFormatW
GlobalFindAtomA
ReadFileEx
WritePrivateProfileStructA
ProcessIdToSessionId
GetConsoleCursorInfo
BeginUpdateResourceA
SetVolumeMountPointW
LeaveCriticalSection
HeapWalk
MultiByteToWideChar
VirtualAlloc
LoadLibraryA
GetUserDefaultUILanguage
GetConsoleAliasExesA
GetVolumePathNamesForVolumeNameA
CompareStringW
SearchPathW
MoveFileExW
FindFirstVolumeW
SetConsoleInputExeNameA
CreateWaitableTimerW
SetFileShortNameW
OpenSemaphoreW
SetProcessShutdownParameters
BaseDumpAppcompatCache
InterlockedDecrement
EnterCriticalSection
SetLocalTime
_lcreat
SetThreadExecutionState

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c693cd482488bd6838a5c94c8d59a220

Headers

DLL Characteristics

File Characteristics

Imports

user32

setupapi

query

ir50_qc

kernel32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 59KB - Virtual size: 211KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 59KB - Virtual size: 211KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB