7b19a187d9b37d6de5ea5f502a4d78ac8dd979421c34b3b925db9323a7dd84e7

Sharing

Copy URL Twitter E-mail

General

Target

7b19a187d9b37d6de5ea5f502a4d78ac8dd979421c34b3b925db9323a7dd84e7
Size

116KB
MD5

37f348ca058795c988dab99f2a23bf1e
SHA1

ba05e683cd30d6384f06df5f00b5a300f1cb1bab
SHA256

7b19a187d9b37d6de5ea5f502a4d78ac8dd979421c34b3b925db9323a7dd84e7
SHA512

20ca75154ab3fed24fd89474547e1e32eb5b3c61e22763d1c776a9b79e6b029d53ad75860440c75c5c87342971888bc5e8ca2bc78f29bdeadb4198bba991b879
SSDEEP

3072:BxuUl6ZDaBfzZ4U1r4fdhgGp7m1Nv6Jo6qWTRDpiU:eGQDa1Zon2bv6a6qKRj

Score

N/A

Malware Config

Signatures

Files

7b19a187d9b37d6de5ea5f502a4d78ac8dd979421c34b3b925db9323a7dd84e7
.dll windows x86

f2e61faf1fee449f9fb850e464be2125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleOutputAttribute
GetConsoleWindow
AllocConsole
GetDriveTypeA
CreateSemaphoreA
CreateNamedPipeW
GetConsoleFontInfo
GetTimeFormatW
CreateConsoleScreenBuffer
ReleaseMutex
WriteFileEx
ReadConsoleA
Heap32First
CloseProfileUserMapping
GetConsoleCP
QueryPerformanceCounter
SetFilePointerEx
EnumDateFormatsExA
ReadConsoleInputW
GetVersion
ResumeThread
SetTapeParameters
GetModuleHandleA
FindFirstFileW
FillConsoleOutputAttribute
GetConsoleAliasExesW
IsValidCodePage
Heap32ListFirst
ReadConsoleInputA
WritePrivateProfileSectionW
FillConsoleOutputCharacterA
LoadLibraryExA
HeapSummary
GetDiskFreeSpaceW
GetFullPathNameA
CreateSemaphoreW
ExpungeConsoleCommandHistoryA
GetHandleInformation
WaitNamedPipeA
EnumCalendarInfoExW
EnumDateFormatsA
GetModuleHandleW
FreeResource
FoldStringA
WriteFileGather
CreateFileMappingW
PeekConsoleInputW
GetSystemTime
IsBadHugeWritePtr
GetLocalTime
ClearCommError
ExpandEnvironmentStringsA
GetConsoleCommandHistoryW
EnumDateFormatsW
WaitForSingleObject
SwitchToThread
WriteConsoleInputA
MapViewOfFile
FindNextChangeNotification
PeekConsoleInputA
SetConsoleNumberOfCommandsA
FreeLibrary
CreateMailslotW
AddConsoleAliasW
ReadConsoleOutputA
GetThreadTimes
GetFileInformationByHandle
OpenMutexW
GetProcAddress
IsValidLocale
VirtualAlloc
LoadLibraryA

user32

UnhookWinEvent
CharToOemBuffA
IsCharUpperW
EndDeferWindowPos
CloseWindow
RealChildWindowFromPoint
SetClipboardData
MessageBoxExW
UnionRect
GetMenuDefaultItem
GetCursor
DrawIcon
GetAltTabInfoA
CallNextHookEx
CharUpperBuffA
ChangeDisplaySettingsA
SendNotifyMessageA
GetWindowTextLengthA
CreateWindowStationA
GetWindowLongA
EnumDisplaySettingsExW
GetMenuItemID
ValidateRect
CreateIconFromResourceEx

advapi32

RegEnumValueW
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
LsaEnumerateTrustedDomainsEx
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmA
CloseEventLog
OpenSCManagerW
CryptGetUserKey
ConvertStringSidToSidW
GetFileSecurityA
GetPrivateObjectSecurity
SystemFunction026
SetEntriesInAclW
RegisterEventSourceA
ElfCloseEventLog
StartServiceCtrlDispatcherW
RemoveUsersFromEncryptedFile
GetTrusteeFormA
FindFirstFreeAce
LsaEnumeratePrivilegesOfAccount
SetThreadToken
ObjectPrivilegeAuditAlarmA
LsaLookupSids
LookupSecurityDescriptorPartsA
PrivilegedServiceAuditAlarmW
QueryServiceStatus
SystemFunction001
ConvertStringSidToSidA
CryptDuplicateHash
LsaGetRemoteUserName
SetPrivateObjectSecurity
TrusteeAccessToObjectA
OpenBackupEventLogA
CryptDuplicateKey
CreatePrivateObjectSecurity
PrivilegeCheck
CryptImportKey
LsaOpenSecret
EqualSid
AbortSystemShutdownA
CryptHashSessionKey
DeleteAce
ElfOpenEventLogA
DestroyPrivateObjectSecurity
QueryServiceConfigA
SetServiceBits
ElfReportEventW
SystemFunction005
SystemFunction033
SystemFunction024
GetMultipleTrusteeOperationA
FreeSid
LsaQueryDomainInformationPolicy
RegQueryValueA
CryptSetProviderExW
SetFileSecurityW
LsaCreateTrustedDomain
OpenSCManagerA
GetServiceKeyNameA
QueryServiceLockStatusW
GetAclInformation
RegDeleteKeyA
LsaQueryInfoTrustedDomain
StartServiceCtrlDispatcherA
ConvertSecurityDescriptorToAccessNamedA
CryptCreateHash
AccessCheckByTypeResultListAndAuditAlarmW
LsaOpenTrustedDomain
LsaGetQuotasForAccount
DuplicateToken
QueryServiceConfig2A
LsaSetInformationTrustedDomain
SetFileSecurityA
IsValidSecurityDescriptor
RegEnumValueA
LsaOpenPolicy
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaGetSystemAccessAccount
SystemFunction029
ReadEventLogA
I_ScSetServiceBitsW

shell32

StrChrIW
StrStrW

shlwapi

PathStripPathW
PathIsDirectoryW
StrTrimA
IntlStrEqWorkerW
StrPBrkA
PathIsUNCW
StrSpnA
PathFindExtensionA
IntlStrEqWorkerA
SHRegSetUSValueW
SHRegEnumUSKeyW
SHDeleteOrphanKeyA
UrlIsNoHistoryW
SHCreateShellPalette
SHRegGetUSValueW
PathSetDlgItemPathA
PathUnquoteSpacesA
PathIsFileSpecW
PathGetCharTypeA
PathMakeSystemFolderW
StrTrimW
PathMakeSystemFolderA
UrlApplySchemeW
StrSpnW
SHDeleteEmptyKeyA
PathGetDriveNumberA
PathSearchAndQualifyA
SHEnumKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerInstallFileA
VerQueryValueW

msvcrt

asin
fread
fclose
fwrite
difftime
fwprintf
feof
fprintf
_unlink
fseek
fputs
_ultow
memset
ftell
sprintf
ferror
fputc
__CxxFrameHandler
printf
fopen
fsetpos
_write

Exports

Exports

Euanrhbnai
Pdxcwu
Rkucu
Rxrqkioit
Vbveiu

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2e61faf1fee449f9fb850e464be2125

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 5KB