68864a7ffef9833fd70dcdb7179c9f0085b5fc0980adeb52d1a164b05ad6700c

Sharing

Copy URL Twitter E-mail

General

Target

68864a7ffef9833fd70dcdb7179c9f0085b5fc0980adeb52d1a164b05ad6700c
Size

115KB
MD5

90fc7690333954f77b732f9f740ba390
SHA1

56908eb10cc0503b96d217d14360dc2c2a7c2348
SHA256

68864a7ffef9833fd70dcdb7179c9f0085b5fc0980adeb52d1a164b05ad6700c
SHA512

4b912d3fda1acf3c82acad97b46b03ae754cbc969c34a74214ffd63e78da9a142204636e167a117c043cec118b19d4ea2b22a4fdc6db956f502e913f3a285edd
SSDEEP

1536:qisBCDR01Aj7TG/ZbJYXtMgosUuwk1uHaEg0ZNHT1Qwll1Andel+l1Andelpl1Ac:X3vYJ+tMgo7uwzHaEg4JrlF+lFplF

Score

N/A

Malware Config

Signatures

Files

68864a7ffef9833fd70dcdb7179c9f0085b5fc0980adeb52d1a164b05ad6700c
.exe windows x86

71ed969fd11eba58d1a8fe7b70f79d6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluNurbsSurface
gluProject
gluNurbsCurve
gluNurbsCallback
gluNewNurbsRenderer
gluTessEndPolygon
gluBeginSurface
gluTessCallback
gluQuadricDrawStyle
gluQuadricNormals

user32

ChildWindowFromPointEx
IsChild
DestroyWindow
GetDesktopWindow
DialogBoxParamA
GetLastActivePopup
GetNextDlgGroupItem
EndDeferWindowPos
BeginDeferWindowPos
ShowWindowAsync
MessageBoxA

comctl32

ord17
FlatSB_GetScrollProp
DestroyPropertySheetPage
CreatePropertySheetPageA
PropertySheetA
ord6
FlatSB_SetScrollRange
FlatSB_SetScrollProp
CreatePropertySheetPageW
FlatSB_SetScrollInfo
ord5

advapi32

RegSaveKeyA
ClearEventLogW
ReportEventA
RegQueryValueA
GetTokenInformation
RegCreateKeyExA
RegisterEventSourceA

kernel32

WritePrivateProfileStringA
GetProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStructA
GetModuleHandleA
GetProcAddress
VirtualAlloc
GetLastError
GetFullPathNameA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetCurrentDirectoryA
GetDriveTypeA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetFilePointer
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetStdHandle
CloseHandle
CreateFileA
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetEndOfFile
LCMapStringA
LCMapStringW

secur32

ApplyControlToken
DecryptMessage
CompleteAuthToken
VerifySignature
DeleteSecurityContext
ExportSecurityContext
EncryptMessage
AcceptSecurityContext
FreeCredentialsHandle
MakeSignature

ws2_32

listen
bind
setsockopt
accept
getprotobyname
getsockname
getprotobynumber
gethostname
shutdown
sendto
ioctlsocket
select
socket
inet_addr

activeds

ord5
ord17
ord15
ord18
ord3
ord7
ord4
ord14
ord19

dciman32

DCIBeginAccess

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71ed969fd11eba58d1a8fe7b70f79d6d

Headers

File Characteristics

Imports

glu32

user32

comctl32

advapi32

kernel32

secur32

ws2_32

activeds

dciman32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 73KB - Virtual size: 73KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 73KB - Virtual size: 73KB