6fdf9a6ee6fa7e6d24a0b27b4e93197fc9f6dbd3d6ae36d29cd01786b36b5ec2

Sharing

Copy URL Twitter E-mail

General

Target

6fdf9a6ee6fa7e6d24a0b27b4e93197fc9f6dbd3d6ae36d29cd01786b36b5ec2
Size

47KB
MD5

7847fef6e6cd16be4e7d06e74482188d
SHA1

e174dd298030f40a497ed6f31acabc8c81cffacb
SHA256

6fdf9a6ee6fa7e6d24a0b27b4e93197fc9f6dbd3d6ae36d29cd01786b36b5ec2
SHA512

8d1281fe73aaa46733697adc67bbfc71f3bb5a1f9e61a349d3209e173fde43a27b8e932ea685ddad3859f9eff9a1d7704d8f56b4fd9b50a074828bb1b49cbbd6
SSDEEP

768:XIsz5YbAWlCcwcfTYiq1iVVDXzVynPSusazyqWt4gDbZXL9moht3MMcjmLPWl5Xp:XP+xxwcrhqeDXzVmPWamqQ3bwst3MpqE

Score

N/A

Malware Config

Signatures

Files

6fdf9a6ee6fa7e6d24a0b27b4e93197fc9f6dbd3d6ae36d29cd01786b36b5ec2
.exe windows x86

db5c26929aa08191b896dc742776661d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtFlushVirtualMemory
DbgPrintReturnControlC
DbgUiStopDebugging
NtUnmapViewOfSection
ZwCreateToken
RtlSizeHeap
fabs
ZwInitiatePowerAction
wcstoul
RtlCreateRegistryKey
ZwCreateMailslotFile
RtlSetBits
RtlDeleteSecurityObject
iswdigit
RtlConvertUlongToLargeInteger
NtInitializeRegistry
NtCreateKey
ZwAlertResumeThread
ZwQueryInformationProcess
RtlGetDaclSecurityDescriptor
RtlNtPathNameToDosPathName
wcsrchr

advapi32

AccessCheckAndAuditAlarmA
CryptDestroyHash
QueryServiceLockStatusW
CryptDecrypt
LogonUserExA
WmiSetSingleItemA
EncryptedFileKeyInfo
CreateServiceW
SetInformationCodeAuthzPolicyW
GetTraceEnableFlags
AbortSystemShutdownA
WmiExecuteMethodW
RegQueryValueA
LsaSetQuotasForAccount
SystemFunction033
RemoveTraceCallback
BackupEventLogA
ElfDeregisterEventSource
LogonUserExW
SystemFunction027
ObjectDeleteAuditAlarmA
LsaCreateSecret
BuildSecurityDescriptorA
SetSecurityDescriptorOwner
GetAuditedPermissionsFromAclA
SystemFunction004

opengl32

glRasterPos2f
glCopyTexSubImage1D
glPixelMapusv
glGetTexGeniv
GlmfBeginGlsBlock
glTexCoord2s
glBegin
glTexCoord1iv
glLightModeli
glRasterPos2iv
glRasterPos3fv
glIndexd
glCallLists
glLightModelfv
glShadeModel
wglCreateContext
glColor4usv
glFeedbackBuffer
glEnd
glRectfv
glNormal3fv
glTexCoord1fv
wglSwapMultipleBuffers
glFlush
glTexCoord4f
glRasterPos3sv
glPolygonOffset
glArrayElement
glEvalCoord1dv
glVertex2f

shlwapi

StrStrNW
SHDeleteOrphanKeyA
SHGetInverseCMAP
SHRegDeleteUSValueA
AssocQueryStringByKeyW
PathCanonicalizeA
StrCpyNW
PathMatchSpecW
PathMakePrettyW
SHRegGetBoolUSValueW
SHRegQueryUSValueW
StrToIntA
SHRegQueryUSValueA
SHSetValueW
SHDeleteOrphanKeyW
StrCSpnIW
PathGetDriveNumberW
SHQueryValueExW
PathIsDirectoryW
PathCompactPathW
SHRegQueryInfoUSKeyW
SHEnumValueW
StrStrW
PathIsFileSpecW

kernel32

lstrcat
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetPrivateProfileStructW
UnregisterWaitEx
GetStringTypeExA
EnumResourceLanguagesW
GetTickCount
TransmitCommChar
GetConsoleCP
Process32FirstW
EnumDateFormatsExW
RegisterWaitForSingleObject
WaitNamedPipeA
RtlUnwind
LCMapStringA
Heap32First
GetCPInfoExW
ActivateActCtx
GetConsoleMode
GetFileTime
EnumResourceNamesA
FindFirstFileW
CommConfigDialogA
SetConsoleCP
HeapAlloc
CreateActCtxA
IsSystemResumeAutomatic
LoadLibraryW
GetUserDefaultLCID
SetDefaultCommConfigW
InitializeCriticalSection

oleacc

AccessibleChildren
GetOleaccVersionInfo
GetStateTextA
CreateStdAccessibleProxyA
LIBID_Accessibility
GetStateTextW
AccessibleObjectFromPoint
ObjectFromLresult
IID_IAccessible
GetRoleTextW
DllRegisterServer
AccessibleObjectFromEvent
AccessibleObjectFromWindow
IID_IAccessibleHandler
GetRoleTextA
CreateStdAccessibleObject
LresultFromObject
WindowFromAccessibleObject
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer

sqlunirl

_IsBadStringPtr_@8
__hwrite_@12
_RegOpenKeyEx_@20
_GetClipboardFormatName_@12
_CreateFile@28
_CommDlg_OpenSave_GetFolderPath@12
_CallWindowProc@20
_DlgDirListComboBox_@20
_CharToOemBuff_@12
_LoadAccelerators_@8
_FatalAppExit_@8
_SendNotifyMessage_@16
_LookupAccountSid_@28
_GetObject@12
_RegCreateKeyEx_@36
_GetClassLong_@8
_GetPrivateProfileString_@24
_GetWindowsDirectory_@8
_DlgDirList_@20
_ExtractIcon_@12
_Shell_NotifyIcon_@8
_GetProcAddress_@8
_WriteConsoleInput_@16
_RemoveDirectory_@4
_GetFileAttributesEx_@12
_CreateMailslot_@16

rasser

PortInit
PortSetFraming
PortConnect
PortDisconnect
PortOpen
PortSend
PortGetPortState
PortClearStatistics
PortGetInfo
PortReceiveComplete
PortSetInfo
PortTestSignalState
PortCompressionSetInfo
PortSetINetCfg
PortReceive
PortChangeCallback
PortGetStatistics
PortEnum
PortClose

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db5c26929aa08191b896dc742776661d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

opengl32

shlwapi

kernel32

oleacc

sqlunirl

rasser

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB