791a85bfd56a4d564c6e2095637ac791ac7080aa353f942396d536c1ccf14815

Sharing

Copy URL Twitter E-mail

General

Target

791a85bfd56a4d564c6e2095637ac791ac7080aa353f942396d536c1ccf14815
Size

287KB
MD5

7165c68ef63d89d667f96b78cf082148
SHA1

655b901fef154d5650b61b1513980174589d6c3b
SHA256

791a85bfd56a4d564c6e2095637ac791ac7080aa353f942396d536c1ccf14815
SHA512

d10ed8c640916189ba1b407b3c01606d748ef085b955be977c02b1b756f128b0595732fe264499ef7480cec65ad7b4e53b2af28760db138c3b6c0e930d5fa575
SSDEEP

6144:ElF/jpPPNwXSvxENgb8FioAANUDIS2EzdmvR0yDFWAvVSUH:EzjpPPNwXQEN1xNiYpVDvH

Score

N/A

Malware Config

Signatures

Files

791a85bfd56a4d564c6e2095637ac791ac7080aa353f942396d536c1ccf14815
.exe windows x86

a972bb8ba1a0200d40507485144587b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassW
TranslateMessage
DestroyWindow
LoadStringW
GetSysColorBrush
UnregisterClassA
CreateWindowExW
CharNextW
PeekMessageW
DispatchMessageW
LoadCursorW
CharUpperBuffW
GetMessageW
wsprintfW
DefWindowProcW
MsgWaitForMultipleObjects
UnregisterClassW
PostThreadMessageW

oleaut32

SafeArrayGetVartype
VariantClear
LoadRegTypeLi
SafeArrayDestroy
SafeArrayRedim
GetErrorInfo
SafeArrayGetUBound
VarUI4FromStr
VariantCopyInd
VariantChangeType
VariantInit
SysAllocString
SafeArrayCopy
SetErrorInfo
SysStringLen
CreateErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SysAllocStringByteLen
SysFreeString
SafeArrayLock
SafeArrayUnlock
LoadTypeLi
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
VariantCopy
SysStringByteLen

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW

userenv

UnloadUserProfile

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
CM_Get_Device_ID_Size
SetupDiGetDeviceInterfaceDetailW
CM_Get_Sibling
SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiCreateDeviceInfoList
CM_Get_Child
SetupDiSetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status_Ex
CM_Locate_DevNodeW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInfoListDetailW

iphlpapi

NotifyAddrChange
GetTcpTable
GetUdpTable
GetIpForwardTable
InternalCreateIpForwardEntry
NTPTimeToNTFileTime
NhGetInterfaceNameFromDeviceGuid
InternalGetUdpTable
register_icmp
NotifyRouteChange

kernel32

lstrlenA
GetConsoleMode
LocalFree
GetOEMCP
GetThreadLocale
IsValidCodePage
RaiseException
SetHandleCount
HeapDestroy
GetCommandLineW
GetVolumeNameForVolumeMountPointW
FlushFileBuffers
HeapSize
FreeEnvironmentStringsA
VirtualFree
lstrlenW
CreateWaitableTimerW
HeapFree
LCMapStringW
VerifyVersionInfoW
CloseHandle
WideCharToMultiByte
TlsAlloc
GetSystemInfo
TlsSetValue
LoadResource
GetCurrentThreadId
FreeLibrary
GetModuleHandleA
WaitForMultipleObjects
WriteConsoleA
LCMapStringA
UnhandledExceptionFilter
VirtualAlloc
VerSetConditionMask
CancelIo
GetConsoleCP
LoadLibraryExW
WriteConsoleW
TlsFree
SetWaitableTimer
SetProcessWorkingSetSize
LeaveCriticalSection
OpenProcess
SetStdHandle
SizeofResource
IsValidLocale
GetFileType
SetFilePointer
VirtualProtect
CreateProcessW
SetProcessShutdownParameters
WaitForSingleObject
SetLastError
CreateFileA
FindResourceExW
DeleteCriticalSection
GetExitCodeThread
EnterCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
HeapReAlloc
DeviceIoControl
CreateFileW
GetCommandLineA
RtlUnwind
WriteFile
TerminateThread
EnumSystemLocalesA
GetSystemTimeAsFileTime
GetProcessHeap
ResumeThread
CreateEventW
IsDebuggerPresent
HeapAlloc
SetConsoleCtrlHandler
CreateThread
FreeEnvironmentStringsW
DuplicateHandle
GetStdHandle
lstrcmpiW
GetDriveTypeW
GetUserDefaultLCID
GetModuleHandleW
VirtualQuery
GetConsoleOutputCP
FindResourceW
LockResource
GetACP

ole32

CoSuspendClassObjects
CoRegisterClassObject
CoInitializeSecurity
CoRevokeClassObject
CoImpersonateClient
CoResumeClassObjects
OleRun
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoRevertToSelf
StringFromGUID2
ProgIDFromCLSID
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc

advapi32

InitializeAcl
MakeSelfRelativeSD
SetSecurityDescriptorOwner
DuplicateTokenEx
GetAclInformation
OpenServiceW
QueryServiceConfigW
InitializeSid
DeleteService
RegEnumKeyExW
LookupAccountNameW
CloseServiceHandle
SetSecurityDescriptorGroup
GetSidLengthRequired
GetTokenInformation
RegOpenKeyExW
RegSetValueExW
SetThreadToken
CreateProcessAsUserW
ReportEventW
OpenThreadToken
CheckTokenMembership
RegQueryInfoKeyW
RegisterEventSourceW
OpenSCManagerW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetServiceStatus
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateToken
GetSecurityDescriptorOwner
ChangeServiceConfig2W
QueryServiceStatusEx
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
DeregisterEventSource
RegDeleteValueW
CopySid
GetSecurityDescriptorLength
GetSidSubAuthority
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegDeleteKeyW
ChangeServiceConfigW
GetLengthSid
ControlService
IsValidSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
EqualSid
RegCloseKey
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AddAce
SetNamedSecurityInfoW
CreateServiceW
MakeAbsoluteSD

dciman32

DCIDraw

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a972bb8ba1a0200d40507485144587b8

Headers

File Characteristics

Imports

user32

oleaut32

shlwapi

userenv

setupapi

iphlpapi

kernel32

ole32

advapi32

dciman32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 257KB - Virtual size: 610KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 257KB - Virtual size: 610KB

.rsrc
Size: 512B - Virtual size: 4KB