755c6a0fcac00869bab1bd5f72c9a150abc1097cdef236717e29287c7e88b390

Sharing

Copy URL Twitter E-mail

General

Target

755c6a0fcac00869bab1bd5f72c9a150abc1097cdef236717e29287c7e88b390
Size

827KB
MD5

7905b86b35c4c34fe14d0e3e3bf7780b
SHA1

d7feacb890343eb0fcf92e224c5f6c83a9b25537
SHA256

755c6a0fcac00869bab1bd5f72c9a150abc1097cdef236717e29287c7e88b390
SHA512

d67b9f51f9d73bda953689aece09968fb9b215b2efa8ce5c294fb099df8e8b89a971aa2625ce3fff6449cd21b015dfcc74befc73f647fb6978d1f77fdff83215
SSDEEP

24576:VMmiAoW0/efcM3nFbtKjo3LMPZe+BPUBF3uxFUr5Cq:VMmiAoS73mjuKZV5Ub3uL4

Score

N/A

Malware Config

Signatures

Files

755c6a0fcac00869bab1bd5f72c9a150abc1097cdef236717e29287c7e88b390
.exe windows x86

c42bcd42c9bfa37012c360a4dbc11b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcmp
_mbstok
fwscanf
exit
__getmainargs
_mbctombb
__p__dstbias
isgraph
wcstod
??_E__non_rtti_object@@UAEPAXI@Z
strcpy
_endthreadex
__p__commode
_mbsnbicmp
asin
_initterm
putwchar
_vsnprintf
fgets
strchr
__doserrno
__set_app_type
wcscat
_inp
_mbsrchr
??1exception@@UAE@XZ
_mbsncmp
memcpy

ntdll

ZwSetInformationFile
LdrVerifyImageMatchesChecksum
NtImpersonateAnonymousToken
ZwPlugPlayControl
NtUnloadKeyEx
VerSetConditionMask
RtlInterlockedFlushSList
isspace
ZwAcceptConnectPort
RtlNtPathNameToDosPathName
cos
NtTraceEvent
ZwSetSystemPowerState
ZwReadRequestData
RtlDeregisterWait
ZwSetThreadExecutionState
RtlInitializeContext
wcstombs
NtCurrentTeb
DbgPrintReturnControlC

ws2help

WahQueueUserApc
WahWaitForNotification
WahCreateHandleContextTable
WahCloseApcHelper
WahNotifyAllProcesses
WahOpenApcHelper
WahCreateNotificationHandle
WahOpenNotificationHandleHelper
WahDisableNonIFSHandleSupport
WahOpenCurrentThread
WahInsertHandleContext
WahCloseSocketHandle
WahDestroyHandleContextTable
WahEnableNonIFSHandleSupport
WahCompleteRequest
WahCloseHandleHelper
WahOpenHandleHelper
WahEnumerateHandleContexts
WahReferenceContextByHandle
WahCreateSocketHandle
WahCloseNotificationHandleHelper
WahCloseThread
WahRemoveHandleContext

hid

HidD_SetOutputReport
HidP_GetUsagesEx
HidP_MaxUsageListLength
HidD_GetFeature
HidP_GetData
HidP_GetUsageValue
HidD_GetAttributes
HidD_GetNumInputBuffers
HidD_GetConfiguration
HidD_SetFeature
HidP_SetScaledUsageValue
HidP_GetExtendedAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_InitializeReportForID
HidD_GetMsGenreDescriptor
HidD_SetConfiguration

kernel32

lstrcpyA
MoveFileExW
ReplaceFileA
CloseHandle
GetMailslotInfo
IsBadHugeReadPtr
GetShortPathNameW
GetLocaleInfoW
WriteConsoleOutputCharacterA
GetNativeSystemInfo
GetCurrentThread
CreateDirectoryA
WTSGetActiveConsoleSessionId
RtlCaptureContext
CreateIoCompletionPort
SetMessageWaitingIndicator
LoadModule
DebugActiveProcessStop
GetProcessShutdownParameters
OpenWaitableTimerA
GetConsoleAliasExesW
LoadLibraryW
GetModuleHandleW

cfgmgr32

CM_Query_And_Remove_SubTree_ExA
CM_Get_Global_State_Ex
CM_Get_Device_ID_List_ExW
CM_Get_Hardware_Profile_InfoW
CM_Open_Class_Key_ExA
CM_Setup_DevNode_Ex
CM_Get_Log_Conf_Priority
CM_Detect_Resource_Conflict

schannel

QuerySecurityPackageInfoA
RevertSecurityContext
SslEmptyCacheA
InitSecurityInterfaceW
InitSecurityInterfaceA
MakeSignature
EnumerateSecurityPackagesW
SslGenerateRandomBits
FreeContextBuffer
FreeCredentialsHandle
SslGetMaximumKeySize
AcquireCredentialsHandleW
UnsealMessage
SealMessage
SslEmptyCacheW
SslLoadCertificate
InitializeSecurityContextA
InitializeSecurityContextW
EnumerateSecurityPackagesA
ApplyControlToken
SslFreeCertificate
QueryContextAttributesW
AcquireCredentialsHandleA

advapi32

SystemFunction020
WriteEncryptedFileRaw
SetSecurityInfoExW
RegOpenUserClassesRoot
SystemFunction034
RegQueryValueA
ChangeServiceConfig2W
GetInheritanceSourceA
ConvertStringSidToSidA
LsaFreeMemory
GetTrusteeTypeW
RegQueryInfoKeyA

user32

EndDialog
MessageBoxW

shell32

SHGetMalloc

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c42bcd42c9bfa37012c360a4dbc11b64

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

ws2help

hid

kernel32

cfgmgr32

schannel

advapi32

user32

shell32

Sections

.text Size: 419KB - Virtual size: 418KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 419KB - Virtual size: 418KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 1024B - Virtual size: 900B