75a1b333efd0a564f91fb7b6e8a9815253282c02bfba8ee5609ff1afaa7a7509

Sharing

Copy URL Twitter E-mail

General

Target

75a1b333efd0a564f91fb7b6e8a9815253282c02bfba8ee5609ff1afaa7a7509
Size

832KB
MD5

402b50f41ef2bcd4497ebff83263c13d
SHA1

177224cc1463f2f1913ba6856e3bf21c90a48851
SHA256

75a1b333efd0a564f91fb7b6e8a9815253282c02bfba8ee5609ff1afaa7a7509
SHA512

487867814543c1d8f63e30bd26e9be8c11f6475659ab56a977ef319c47510ebb1db985a1b7443567b938ae540bc90492791e58b8950ee7fc311509f86f2cab4c
SSDEEP

24576:WCQwEbDq1Tm6unvu3inGG6ua8mvoKOG+wdIXH8xDQiI90:N8ATm6wTnmt8mvSH8xDy

Score

N/A

Malware Config

Signatures

Files

75a1b333efd0a564f91fb7b6e8a9815253282c02bfba8ee5609ff1afaa7a7509
.exe windows x86

3e0f7851db4c5b1b2d78fc78b78a20c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarI8FromI2
VarDateFromI8
VarI1FromUI4
VarEqv
VarUI2FromI1
VarCyFromDec
VarUI8FromStr
VarCyFromStr
VarFormatCurrency
VarDecFromDate
VarDateFromUdateEx
SafeArrayCreateVector
VariantClear
VarDateFromUI1
VarCyInt
VarI2FromUI1
VarDecInt
VarOr
VarI2FromI1
SafeArrayAccessData
VarI2FromI4
VarBoolFromUI8
VarUI1FromI2
SafeArrayUnaccessData
BSTR_UserUnmarshal

msvfw32

ICCompressorFree
MCIWndRegisterClass
ICRemove
GetOpenFileNamePreviewW
ICCompressorChoose
DrawDibSetPalette
MCIWndCreate
DrawDibTime
ICDraw
ICInstall
GetSaveFileNamePreviewA
ICMThunk32
ICSendMessage
ICCompress
ICImageCompress
DrawDibChangePalette
ICDecompress
DrawDibStart
DrawDibStop
ICSeqCompressFrame
ICSeqCompressFrameStart
StretchDIB
ICImageDecompress
ICClose
ICOpen
DrawDibBegin
DrawDibDraw
MCIWndCreateA
GetOpenFileNamePreviewA
GetSaveFileNamePreviewW
DrawDibGetPalette
ICDrawBegin
DrawDibProfileDisplay

kernel32

GetCompressedFileSizeW
BackupWrite
CloseProfileUserMapping
GetConsoleAliasW
PrivMoveFileIdentityW
SetConsoleOS2OemFormat
OutputDebugStringW
PeekConsoleInputA
CommConfigDialogA
FindFirstVolumeW
WideCharToMultiByte
LoadLibraryA
GlobalAlloc
CloseHandle
CompareStringA
ReleaseMutex
GetUserDefaultLCID
LZInit
OpenSemaphoreA
VirtualAlloc
GetTickCount
CreateSocketHandle
GetCurrentThread
IsValidLocale
GetConsoleAliasesW
GetCPInfoExW
ExitProcess
ReadConsoleOutputA
IsBadCodePtr
UTRegister
SwitchToThread
CreateMutexA

advapi32

LsaCreateTrustedDomain
OpenTraceA
InitializeAcl
WmiFileHandleToInstanceNameW
LookupAccountSidW
LsaAddAccountRights
UnregisterTraceGuids
CredRenameA
CryptSetKeyParam
AllocateAndInitializeSid
I_ScGetCurrentGroupStateW
ConvertStringSidToSidA
SystemFunction007
ChangeServiceConfig2A
NotifyChangeEventLog
LsaQueryInformationPolicy
GetTraceEnableLevel
RegOpenKeyExW
LsaQuerySecret
RegSaveKeyExA
CryptReleaseContext
CredWriteDomainCredentialsA
ConvertToAutoInheritPrivateObjectSecurity
AdjustTokenGroups
LsaRemovePrivilegesFromAccount
InitiateSystemShutdownW
SystemFunction006
EncryptFileA
GetServiceKeyNameW
InitiateSystemShutdownExA

ntdll

NtImpersonateClientOfPort
NtEnumerateKey
__toascii
RtlAddCompoundAce
NtImpersonateThread
ZwAccessCheckByTypeAndAuditAlarm
RtlCopyUnicodeString
ZwReadRequestData
ZwSetInformationProcess
RtlGetNativeSystemInformation
NtModifyBootEntry
ZwQueryInformationPort
_i64tow
NtAlertThread
NtVdmControl
ZwSetBootEntryOrder
RtlGetElementGenericTable
RtlDosSearchPath_Ustr
RtlDecompressBuffer
RtlQueryAtomInAtomTable
NtSetEvent
ZwGetWriteWatch
ZwOpenProcessTokenEx
ZwReplaceKey
RtlStringFromGUID
NtSetLowEventPair
NtDeleteBootEntry

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e0f7851db4c5b1b2d78fc78b78a20c0

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvfw32

kernel32

advapi32

ntdll

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 1024B - Virtual size: 1016B