56263691f1e4ba127bf0d908b775c17b338fd8e3fb481617c44be5c256475cb7

Sharing

Copy URL Twitter E-mail

General

Target

56263691f1e4ba127bf0d908b775c17b338fd8e3fb481617c44be5c256475cb7
Size

128KB
MD5

0351587e72a2cf7f8fcef916e15c683e
SHA1

08aae5456829e58f7984b027a16af71b79cbaada
SHA256

56263691f1e4ba127bf0d908b775c17b338fd8e3fb481617c44be5c256475cb7
SHA512

571cf5c898319616edd304ba2548d9cb590f07688ee84074307bbb1e97c6f8989cf80937d1f145ece20e2cdd0a14fbe1cd0c1c0025be81e9760eb33e539a4dbf
SSDEEP

3072:umhTGIjPHNE/6AzwSwkKtWOlbkTr7jB8w:D7uSPtWlTLB

Score

N/A

Malware Config

Signatures

Files

56263691f1e4ba127bf0d908b775c17b338fd8e3fb481617c44be5c256475cb7
.dll windows x86

9949e841fa38b8316d88f859b9f63958

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
VirtualAlloc
BuildCommDCBAndTimeoutsW
GetSystemTime
SetTimerQueueTimer
RegisterWowExec
GetModuleHandleA
EnumResourceLanguagesW
IsValidLocale
RemoveDirectoryW
RtlFillMemory
RtlZeroMemory
CallNamedPipeW
SetConsoleHardwareState
FindAtomA
PrepareTape
GetConsoleCommandHistoryLengthA
UTUnRegister
EnumDateFormatsExW
IsBadHugeReadPtr
SetCommMask
GetProcessVersion
IsDBCSLeadByteEx
InterlockedCompareExchange
QueryDosDeviceW
GetLogicalDrives
SetCommTimeouts
VerLanguageNameW
CreateFileW
SetEvent
SetThreadPriority
VerLanguageNameA
RegisterWaitForInputIdle
AddAtomW
SetEnvironmentVariableW
EraseTape
FindFirstVolumeMountPointW
GetSystemInfo
GetPrivateProfileIntW
ReleaseMutex
ConnectNamedPipe
GetLogicalDriveStringsA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
SetCommBreak
GetHandleInformation
GetPrivateProfileSectionA
GetVersion
WriteConsoleOutputCharacterA
SetComputerNameW
GetFileAttributesExA
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceW
AreFileApisANSI
MoveFileWithProgressA
GetProcAddress

user32

AttachThreadInput
SetMessageQueue
RemoveMenu
EnumDesktopWindows
GetSystemMetrics
DlgDirListA
GetNextDlgTabItem
EnumPropsExA
GetForegroundWindow
TranslateAcceleratorA
MessageBoxIndirectA
LoadKeyboardLayoutA
GetKBCodePage
EnableScrollBar
MessageBoxIndirectW
GetClipboardSequenceNumber
ClipCursor
WinHelpA
GetCapture
DrawIcon
SetClipboardData
InsertMenuItemW
GetProcessWindowStation
GetMenuInfo
DestroyCursor
CreateIconFromResource
WINNLSGetIMEHotkey
GetMenu
InsertMenuA
DdeSetUserHandle
EndMenu

gdi32

PathToRegion
GdiPlayDCScript
GetViewportOrgEx
InvertRgn
SelectClipRgn
CreateBitmapIndirect
GetFontLanguageInfo
GetCharWidthI
GetObjectW
CreateFontA
GetGlyphOutlineW
GetICMProfileA
GdiArtificialDecrementDriver
gdiPlaySpoolStream
GetRgnBox
CreateEllipticRgnIndirect
AddFontResourceExA
RemoveFontResourceExA
SetLayout
Pie
GetArcDirection
SetMapMode
GetBitmapBits
GetColorSpace
CloseEnhMetaFile
CreateSolidBrush
SetBkMode
CreatePalette
StartDocA
ExtTextOutA
GetTextExtentExPointA
CreateFontW
SetMiterLimit
GetTextFaceA
GetTextExtentExPointW
LPtoDP
Escape
GetTextColor
IntersectClipRect
DeleteEnhMetaFile
PolyPolygon
Polygon
GetObjectA
CopyEnhMetaFileA
SetPolyFillMode
GetTextMetricsW
UpdateICMRegKeyA
CreateColorSpaceA
SetBitmapBits
GetCharABCWidthsA
GetClipBox

advapi32

ElfOldestRecord
CheckTokenMembership
AbortSystemShutdownA
GetTrusteeFormW
QueryRecoveryAgentsOnEncryptedFile
GetTrusteeTypeA
RegCreateKeyW
RegisterEventSourceA
SetPrivateObjectSecurity
BuildImpersonateExplicitAccessWithNameW
CopySid
ReadEventLogA
GetFileSecurityA
RegQueryValueA
LsaGetQuotasForAccount
ElfReportEventA
AbortSystemShutdownW
I_ScSetServiceBitsA
GetMultipleTrusteeW
PrivilegedServiceAuditAlarmW
CreateProcessWithLogonW
IsTokenRestricted
CryptSetHashParam
CryptGetHashParam
AddAuditAccessAce
RegDeleteValueW
LsaSetTrustedDomainInfoByName
IsValidAcl

comctl32

ImageList_SetImageCount
FlatSB_SetScrollRange
ord13
ImageList_AddMasked
ord3
CreateStatusWindowW
ImageList_Write
InitializeFlatSB
ImageList_Create
ImageList_BeginDrag
ImageList_Read
ImageList_GetIconSize
ImageList_SetFilter
ord17
ImageList_LoadImageA
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_DragMove
FlatSB_ShowScrollBar
FlatSB_SetScrollInfo
ImageList_SetIconSize
ImageList_Remove
CreatePropertySheetPageW
ord5

shell32

StrRChrIW
SHGetSpecialFolderPathA
RealShellExecuteW
StrCmpNW
SHGetDataFromIDListW
StrChrIA
ord179
SHGetInstanceExplorer
ShellHookProc
StrRStrW
SHGetDesktopFolder
StrRChrIA
StrNCmpA

shlwapi

SHRegQueryInfoUSKeyW
PathMakeSystemFolderW
PathRemoveFileSpecW
PathRelativePathToA
StrToIntExW
PathIsPrefixW
PathIsSystemFolderW
UrlHashW
StrPBrkW
PathMakePrettyA
PathAddExtensionA
SHQueryValueExA
PathCommonPrefixW
SHRegCreateUSKeyA
SHGetValueW
PathIsSameRootA
SHQueryInfoKeyA
PathQuoteSpacesW
PathFindNextComponentA
SHRegEnumUSKeyA
PathRemoveFileSpecA
PathMakeSystemFolderA
PathMatchSpecW
UrlIsNoHistoryW
PathIsRootW
PathIsURLA
PathIsUNCServerW
PathSearchAndQualifyW
StrToIntExA
UrlCombineA
SHRegDeleteEmptyUSKeyA
UrlIsOpaqueW
SHRegSetUSValueW
PathCreateFromUrlA
SHRegGetUSValueA
StrSpnW
UrlCreateFromPathW
PathRemoveBlanksW
SHRegOpenUSKeyW
SHDeleteEmptyKeyW
PathGetCharTypeA
StrCSpnIA
SHOpenRegStreamA
StrFormatByteSizeA
PathAppendW
PathIsFileSpecA
StrCpyW
PathMakePrettyW
StrFromTimeIntervalW
PathCompactPathA
SHEnumKeyExA
PathSetDlgItemPathW
PathIsUNCServerA
UrlGetLocationW
PathIsUNCA
UrlUnescapeA
UrlApplySchemeA
PathUnquoteSpacesA

version

GetFileVersionInfoW
VerInstallFileW
VerQueryValueA
GetFileVersionInfoA
VerFindFileA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoSizeA
VerInstallFileA
VerQueryValueW

winmm

mmioAscend
midiStreamClose
waveInGetID
waveInReset
sndPlaySoundW
mmioWrite
midiOutReset
CloseDriver
mixerGetControlDetailsW
midiInPrepareHeader
mci32Message
midiDisconnect
mciGetErrorStringA
waveInGetDevCapsA
mmDrvInstall
midiOutUnprepareHeader
midiOutGetErrorTextA
waveOutWrite
waveInPrepareHeader
mciDriverYield
joyGetDevCapsA
timeGetSystemTime
joyGetNumDevs
midiInGetNumDevs
DrvGetModuleHandle
timeGetTime
mmTaskCreate
midiInMessage
joySetThreshold
waveInStart
mixerGetLineControlsA
auxGetDevCapsA
mid32Message
waveOutGetPosition
waveOutGetPlaybackRate
waveOutSetPlaybackRate
waveOutMessage
sndPlaySoundA
auxOutMessage
timeBeginPeriod
waveOutGetPitch
mciGetDeviceIDA
midiOutGetErrorTextW
midiStreamRestart
waveOutGetErrorTextW

winspool.drv

SetPrinterW
DeviceCapabilitiesA
FreePrinterNotifyInfo
AbortPrinter
ResetPrinterW
GetPrintProcessorDirectoryA
DeviceMode
WaitForPrinterChange
DeletePrintProcessorA
EnumPrintProcessorsA
StartDocPrinterW
StartPagePrinter
EnumMonitorsW
AddFormW
PrinterProperties
GetPrinterDataExW
GetJobW
DocumentPropertySheets
DeletePrinterDriverW
EnumPrinterDriversW
DeletePrintProcessorW
ord205
StartDocDlgW
AddPrinterW
SpoolerDevQueryPrintW
DeletePrinterDriverA
ord204
ord201
SetPortW
EnumPrinterDataExA
SeekPrinter
ConvertAnsiDevModeToUnicodeDevmode
GetPrinterDataW
GetSpoolFileHandle
DeletePrinterDataExA

msvcrt

_mbccpy
_mbsnset
feof
_mbctolower
printf
fgetc
fputs
_strcmpi
_fputchar
_unlink
_mbslwr
_mbcjmstojis
iswcntrl
fputc
fread
fopen
_fpclass
_cprintf
sprintf
fwprintf
_itoa
_ismbcalnum
islower
fprintf
memset
_msize
ftell
fseek
_atoi64
isspace
fsetpos
_spawnve
fclose
_set_sbh_threshold
fabs
_execve
ferror
__crtGetLocaleInfoW
fwrite

Exports

Exports

Apyrdo
Bvmrcbqzy
Ipeqpo
Jikkoae
Lxsq
Mznunultz
Pfpfjdy
Qdrbl
Ruayhvo
Twatmyw

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9949e841fa38b8316d88f859b9f63958

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

shell32

shlwapi

version

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 12KB - Virtual size: 8KB