55af388de1da79c9fb48135583470a2af589967a1ee768bd2a704fa36fbeaba3

Sharing

Copy URL Twitter E-mail

General

Target

55af388de1da79c9fb48135583470a2af589967a1ee768bd2a704fa36fbeaba3
Size

239KB
MD5

09465652f864bc37b7d9a0515be32890
SHA1

e4ccd7265663eab39d3389d839b5576378e373e0
SHA256

55af388de1da79c9fb48135583470a2af589967a1ee768bd2a704fa36fbeaba3
SHA512

cf9cbfa849355a3fb99905b2fc2ea1bf72935f633479b985d95280e292efa53944ca40105545b78d87907f802e96034a87ded6ef53e2043bd4d87bdf71e61523
SSDEEP

6144:eZ1/j9ks12S/Tt3ogoVf+5F/c6DTjTpGpwSnMX/TN:CPtKu0mKBU

Score

N/A

Malware Config

Signatures

Files

55af388de1da79c9fb48135583470a2af589967a1ee768bd2a704fa36fbeaba3
.exe windows x86

39762c4533771640ffadb9ca8cde0c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalUnfix
SetTermsrvAppInstallMode
FreeResource
WaitNamedPipeA
GetSystemTimeAsFileTime
IsValidCodePage
GetConsoleCP
RegisterWaitForSingleObjectEx
GetLocaleInfoW
CreateHardLinkA
MultiByteToWideChar
InitializeCriticalSection
EnumLanguageGroupLocalesA
GetFullPathNameW
CompareStringA
GetEnvironmentVariableA
GetSystemWindowsDirectoryW
LoadLibraryW

sqlunirl

_CharLower@4
_RegOpenKeyEx_@20
_StartService_@12
_EnumDependentServices_@24
_DefMDIChildProc_@16
_GetCurrentHwProfile_@4
_FindNextFile_@8
_ObjectPrivilegeAuditAlarm_@24
_AccessCheckAndAuditAlarm_@44
_FatalAppExit_@8
_CreateScalableFontResource_@16
_ObjectDeleteAuditAlarm_@12
_SendMessageTimeout_@28
_GetBinaryType_@8
_RegQueryMultipleValues_@20
_EnumDesktops_@12
_GetDiskFreeSpace_@20
_GetMessage_@16
_SetDefaultCommConfig_@12
_CompareString_@24
_PrivilegedServiceAuditAlarm_@20

olecli32

LeObjectConvert
OleSetLinkUpdateOptions
DibEnumFormat
OleQueryReleaseError
DefCreateFromFile
ObjQuerySize
PbCopyToClipboard
OleRevertClientDoc
DibCopy
LeSetHostNames
GenChangeData
DefCreateLinkFromClip
OleExecute
ConnectDlgProc
LeSaveToStream
ErrShow

msrating

ChangeSupervisorPassword
RatingCustomRemoveRatingHelper
RatingCustomSetUserOptions
RatingAddPropertyPages
RatingCustomAddRatingSystem
RatingCheckUserAccess
RatingCustomDeleteCrackedData
RatingSetupUI
RatingCustomSetDefaultBureau
RatingCustomCrackData
RatingEnabledQuery
ClickedOnRAT
RatingCustomAddRatingHelper
RatingObtainQuery
RatingInit
RatingFreeDetails
ClickedOnPRF
RatingAccessDeniedDialog
RatingObtainCancel
RatingEnable
RatingAccessDeniedDialog2
RatingCustomInit

cfgmgr32

CM_Free_Log_Conf_Handle
CM_Get_Hardware_Profile_InfoW
CM_Get_Device_ID_List_ExW
CM_Get_Hardware_Profile_Info_ExA
CM_Run_Detection_Ex
CM_Free_Res_Des
CM_Locate_DevNode_ExW
CM_Get_Next_Log_Conf
CM_Register_Device_Interface_ExA
CM_Get_Next_Log_Conf_Ex
CM_Setup_DevNode_Ex
CM_Get_Device_ID_List_SizeA
CM_Get_DevNode_Status_Ex

usp10

ScriptStringOut
ScriptStringValidate
ScriptPlace
ScriptShape
ScriptStringAnalyse
ScriptLayout
UspFreeMem
UspAllocTemp
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringXtoCP
ScriptXtoCP
LpkPresent
ScriptRecordDigitSubstitution
ScriptString_pLogAttr
ScriptIsComplex
ScriptBreak

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39762c4533771640ffadb9ca8cde0c80

Headers

File Characteristics

Imports

kernel32

sqlunirl

olecli32

msrating

cfgmgr32

usp10

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 3KB - Virtual size: 3KB