6f7bb3a3bdbaff8e0fe561269db9288f9cb1b126418d93e058a59aeeb918ef71

Sharing

Copy URL Twitter E-mail

General

Target

6f7bb3a3bdbaff8e0fe561269db9288f9cb1b126418d93e058a59aeeb918ef71
Size

116KB
MD5

6059eeb5a5a492ce9da34fe311ae6990
SHA1

04306e2b5497309826aa059912e1eddeaa62bae5
SHA256

6f7bb3a3bdbaff8e0fe561269db9288f9cb1b126418d93e058a59aeeb918ef71
SHA512

7dba0a22723794fda61385af3d4416816cd82be1f522dc86b55b41452616ef8518e02a90a8426a4f8e7a3ec998fa7922777230d59a495084fa2a5be0f5136cc0
SSDEEP

3072:J3RsSY4ySWuQ7/DIGiw4EMcj7W4dcCZ6ilX2a:lRlLCZVHWMc86k

Score

N/A

Malware Config

Signatures

Files

6f7bb3a3bdbaff8e0fe561269db9288f9cb1b126418d93e058a59aeeb918ef71
.dll windows x86

de89d19048f3a91af01d88bfe0997ce0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleOutputAttribute
GetConsoleWindow
AllocConsole
GetDriveTypeA
CreateSemaphoreA
CreateNamedPipeW
GetProcAddress
GetConsoleFontInfo
GetTimeFormatW
CreateConsoleScreenBuffer
ReleaseMutex
WriteFileEx
ReadConsoleA
Heap32First
CloseProfileUserMapping
GetConsoleCP
QueryPerformanceCounter
SetFilePointerEx
EnumDateFormatsExA
ReadConsoleInputW
ResumeThread
SetTapeParameters
GetModuleHandleA
FindFirstFileW
FillConsoleOutputAttribute
GetConsoleAliasExesW
IsValidCodePage
Heap32ListFirst
ReadConsoleInputA
WritePrivateProfileSectionW
FillConsoleOutputCharacterA
LoadLibraryExA
HeapSummary
GetDiskFreeSpaceW
GetFullPathNameA
CreateSemaphoreW
ExpungeConsoleCommandHistoryA
VirtualAlloc
WaitNamedPipeA
EnumCalendarInfoExW
EnumDateFormatsA
GetModuleHandleW
FreeResource
FoldStringA
WriteFileGather
CreateFileMappingW
PeekConsoleInputW
GetSystemTime
IsBadHugeWritePtr
GetLocalTime
ClearCommError
ExpandEnvironmentStringsA
GetConsoleCommandHistoryW
EnumDateFormatsW
WaitForSingleObject
SwitchToThread
WriteConsoleInputA
MapViewOfFile
FindNextChangeNotification
PeekConsoleInputA
SetConsoleNumberOfCommandsA
FreeLibrary
CreateMailslotW
AddConsoleAliasW
ReadConsoleOutputA
GetThreadTimes
GetFileInformationByHandle
OpenMutexW
LoadLibraryA
IsValidLocale
GetVersion
GetHandleInformation

user32

UnhookWinEvent
CharToOemBuffA
IsCharUpperW
EndDeferWindowPos
CloseWindow
RealChildWindowFromPoint
SetClipboardData
MessageBoxExW
UnionRect
GetMenuDefaultItem
GetCursor
DrawIcon
GetAltTabInfoA
CallNextHookEx
CharUpperBuffA
ChangeDisplaySettingsA
SendNotifyMessageA
GetWindowTextLengthA
CreateWindowStationA
GetWindowLongA
EnumDisplaySettingsExW
GetMenuItemID
ValidateRect
CreateIconFromResourceEx

advapi32

RegEnumValueW
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
LsaEnumerateTrustedDomainsEx
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmA
CloseEventLog
OpenSCManagerW
CryptGetUserKey
ConvertStringSidToSidW
GetFileSecurityA
GetPrivateObjectSecurity
SystemFunction026
SetEntriesInAclW
RegisterEventSourceA
ElfCloseEventLog
StartServiceCtrlDispatcherW
RemoveUsersFromEncryptedFile
GetTrusteeFormA
FindFirstFreeAce
LsaEnumeratePrivilegesOfAccount
SetThreadToken
ObjectPrivilegeAuditAlarmA
LsaLookupSids
LookupSecurityDescriptorPartsA
PrivilegedServiceAuditAlarmW
QueryServiceStatus
SystemFunction001
ConvertStringSidToSidA
CryptDuplicateHash
LsaGetRemoteUserName
SetPrivateObjectSecurity
TrusteeAccessToObjectA
OpenBackupEventLogA
CryptDuplicateKey
CreatePrivateObjectSecurity
PrivilegeCheck
CryptImportKey
LsaOpenSecret
EqualSid
AbortSystemShutdownA
CryptHashSessionKey
DeleteAce
ElfOpenEventLogA
DestroyPrivateObjectSecurity
QueryServiceConfigA
SetServiceBits
ElfReportEventW
SystemFunction005
SystemFunction033
SystemFunction024
GetMultipleTrusteeOperationA
FreeSid
LsaQueryDomainInformationPolicy
RegQueryValueA
CryptSetProviderExW
SetFileSecurityW
LsaCreateTrustedDomain
OpenSCManagerA
GetServiceKeyNameA
QueryServiceLockStatusW
GetAclInformation
RegDeleteKeyA
LsaQueryInfoTrustedDomain
StartServiceCtrlDispatcherA
ConvertSecurityDescriptorToAccessNamedA
CryptCreateHash
AccessCheckByTypeResultListAndAuditAlarmW
LsaOpenTrustedDomain
LsaGetQuotasForAccount
DuplicateToken
QueryServiceConfig2A
LsaSetInformationTrustedDomain
SetFileSecurityA
IsValidSecurityDescriptor
RegEnumValueA
LsaOpenPolicy
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaGetSystemAccessAccount
SystemFunction029
ReadEventLogA
I_ScSetServiceBitsW

shell32

StrChrIW
StrStrW

shlwapi

PathStripPathW
PathIsDirectoryW
StrTrimA
IntlStrEqWorkerW
StrPBrkA
PathIsUNCW
StrSpnA
PathFindExtensionA
IntlStrEqWorkerA
SHRegSetUSValueW
SHRegEnumUSKeyW
SHDeleteOrphanKeyA
UrlIsNoHistoryW
SHCreateShellPalette
SHRegGetUSValueW
PathSetDlgItemPathA
PathUnquoteSpacesA
PathIsFileSpecW
PathGetCharTypeA
PathMakeSystemFolderW
StrTrimW
PathMakeSystemFolderA
UrlApplySchemeW
StrSpnW
SHDeleteEmptyKeyA
PathGetDriveNumberA
PathSearchAndQualifyA
SHEnumKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerInstallFileA
VerQueryValueW

msvcrt

asin
fread
fclose
fwrite
difftime
fwprintf
feof
fprintf
_unlink
fseek
fputs
_ultow
memset
ftell
sprintf
ferror
fputc
__CxxFrameHandler
printf
fopen
fsetpos
_write

Exports

Exports

Fkihgzyc
Jlovk
Kgerivwema
Mfzcrzn
Vhuwlv
Xcvgq
Xgpcnpocz
Yhhmtqv
Zjasjvf

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de89d19048f3a91af01d88bfe0997ce0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 6KB