3477968fed7dcb73a906280ef5e0a6f3a815b767f143f09f6df3c6fd9a4f4cf6

Sharing

Copy URL Twitter E-mail

General

Target

3477968fed7dcb73a906280ef5e0a6f3a815b767f143f09f6df3c6fd9a4f4cf6
Size

100KB
MD5

5680a671a57b269094580ef4b3eb91ee
SHA1

240cfd3dc4e60782f4064cd41e806dc56e15c889
SHA256

3477968fed7dcb73a906280ef5e0a6f3a815b767f143f09f6df3c6fd9a4f4cf6
SHA512

f988a23f9e157b1f588a2bc9b0e217b88272eadf3e86f599b9ac4b47e9c43613507a21451cf31e3c4b688597dbbb871983262275d8c84951dcb26d733da8071e
SSDEEP

1536:WbGBUJnM7X/tidyA1sQzY2A7ZRbDFCatURr7Q8I7KZWMfTMP1ieHz6Mg:WbGBUiXliF9zY2AjgatUl6K0IMJDg

Score

N/A

Malware Config

Signatures

Files

3477968fed7dcb73a906280ef5e0a6f3a815b767f143f09f6df3c6fd9a4f4cf6
.dll windows x86

0cbe67e9bc2e32f59f61448712753292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

crypt32

CryptSignAndEncodeCertificate
I_CryptGetAsn1Decoder
I_CryptUninstallOssGlobal
I_CryptFindLruEntry
CertFindExtension
CryptVerifyCertificateSignatureEx
CryptUnregisterDefaultOIDFunction
CryptProtectData
RegOpenKeyExU
I_CryptEnableLruOfEntries
CertRemoveStoreFromCollection
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptFindOIDInfo
I_CryptRegisterSmartCardStore
CertOpenSystemStoreW
RegCreateHKCUKeyExU
RegCreateKeyExU
I_CryptCreateLruEntry
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgCalculateEncodedLength
CertAddCertificateContextToStore
I_CryptWalkAllLruCacheEntries
RegOpenHKCUKeyExU
CertGetPublicKeyLength
CryptSIPRemoveSignedDataMsg
CryptFreeOIDFunctionAddress
CertEnumCRLsInStore
CertDeleteCTLFromStore
CryptEnumOIDFunction
CryptMsgGetParam
CertFreeCertificateContext
CertEnumSystemStore
CertAddCRLLinkToStore
CryptMsgVerifyCountersignatureEncodedEx
CryptExportPublicKeyInfoEx
CryptMsgCountersign
I_CryptAddRefLruEntry
CryptQueryObject
CertDeleteCRLFromStore
CryptStringToBinaryW
CertAddCRLContextToStore

sqlunirl

_GetCommandLine_@0
_GetEnhMetaFile_@4
_LookupPrivilegeName_@16
_GetModuleFileName@12
_SendMessageTimeout_@28
_MessageBoxIndirect_@4
_Shell_NotifyIcon_@8
_SetDefaultCommConfig_@12
_GlobalFindAtom_@4
_GetProfileString_@20
_SetCurrentDirectory_@4
_ExtractIcon_@12
_NDdeSetTrustedShare_@12
_SendDlgItemMessage@20
_PostThreadMessage_@16
_FindExecutable_@12
_FindFirstFile_@8
_CreateService_@52
_SHFileOperation_@4
_GetICMProfile_@12
_RegCreateKeyEx_@36
_CharPrev_@8
_TranslateAccelerator@12
_GetCurrentHwProfile_@4
_GetPrivateProfileStruct_@20
_SetProp@12
_ReadConsoleInput_@16
_WriteProfileString_@12
_RegUnLoadKey_@8

comctl32

ImageList_GetFlags
ImageList_SetOverlayImage
InitMUILanguage
DrawStatusTextW
ImageList_Create
CreateStatusWindowW
ImageList_SetDragCursorImage
ImageList_GetImageRect
ImageList_GetIconSize
ImageList_GetDragImage
UninitializeFlatSB
ImageList_DragMove
ImageList_Add
CreatePropertySheetPage
InitCommonControlsEx
ImageList_GetImageCount
ImageList_DrawEx
FlatSB_SetScrollInfo
CreateToolbar
FlatSB_GetScrollPos
CreatePropertySheetPageW
ImageList_GetBkColor
ImageList_Duplicate
ImageList_Replace
FlatSB_SetScrollProp
InitializeFlatSB
DrawStatusText
ImageList_LoadImageW
ImageList_DragLeave
ImageList_GetIcon
ImageList_DrawIndirect
FlatSB_ShowScrollBar
ImageList_Draw
ImageList_LoadImageA
ImageList_GetImageInfo
FlatSB_SetScrollPos
FlatSB_EnableScrollBar
ImageList_Merge

advapi32

RegisterServiceCtrlHandlerW
RegRestoreKeyW
RegOpenKeyW
GetAce
InitializeSecurityDescriptor
GetInformationCodeAuthzLevelW
RegDisablePredefinedCache
RegQueryInfoKeyW
RegOpenCurrentUser
RegSetValueA
DuplicateEncryptionInfoFile
CloseCodeAuthzLevel
ConvertSecurityDescriptorToAccessW
CredRenameA
GetMultipleTrusteeW
SystemFunction025
CredMarshalCredentialW
WmiQuerySingleInstanceA
LsaOpenAccount
SaferRecordEventLogEntry
RegOpenKeyExA
SystemFunction030
BuildImpersonateExplicitAccessWithNameA
SystemFunction022
CredpConvertCredential
ElfReportEventW
LsaCreateAccount
RegQueryValueW
LsaQuerySecurityObject
CryptExportKey
CommandLineFromMsiDescriptor
WmiMofEnumerateResourcesW

kernel32

EnumCalendarInfoExA
CreateToolhelp32Snapshot
GetComputerNameExW
CreateNamedPipeA
LoadLibraryA
GetFileInformationByHandle
SetFileTime
lstrcpyW
GetUserDefaultLCID
GetProcessAffinityMask
GetCommMask
GetCurrentThread
EnumSystemLocalesA
FindNextFileA
SetConsoleInputExeNameA
SignalObjectAndWait
VirtualProtectEx
GetModuleHandleA
GetConsoleCommandHistoryLengthA
FileTimeToSystemTime
WritePrivateProfileSectionA
SetSystemTime
GetModuleFileNameA
GetSystemWindowsDirectoryA
FindResourceExA
GetWindowsDirectoryA
LCMapStringW
SetConsoleHardwareState
BaseDumpAppcompatCache
OpenMutexA
GetExpandedNameA
LocalCompact
VirtualAlloc
GetThreadPriority
GetPrivateProfileSectionA
GlobalAlloc
WriteFileGather
ResetWriteWatch
AddAtomA
lstrlenA
GetDriveTypeA
WriteConsoleInputA
CompareStringA
GetTempFileNameA
GetSystemWow64DirectoryW
GlobalFindAtomW
FatalAppExitW
OpenJobObjectW
ReleaseActCtx
GetNamedPipeHandleStateW
AddConsoleAliasW
EnumDateFormatsA
GetWindowsDirectoryW
DeleteCriticalSection
ConvertFiberToThread
FindFirstVolumeA
GetSystemInfo
IsBadHugeReadPtr
CreateFileMappingA
QueryDosDeviceA
FillConsoleOutputCharacterA
Heap32ListFirst
CreateTapePartition
GlobalDeleteAtom
DeleteAtom
GetStringTypeExA
WritePrivateProfileStructW
SetCurrentDirectoryA

Exports

Exports

InstallU
PluginCommand
PluginMain
PluginName
PluginType
PluginVersion
WSPStartup

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cbe67e9bc2e32f59f61448712753292

Headers

File Characteristics

Imports

crypt32

sqlunirl

comctl32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 37KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 37KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 916B