231605a2b9e6459fbf5b079e733a106222c654837d01d4d5d9838b0e85608188

Sharing

Copy URL Twitter E-mail

General

Target

231605a2b9e6459fbf5b079e733a106222c654837d01d4d5d9838b0e85608188
Size

833KB
MD5

0a47ad234fab959ff64802d7b07b3e3c
SHA1

4f1dbd88071e9754f039588b31b0c08062def310
SHA256

231605a2b9e6459fbf5b079e733a106222c654837d01d4d5d9838b0e85608188
SHA512

a9a587c55e147cc85ffcf0a8d4c842384ff38260b46271d4ecd3900a2dbfa281c8e1b98dbe6b30adee9354a795a7105847d303ea63ee99cfd8588eb2e0b828f3
SSDEEP

12288:6SefugcFLa/Ywb+l6KtihwkR2EaF5ulD5Ef9ch05tJGl8MCYpV90zn/YTBgtTSno:TeGgAa/Y9czwzvgeWlD9IgB84UO5JF

Score

N/A

Malware Config

Signatures

Files

231605a2b9e6459fbf5b079e733a106222c654837d01d4d5d9838b0e85608188
.exe windows x86

f884324b04c656c4afffeece5332f64c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

CreateTempFile
CopyRegistry
WriteStreamToFile
HrGetStreamSize
StrToUintA
OpenFileStreamW
ChConvertFromHex
FIsValidFileNameCharA
FIsValidFileNameCharW
UpdateRebarBandColors
HrCopyStreamCBEndOnCRLF
CryptFreeFunc
GetHtmlCharset
HrStreamSeekBegin
HrCopyLockBytesToStream
CleanupGlobalTempFiles
HrRewindStream
MessageBoxInst
CreateLogFile
HrStreamSeekEnd
IsDigit
CreateTempFileStream
HrGetBodyElement
HrSetDirtyFlagImpl
PszToANSI
HrCopyStreamCB

kernel32

_llseek
GlobalAddAtomA
GlobalAlloc
GetHandleContext
ReadFile
CommConfigDialogW
lstrcatA
CreateProcessInternalA
OutputDebugStringW
SetDefaultCommConfigA
VirtualAllocEx
SetTapeParameters
IsValidLocale
GetProfileSectionW
WriteConsoleInputVDMA
DuplicateHandle
ExitProcess
UpdateResourceA
VirtualAlloc
FreeConsole
SetLocaleInfoW
Beep
IsBadHugeWritePtr
FileTimeToSystemTime
GetProfileIntA
WTSGetActiveConsoleSessionId
LoadLibraryA
GetSystemDefaultLCID
WaitNamedPipeW
TermsrvAppInstallMode
SetVolumeLabelA

ntdll

KiUserApcDispatcher
NtCreateKey
RtlReAllocateHeap
NtCreateProcessEx
RtlTraceDatabaseLock
RtlCreateUserSecurityObject
NtGetPlugPlayEvent
RtlCopySecurityDescriptor
NtRaiseException
_ltow
memset
RtlSplay
RtlTraceDatabaseCreate
RtlUnicodeStringToOemSize
mbstowcs
NtOpenThread
KiUserExceptionDispatcher
wcstol
RtlFlushSecureMemoryCache
ZwSecureConnectPort
NtAddAtom
RtlGetLengthWithoutTrailingPathSeperators
NtOpenKey
RtlSetSecurityObject
RtlFindNextForwardRunClear
NtQueryEaFile
RtlAddAce
RtlDeleteElementGenericTableAvl
RtlGetOwnerSecurityDescriptor
RtlFindActivationContextSectionGuid
RtlActivateActivationContext
NtQueryInformationThread

gdi32

GetMiterLimit
GdiPlayJournal
PlgBlt
RemoveFontResourceW
CLIPOBJ_bEnum
CloseFigure
UpdateICMRegKeyW
GdiConvertBitmapV5
GetKerningPairsW
SetDeviceGammaRamp
GdiConvertMetaFilePict
SelectClipRgn
PolyPatBlt
GetCharABCWidthsI
EngEraseSurface
ClearBitmapAttributes
GetBrushAttributes
EngLockSurface
GetGlyphOutlineA
SetWindowOrgEx
MoveToEx
DdEntry18
GdiDllInitialize
CreateICW
AddFontResourceA
PATHOBJ_bEnumClipLines
ExcludeClipRect
CreateDIBitmap
DdEntry26

ws2help

WahRemoveHandleContext
WahCloseNotificationHandleHelper
WahNotifyAllProcesses
WahDestroyHandleContextTable
WahOpenHandleHelper
WahOpenCurrentThread
WahDisableNonIFSHandleSupport
WahCreateSocketHandle
WahCloseThread
WahEnumerateHandleContexts
WahCloseSocketHandle
WahOpenNotificationHandleHelper
WahCreateNotificationHandle
WahCreateHandleContextTable
WahCloseApcHelper
WahOpenApcHelper
WahQueueUserApc
WahInsertHandleContext
WahEnableNonIFSHandleSupport
WahReferenceContextByHandle
WahCompleteRequest
WahWaitForNotification
WahCloseHandleHelper

user32

DdeSetUserHandle
ShowWindow
wsprintfW
MessageBoxTimeoutA
GetMessageTime
ChangeDisplaySettingsW
GetPriorityClipboardFormat
SetClipboardViewer
OemToCharA
BuildReasonArray
GetDlgCtrlID
InsertMenuW
AnyPopup
GetUpdateRgn
OpenClipboard
DrawFocusRect
SendIMEMessageExW
DdeQueryStringW
DdeQueryConvInfo
GetLastInputInfo
SetWindowTextW
TrackPopupMenu
DlgDirListComboBoxW
AlignRects
EnumPropsW
GetCursorInfo
ValidateRect
DdeConnectList
GetMessagePos

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f884324b04c656c4afffeece5332f64c

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

kernel32

ntdll

gdi32

ws2help

user32

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 164KB - Virtual size: 1.5MB

.rsrc Size: 148KB - Virtual size: 148KB

.reloc Size: 1024B - Virtual size: 996B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 164KB - Virtual size: 1.5MB

.rsrc
Size: 148KB - Virtual size: 148KB

.reloc
Size: 1024B - Virtual size: 996B