1caf83b3847d9a0f3a8a47f6c67352fff4a6ee27fe822297231dbd1401d426ab

Sharing

Copy URL Twitter E-mail

General

Target

1caf83b3847d9a0f3a8a47f6c67352fff4a6ee27fe822297231dbd1401d426ab
Size

166KB
MD5

9c9f4eb5998e2765577b115eef4a837e
SHA1

d79c54ca85c1998415d13583e5257b06d944fe6e
SHA256

1caf83b3847d9a0f3a8a47f6c67352fff4a6ee27fe822297231dbd1401d426ab
SHA512

8fddb49d63293e0050b935324febb014a8ed0bdb4241135718f6962f5436d6cde2b9bd447648f59b13b92ae2a5c126fa43d4dd4b96a55c4e5d332b1a79636907
SSDEEP

3072:FiKPNXehkSKXcBpcbNN1XC+rpGml838PR2D++gzMp5T1cJ+eVHoRB4JJ2Mpdc:KKXcBpcb9S+rYmlRwDVGMp5RAxORByd

Score

N/A

Malware Config

Signatures

Files

1caf83b3847d9a0f3a8a47f6c67352fff4a6ee27fe822297231dbd1401d426ab
.exe windows x86

d2b4ac2acc77d99046811996d35dea4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcSsGetContextBinding
RpcSsDestroyClientContext
RpcSmDisableAllocate
RpcServerInqIf
RpcAsyncRegisterInfo
RpcAsyncCancelCall
NdrpReleaseTypeGenCookie
NdrXmitOrRepAsFree
NdrSimpleTypeUnmarshall
NdrSimpleStructUnmarshall
NdrServerCall2
NdrRpcSsEnableAllocate
NdrPointerMarshall
NdrMesSimpleTypeDecode
NdrFullPointerXlatFree
NdrFixedArrayMemorySize
NdrFixedArrayFree
NdrEncapsulatedUnionBufferSize
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetThreadLocale
GetTickCount
GetVersion
InitializeCriticalSection
CreateThread
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlUnwind
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA
InterlockedDecrement

winmm

joyGetThreshold
midiOutClose
midiStreamRestart
mmioWrite
mmsystemGetVersion
waveInOpen
midiInReset

user32

GetShellWindow
GetWindowPlacement
IntersectRect
IsWindowUnicode
KillTimer
PostQuitMessage
PtInRect
GetPriorityClipboardFormat
GetListBoxInfo
SetTimer
ShowWindow
ToUnicode
UnpackDDElParam
UpdateWindow
WaitForInputIdle
GetNextDlgTabItem
RegisterClassA
GetMessageA
BringWindowToTop
CloseClipboard
CreateIconFromResourceEx
CreateMenu
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DispatchMessageA
EnableScrollBar
GetComboBoxInfo
GetDC
GetDlgItem
SetClipboardViewer

shell32

DragAcceptFiles
SHGetFolderPathW

msvcrt

_spawnlp
_strnicmp
_wcslwr
_wcsnicmp
_wcsupr
_wctime
_wgetenv
_wrename
_itow
_wsetlocale
_wstrtime
_wtmpnam
_wtol
atoi
atol
ceil
fgets
fprintf
isprint
isspace
iswalnum
iswalpha
iswdigit
iswprint
iswupper
_spawnl
malloc
memmove
qsort
realloc
strchr
strcpy
strncmp
swscanf
wcsncmp
wcsncpy
wcsrchr
wctomb
_ismbcsymbol
_ismbcspace
_isatty
_iob
_heapused
_errno
_atoi64
_amsg_exit
__doserrno
__dllonexit
__badioinfo
__CxxFrameHandler
_XcptFilter
_snprintf
_setsystime
_purecall
_popen
_onexit
_lseeki64
ldexp
_lrotl
_write

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
AreAnyAccessesGranted
CryptImportKey
CryptSetProvParam
ElfNumberOfRecords
FreeEncryptionCertificateHashList
FreeSid
GetLengthSid
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
LsaGetSystemAccessAccount
LsaSetQuotasForAccount
OpenProcessToken
OpenThreadToken
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SystemFunction014
AddAccessAllowedAce

Exports

Exports

ADeviceSetVolume
ARawDecodeDone
HrEditPhonebookEntry
ReplaceCharsW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2b4ac2acc77d99046811996d35dea4a

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

winmm

user32

shell32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB