0de8df90e6f56d7388c3f3d91901fce803c169daaac3413a2b04654ac9e9f2e9

Sharing

Copy URL Twitter E-mail

General

Target

0de8df90e6f56d7388c3f3d91901fce803c169daaac3413a2b04654ac9e9f2e9
Size

167KB
MD5

63d030c6d2ceb55d613328db8e5e22e6
SHA1

389eb18606d90fb5731f69ce8309b0cae5b03819
SHA256

0de8df90e6f56d7388c3f3d91901fce803c169daaac3413a2b04654ac9e9f2e9
SHA512

335af765cefe79dc742f7ae1d4225e1f315339d7401128dd9dcb26714652355a6e90bc6c1bbc86927ada75d531cbdb02df32ef1e1cd93a1bc19348f202039faa
SSDEEP

3072:jl4mCowQF/T5RGZarvpMfrtjsRSxyfV9x5OAkBKS8tdlMym2SlHJwPa1SRKwEEr9:KO7F/TusPRoulIX8VIFJqa1pErwu7

Score

N/A

Malware Config

Signatures

Files

0de8df90e6f56d7388c3f3d91901fce803c169daaac3413a2b04654ac9e9f2e9
.exe windows x86

6c08a5f9e1bca3e85e0a886011dd5095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FreeLibrary
GetCommModemStatus
GetCommState
GetCommTimeouts
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSizeEx
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetThreadTimes
HeapAlloc
HeapDestroy
HeapFree
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalFree
LockResource
FileTimeToDosDateTime
OpenEventW
OpenFileMappingW
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
ResetEvent
RtlUnwind
SetCommMask
SetCommState
SetCommTimeouts
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetThreadContext
SetUnhandledExceptionFilter
SizeofResource
SleepEx
SuspendThread
SwitchToFiber
TerminateThread
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObjectEx
WaitNamedPipeW
WriteFile
WriteProcessMemory
ExitProcess
EnterCriticalSection
DuplicateHandle
DisableThreadLibraryCalls
DeviceIoControl
DeleteFileA
DeleteFiber
DebugBreak
DebugActiveProcess
CreateThread
CreateSemaphoreA
CreateRemoteThread
CreateNamedPipeW
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryW
ContinueDebugEvent
ConnectNamedPipe
ClearCommError
MapViewOfFile
CancelIo

winmm

waveOutGetVolume
waveInOpen
mmsystemGetVersion
midiStreamRestart
midiOutClose
midiInUnprepareHeader
midiInReset
mciFreeCommandResource
joyGetThreshold
aux32Message
mmioWrite

version

GetFileVersionInfoSizeW
VerQueryValueA
VerFindFileA
GetFileVersionInfoW

rpcrt4

RpcIfIdVectorFree
RpcServerInqIf
RpcErrorGetNumberOfRecords
RpcSsDestroyClientContext
RpcSsGetContextBinding
RpcAsyncRegisterInfo
RpcAsyncCancelCall
NdrpReleaseTypeGenCookie
NdrXmitOrRepAsFree
NdrSimpleTypeUnmarshall
NdrSimpleStructUnmarshall
NdrServerCall2
NdrRpcSsEnableAllocate
NdrPointerMarshall
NdrMesSimpleTypeDecode
NdrFullPointerXlatFree
NdrFixedArrayMemorySize
RpcSmDisableAllocate
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
I_RpcReceive
NdrFixedArrayFree
NdrEncapsulatedUnionBufferSize
NdrConformantVaryingStructMemorySize

msvcrt

_stricmp
_strnicmp
_vsnwprintf
_wcslwr
_wcsnicmp
_wcsupr
_wctime
_wgetenv
_wrename
_write
_wsetlocale
_wstrtime
_wtmpnam
_wtol
atoi
atol
ceil
feof
fgets
fprintf
fseek
ftell
isleadbyte
isprint
isspace
iswalnum
iswalpha
iswdigit
iswprint
iswspace
iswupper
ldexp
malloc
memcpy
memmove
printf
qsort
realloc
sscanf
strchr
strcpy
strcspn
_spawnlp
strncmp
strstr
strtoul
swscanf
towlower
towupper
wcsncmp
wcsncpy
wcsrchr
wctomb
_itow
_ismbcsymbol
_ismbcspace
_isatty
_iob
_initterm
_heapused
_getche
_fileno
_execl
_errno
_atoi64
_amsg_exit
__pioinfo
_spawnl
_snwprintf
_snprintf
_setsystime
__doserrno
__dllonexit
__badioinfo
__CxxFrameHandler
_XcptFilter
_purecall
_popen
_onexit
_memicmp
_lrotl
strncat
_lseeki64

msvbvm60

GetMem2
rtcNPer
rtcMIRR
rtcFilter
__vbaVarIdiv
__vbaStrLike
__vbaLateMemStAd
__vbaFreeVarList
__vbaFileSeek
Zombie_Invoke
VBDllCanUnloadNow
PutMem8

advapi32

RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
OpenThreadToken
OpenProcessToken
LsaRetrievePrivateData
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
GetLengthSid
FreeSid
CryptSetProvParam
CheckTokenMembership
AreAnyAccessesGranted
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAccessDeniedAce
AddAccessAllowedAce
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
DragAcceptFiles

ntdll

RtlpNtSetValueKey
RtlExtendedMagicDivide
RtlDestroyEnvironment
NtQueryInformationToken
ZwShutdownSystem

user32

GetMessageA
GetMouseMovePointsEx
GetScrollBarInfo
GetScrollInfo
GetScrollRange
GetUserObjectSecurity
IntersectRect
InvertRect
PostQuitMessage
RegisterClassA
SendInput
SetCursor
SetLastErrorEx
SetMessageExtraInfo
AllowSetForegroundWindow
ShowWindow
UpdateWindow
CharNextExA
CreateWindowExA
DdeClientTransaction
DdeFreeDataHandle
DdeImpersonateClient
DdeUnaccessData
DefWindowProcA
DispatchMessageA
EnumClipboardFormats
FlashWindowEx
GetDoubleClickTime
GetInputState
GetKeyState
SetMessageQueue

Exports

Exports

AAuxOpen
HrIStreamToBSTR
IsHttpUrlA
PszMonthFromIndex
UnlocStrEqNW

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c08a5f9e1bca3e85e0a886011dd5095

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

version

rpcrt4

msvcrt

msvbvm60

advapi32

shell32

ntdll

user32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB