8d36e184c5e0190cb59afbfc22149c1d871c008f54b0a76890a84dbd0daa6a7c

Sharing

Copy URL Twitter E-mail

General

Target

8d36e184c5e0190cb59afbfc22149c1d871c008f54b0a76890a84dbd0daa6a7c
Size

1.8MB
MD5

5d0a376df9955a6ef24956ab7d8dc4f3
SHA1

5d654191cfdaa6f7fb8577c9e09f791b682a1fdf
SHA256

8d36e184c5e0190cb59afbfc22149c1d871c008f54b0a76890a84dbd0daa6a7c
SHA512

461e80674b6512adc16bb94edde18ef4ebbd7fb017fd2f5a482a861b38cb2d8e51baefce620eba1961929f952ed48bd6d66cd4acaf6a0e59365e7bd17c126117
SSDEEP

49152:lth98KzUCTvk8ZShOey38Vc0J7RiC4PafPfEwp0NCFdx0o:lth98KzUCTvNI3W0HiNvwp0NC2o

Score

N/A

Malware Config

Signatures

Files

8d36e184c5e0190cb59afbfc22149c1d871c008f54b0a76890a84dbd0daa6a7c
.exe windows x86

ea303686eb7c15d4a6ccaa0e3600ffd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

pdh

PdhLookupPerfIndexByNameW
PdhVbOpenQuery
PdhSelectDataSourceA
PdhGetLogFileSize
PdhGetCounterInfoW
PdhListLogFileHeaderW
PdhBrowseCountersA
PdhUpdateLogFileCatalog
PdhUpdateLogW
PdhEnumMachinesA
PdhReadRawLogRecord
PdhValidatePathW
PdhEnumObjectsA
PdhGetDataSourceTimeRangeW
PdhCalculateCounterFromRawValue
PdhExpandWildCardPathW
PdhVbAddCounter
PdhExpandCounterPathA
PdhVbGetCounterPathFromList
PdhOpenQuery
PdhFormatFromRawValue
PdhIsRealTimeQuery
PdhGetFormattedCounterArrayA
PdhGetDllVersion
PdhCollectQueryDataEx
PdhGetDefaultPerfObjectW
PdhVbGetOneCounterPath
PdhVbGetLogFileSize
PdhAddCounterA
PdhExpandWildCardPathA
PdhSetDefaultRealTimeDataSource
PdhGetRawCounterValue

msvcp60

_Toupper

mscms

InternalGetPS2ColorRenderingDictionary
GetCMMInfo
InternalGetPS2ColorSpaceArray
GetColorProfileFromHandle
TranslateColors
UninstallColorProfileW
GetStandardColorSpaceProfileW
CreateColorTransformA
UnregisterCMMA
GetPS2ColorRenderingDictionary
InternalGetPS2CSAFromLCS
InstallColorProfileA
SelectCMM
GenerateCopyFilePaths
DeleteColorTransform
GetColorDirectoryW
SetColorProfileHeader
CloseColorProfile
GetColorProfileHeader
EnumColorProfilesW
AssociateColorProfileWithDeviceA
UnregisterCMMW
DisassociateColorProfileFromDeviceA
InstallColorProfileW
RegisterCMMA
CreateColorTransformW
GetNamedProfileInfo
TranslateBitmapBits
GetPS2ColorRenderingIntent
DisassociateColorProfileFromDeviceW
IsColorProfileValid
InternalGetDeviceConfig
EnumColorProfilesA
SetStandardColorSpaceProfileA
UninstallColorProfileA
SetColorProfileElement
OpenColorProfileA
GetColorDirectoryA
OpenColorProfileW
InternalGetPS2PreviewCRD

cliconfg

OnInitDialogMain
ClientConfigureAddEdit
CPlApplet

docprop

DllCanUnloadNow
DllGetClassObject

msoert2

PszEscapeMenuStringA
PszScanToCharA
OpenFileStream
PszSkipWhiteW
CreateTempFile
CreateDataObject
HrGetElementImpl
PszDayFromIndex
OpenFileStreamShareW
HrStreamSeekCur
PVGetCertificateParam
HrIndexOfWeek
HrCopyStream
HrLPSZCPToBSTR
CrackNotificationPackage
CreateTempFileStream
HrCopyStreamCB
ReplaceCharsW
WriteStreamToFileHandle
IsUpper
IsDigit
FIsEmptyA
CryptAllocFunc
FMissingCert
CreateSystemHandleName
CreateLogFile
HrIndexOfMonth
HrFindInetTimeZone
OpenFileStreamWithFlagsW
IsValidFileIfFileUrlW
WriteStreamToFileW
FIsSpaceW
HrGetStreamPos
PszAllocA
PszDupW
GetDllMajorVersion
FIsEmptyW
IsPrint

stclient

DllRegisterServer
DllUnregisterServer
DllCanUnloadNow
DllGetClassObject

kernel32

WriteProfileSectionA
Process32Next
ResumeThread
CommConfigDialogA
AddConsoleAliasW
_hread
CloseHandle
RegisterWowBaseHandlers
VirtualAlloc
MapUserPhysicalPages
GetFullPathNameW
EnumLanguageGroupLocalesW
FreeLibrary
Process32FirstW
GetThreadTimes
GetConsoleWindow
SetCommConfig
FillConsoleOutputCharacterA
GetFileType
GetVolumePathNameA
SetThreadPriority
ProcessIdToSessionId
Beep
OpenFileMappingW
HeapSummary
WriteConsoleInputA
GetLastError
FreeLibraryAndExitThread
GetConsoleScreenBufferInfo
QueryPerformanceCounter
CompareStringW
ReadConsoleOutputA
SetCalendarInfoA
BuildCommDCBAndTimeoutsW
CreateDirectoryExA
DisableThreadLibraryCalls
QueueUserWorkItem
GetConsoleDisplayMode
GlobalFindAtomA
CreateMailslotA
HeapLock
SetHandleCount
GetModuleFileNameA
GetConsoleInputExeNameA
GetProcessWorkingSetSize
EnumCalendarInfoExA
SetConsoleNlsMode
VerifyConsoleIoHandle
_lread
OpenSemaphoreW
FindNextVolumeA
WriteConsoleInputVDMW

deskadp

DllCanUnloadNow
DllGetClassObject

wintrust

CryptCATOpen
CryptCATPutMemberInfo
DriverFinalPolicy
SoftpubLoadSignature
TrustDecode
CryptSIPCreateIndirectData
DriverInitializePolicy
CryptCATCatalogInfoFromContext
TrustFreeDecode
WVTAsn1SpcFinancialCriteriaInfoDecode
CryptCATCDFEnumMembers
WTHelperGetProvPrivateDataFromChain
DriverCleanupPolicy
WintrustCertificateTrust
SoftpubDefCertInit
WTHelperProvDataFromStateData
WintrustGetRegPolicyFlags
WVTAsn1SpcSigInfoDecode
WintrustAddDefaultForUsage
WTHelperGetFileName
CryptCATCDFEnumCatAttributes
CryptCATCDFOpen
WTHelperOpenKnownStores
WVTAsn1CatNameValueDecode
WVTAsn1SpcStatementTypeEncode
mssip32DllUnregisterServer
WTHelperGetAgencyInfo
SoftpubLoadDefUsageCallData
OfficeCleanupPolicy
WVTAsn1CatMemberInfoEncode
CryptCATGetMemberInfo
MsCatFreeHashTag
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcPeImageDataEncode
CatalogCompactHashDatabase
DllRegisterServer
WVTAsn1SpcFinancialCriteriaInfoEncode
CryptCATPutAttrInfo

iassvcs

IASRadiusCrypt
IASReportEvent
IASAdler32
IASInitialize
IASRegisterComponent
DllUnregisterServer
IASUninitialize
IASSetMaxNumberOfThreads
DllGetClassObject
DllCanUnloadNow
IASVariantChangeType
IASSetMaxThreadIdle
IASAllocateUniqueID
IASRequestThread
DllRegisterServer

advpack

GetVersionFromFile

dinput

DirectInputCreateEx
DllRegisterServer
DirectInputCreateW
DllGetClassObject
DirectInputCreateA
DllUnregisterServer
DllCanUnloadNow

mciwave

DriverProc

certcli

CAGetCertTypeProperty
CACountCertTypes
CAAddCACertificateType
CAFindByIssuerDN
CASetCertTypeProperty
CAEnumCertTypes
CASetCertTypeFlags
CAFreeCertTypeExtensions
CASetCAFlags
CACreateCertType
CASetCACertificate
CAEnumNextCA
CAFindByCertType

sqlwoa

ConvertMultiSZNameToW
_trename
newMultiByteFromWideCharSize
_tsystem
newWideCharFromMultiByte
newMultiByteFromWideChar
newMultiByteFromWideCharEx
AllocConvertMultiSZNameToA
_tfopen

ws2help

WahEnableNonIFSHandleSupport
WahCreateNotificationHandle
WahCompleteRequest
WahCloseApcHelper
WahNotifyAllProcesses
WahRemoveHandleContext
WahCreateSocketHandle
WahDestroyHandleContextTable
WahCloseHandleHelper
WahWaitForNotification
WahOpenNotificationHandleHelper
WahOpenHandleHelper
WahCloseSocketHandle
WahCreateHandleContextTable
WahOpenApcHelper
WahDisableNonIFSHandleSupport
WahQueueUserApc

ntmarta

AccProvRevokeAuditRights
AccConvertAclToAccess
AccProvSetAccessRights
AccRewriteSetHandleRights
AccProvHandleGrantAccessRights
AccLookupAccountTrustee
AccProvIsObjectAccessible
EventNameFree
AccProvIsAccessAudited
AccProvHandleGetAllRights
AccProvGetAccessInfoPerObjectType
AccConvertAccessToSD
AccGetAccessForTrustee
AccProvGrantAccessRights
AccLookupAccountSid
AccProvGetCapabilities
AccRewriteGetHandleRights
AccConvertAccessToSecurityDescriptor
AccProvHandleRevokeAccessRights
AccSetEntriesInAList
AccProvGetAllRights
EventGuidToName
AccConvertSDToAccess
AccProvHandleSetAccessRights
AccProvGetOperationResults
AccRewriteSetNamedRights
AccProvHandleIsObjectAccessible
AccConvertAccessMaskToActrlAccess
AccProvHandleGetAccessInfoPerObjectType
AccRewriteSetEntriesInAcl
AccRewriteGetNamedRights
AccProvGetTrusteesAccess
AccProvHandleRevokeAuditRights
AccProvHandleIsAccessAudited
AccLookupAccountName
AccRewriteGetExplicitEntriesFromAcl
AccProvHandleGetTrusteesAccess
AccProvCancelOperation

Sections

.data
Size: - Virtual size: 14.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 636KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea303686eb7c15d4a6ccaa0e3600ffd8

Headers

File Characteristics

Imports

pdh

msvcp60

mscms

cliconfg

docprop

msoert2

stclient

kernel32

deskadp

wintrust

iassvcs

advpack

dinput

mciwave

certcli

sqlwoa

ws2help

ntmarta

Sections

.data Size: - Virtual size: 14.7MB

.rdata Size: 636KB - Virtual size: 636KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 80KB - Virtual size: 79KB

.rsrc Size: 56KB - Virtual size: 56KB

.data
Size: - Virtual size: 14.7MB

.rdata
Size: 636KB - Virtual size: 636KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 56KB - Virtual size: 56KB