c751ecf98a4c0010ab06a729df0bcb07584279559f00fe9b2cb4c4a4b36e0318

Sharing

Copy URL Twitter E-mail

General

Target

c751ecf98a4c0010ab06a729df0bcb07584279559f00fe9b2cb4c4a4b36e0318
Size

183KB
MD5

4c0c2e805e2b7bf6a93165264b26b920
SHA1

5cd78b99f851dcf7e5dd9c898d5feca9650402a4
SHA256

c751ecf98a4c0010ab06a729df0bcb07584279559f00fe9b2cb4c4a4b36e0318
SHA512

fea260b7395e65f46fa8ed44f18f811c1aaa8feb14712d1b01162298094d737005b5b2c88115c8d287fc08357f81fd93b61ae441a4e8c20f800c4a87f73aee6e
SSDEEP

3072:BdLqtTmEo4oHs6MgfYb2kHdhR558bO3iC41hqENfam0pwb1dZ7782aSRvxGy9wie:Bd8lO/4N4uRpi1dZ77WaJGcwiw0t

Score

N/A

Malware Config

Signatures

Files

c751ecf98a4c0010ab06a729df0bcb07584279559f00fe9b2cb4c4a4b36e0318
.exe windows x86

9b4897c501e88a1eb2311ab4fffad343

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCSpnW
StrStrIA
PathGetDriveNumberW
PathStripPathA
PathFindExtensionW
PathSkipRootW
PathStripPathW
StrStrA
StrCmpW
PathRemoveBlanksW
PathStripToRootW
PathRemoveExtensionA
PathFindFileNameW
StrTrimA
StrCSpnA
StrStrW
PathRemoveExtensionW
PathFindFileNameA
PathSkipRootA
PathFindExtensionA
StrTrimW
PathRemoveBlanksA
StrStrIW
StrCmpIW
PathStripToRootA
PathGetDriveNumberA

user32

GetClientRect
FindWindowW
GetDesktopWindow
GetForegroundWindow
FindWindowA

mfc42

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B

sqlwoa

_TranslateAccelerator@12
_GetWindowTextLength@4
_StartDoc@8
_CommDlg_OpenSave_GetFolderPath@12
_GetTextMetrics@8

hid

HidD_GetProductString
HidP_GetLinkCollectionNodes
HidP_GetData
HidP_GetExtendedAttributes
HidD_GetPhysicalDescriptor

msoeacct

HrCreateAccountManager
GetDllMajorVersion
ValidEmailAddress
DllGetClassObject
DllCanUnloadNow

inseng

DllGetClassObject
GetICifRWFileFromFile
GetICifFileFromFile
DownloadFile
CheckTrust

powrprof

SetActivePwrScheme
WritePwrScheme
LoadCurrentPwrScheme
IsPwrSuspendAllowed
ReadGlobalPwrPolicy

kernel32

TerminateProcess
SetConsoleCursorPosition
VirtualAlloc
lstrlenA
Thread32Next

tapi32

lineGetAgentCapsW
lineDevSpecificFeature
phoneGetStatusW
lineCreateAgentW
phoneGetHookSwitch

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b4897c501e88a1eb2311ab4fffad343

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

mfc42

sqlwoa

hid

msoeacct

inseng

powrprof

kernel32

tapi32

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 151KB - Virtual size: 154KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 151KB - Virtual size: 154KB

.reloc
Size: 5KB - Virtual size: 4KB