a6858e683acd715e854a9c21cf83c886eb80cd7dc7801f191360a5b00ed27e8b

Sharing

Copy URL Twitter E-mail

General

Target

a6858e683acd715e854a9c21cf83c886eb80cd7dc7801f191360a5b00ed27e8b
Size

46KB
MD5

cf2c2dc62ceeaf8a09ec1ca348b90571
SHA1

320d3fd4f81b31ed0af0ac34b37c07767fa713d1
SHA256

a6858e683acd715e854a9c21cf83c886eb80cd7dc7801f191360a5b00ed27e8b
SHA512

7679f17bcc1f11eddfca36dcc1a969fd05056e560f665414270555e8162c48e94376a6f84b1617193d4947af1a5fd6d2fdfc5c5ea27c6b83a28616341378860b
SSDEEP

768:t45SkgPKgOqz9S/d/z5Z7O8WD06L/86cOuO/rLIcf42Ry:tYS9K6z9SFOdl7dcEfIB2U

Score

N/A

Malware Config

Signatures

Files

a6858e683acd715e854a9c21cf83c886eb80cd7dc7801f191360a5b00ed27e8b
.exe windows x86

507d3e217819e6ad8cbd61b8097f825f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsWriteQuestionToBuffer_UTF8
Dns_WriteQuestionToMessage
DnsAsyncRegisterInit
DnsQuery_A
DnsFreeConfigStructure
Dns_SetRecordDatalength
DnsWriteQuestionToBuffer_W
DnsGetCacheDataTable
DnsStringCopyAllocateEx
Dns_RecvTcp

mprapi

RasPrivilegeAndCallBackNumber
MprAdminUserRead
MprAdminUserClose
MprInfoDelete
MprConfigTransportEnum
MprAdminInterfaceUpdateRoutes
MprConfigInterfaceGetHandle
MprConfigInterfaceTransportRemove
MprAdminTransportCreate
MprAdminBufferFree
MprInfoBlockRemove
MprAdminMIBBufferFree
MprInfoDuplicate
MprAdminServerGetCredentials
MprAdminInterfaceTransportRemove
MprAdminUserWriteProfFlags
MprAdminServerSetCredentials
MprAdminMIBServerConnect
MprConfigServerInstall
MprAdminInterfaceDeviceSetInfo
MprConfigInterfaceTransportGetInfo
MprAdminMIBEntryCreate
MprInfoBlockFind
MprAdminMIBServerDisconnect
MprConfigTransportGetHandle
MprAdminConnectionEnum
MprConfigServerBackup
MprInfoRemoveAll

user32

DispatchMessageA
VkKeyScanExW
ScrollWindowEx
IMPQueryIMEA
GetLayeredWindowAttributes
UnregisterHotKey
DialogBoxParamA
SetPropA
BuildReasonArray
DefDlgProcA
CreateIcon
DdeAddData
UnionRect
GetClipCursor
SetDlgItemInt
CallMsgFilterA
CopyRect
ChangeMenuA
GetWindowTextA

kernel32

LocalFlags
GetOEMCP
RemoveDirectoryW
LoadLibraryW
RtlFillMemory
FlushInstructionCache
GlobalMemoryStatus
FindFirstVolumeW
HeapCreate
CreateHardLinkA
OpenEventW

gdi32

PlayMetaFileRecord
Escape
CreateDCW
STROBJ_bGetAdvanceWidths
GetDCBrushColor
PlayEnhMetaFileRecord
SetColorAdjustment
CreateRectRgn
EngBitBlt
FONTOBJ_pQueryGlyphAttrs
EngCreateSemaphore
GdiGetPageCount
GdiDeleteLocalDC
GdiGetSpoolMessage
GetStringBitmapW
PATHOBJ_vGetBounds
PATHOBJ_bEnum

shdocvw

AddUrlToFavorites
DllRegisterWindowClasses
ImportPrivacySettings
HlinkFindFrame
HlinkFrameNavigate
DoPrivacyDlg
URLQualifyA
DoAddToFavDlgW
HlinkFrameNavigateNHL
SoftwareUpdateMessageBox
DoFileDownload
DoAddToFavDlg
DoOrganizeFavDlg
URLQualifyW
OpenURL
DllGetVersion
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
DoOrganizeFavDlgW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

507d3e217819e6ad8cbd61b8097f825f

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

mprapi

user32

kernel32

gdi32

shdocvw

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 604B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 604B

.rsrc
Size: 12KB - Virtual size: 11KB