fce7bdf356cf4e42f4d8a8b277d299e43f4e73a66344901364286ee449f9c6b3

Sharing

Copy URL Twitter E-mail

General

Target

fce7bdf356cf4e42f4d8a8b277d299e43f4e73a66344901364286ee449f9c6b3
Size

425KB
MD5

39b11191f6612529fe4a0f57007089af
SHA1

329badc2634bc6d5c3b330e16686f0aa5a43be09
SHA256

fce7bdf356cf4e42f4d8a8b277d299e43f4e73a66344901364286ee449f9c6b3
SHA512

549447c2007364a8ddd1866b4cf88450f3d07300396c7affc6278cbca9462691dda3f7918acf12bfa337035ad3aada883ef78a9856f3d041b3cf203919899f79
SSDEEP

12288:FZ42Jok7YZBYvPiPL+rF0cQ1c9C6svhYVYAuZ5C:Z7YETmjcH2zZ

Score

N/A

Malware Config

Signatures

Files

fce7bdf356cf4e42f4d8a8b277d299e43f4e73a66344901364286ee449f9c6b3
.exe windows x86

0d1e8b9121e36e2a28362b7437bcac7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glColor3bv
glColor3iv
glTexCoord1s
glColor4us
glRectdv
glLoadMatrixf
glPushClientAttrib
glVertex4f
glRasterPos2i
glDrawPixels
glIndexi
glTexImage1D
glTexEnvfv
glRasterPos4sv
glGenTextures
glTexCoord1dv
glCallList
glVertex2i
glMultMatrixd
glMap2d
glPopAttrib
glRectfv
glGetTexParameteriv
wglSwapBuffers
glRectf
wglGetDefaultProcAddress
glNormalPointer
glGetPointerv
glTexCoord2d
glGetTexEnvfv
glColor3uiv
glTexParameteriv
glVertex2iv
glIndexfv
glRasterPos2fv
glVertex4i
glNormal3sv
glVertex3dv
glGetMapfv
glMapGrid1d
glColor3f
wglGetCurrentDC
glDepthFunc
glTexCoord4f
wglCreateLayerContext
glRects
glTexCoord2s
glIndexsv
glIsEnabled
glReadPixels
glTexCoord4iv
glColor3sv
glLighti
glTexImage2D
glGetError
glColor4iv
glMaterialfv
glRasterPos3f
glCopyPixels
glColor4f
glIndexd
glNormal3f
wglGetPixelFormat
glDeleteTextures
glPixelStorei
glRasterPos3iv
glNormal3dv
glEndList
wglSwapLayerBuffers
glNormal3d
glTexCoord4sv
glVertex2f
glVertex4d
glDepthRange
glEvalCoord2d
glGetTexGendv
glColorPointer
glTexParameteri
glVertex3sv
glVertex2sv
glIndexiv
glGetString
glTexCoord1i

psapi

GetProcessMemoryInfo
EnumPageFilesA
EnumDeviceDrivers
GetMappedFileNameA
GetWsChanges
GetModuleInformation
GetModuleBaseNameA
QueryWorkingSet
GetDeviceDriverFileNameW
EmptyWorkingSet
GetPerformanceInfo
GetDeviceDriverFileNameA
EnumPageFilesW
EnumProcessModules
GetMappedFileNameW
GetModuleFileNameExA
GetDeviceDriverBaseNameW
GetModuleFileNameExW
GetDeviceDriverBaseNameA
EnumProcesses
GetModuleBaseNameW
GetProcessImageFileNameA
GetProcessImageFileNameW
InitializeProcessForWsWatch

wtsapi32

WTSEnumerateServersW
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSSendMessageA
WTSCloseServer
WTSVirtualChannelClose
WTSVirtualChannelPurgeOutput
WTSVirtualChannelWrite
WTSSetUserConfigW
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSVirtualChannelRead
WTSSendMessageW
WTSTerminateProcess
WTSOpenServerA
WTSVirtualChannelOpen
WTSLogoffSession
WTSDisconnectSession
WTSRegisterSessionNotification
WTSEnumerateServersA
WTSWaitSystemEvent
WTSSetSessionInformationA
WTSEnumerateProcessesW
WTSSetSessionInformationW
WTSEnumerateProcessesA
WTSFreeMemory
WTSOpenServerW
WTSEnumerateSessionsW
WTSQueryUserConfigA
WTSSetUserConfigA
WTSQueryUserConfigW
WTSVirtualChannelQuery
WTSShutdownSystem

kernel32

lstrcmpiW
lstrcmpi
ReplaceFileA
IsValidCodePage
WriteTapemark
LoadLibraryExW
CreateDirectoryExW
BackupWrite
ConvertThreadToFiber
EscapeCommFunction
VerLanguageNameW
SearchPathA
GetConsoleFontInfo
FindFirstVolumeMountPointW
LoadLibraryA
CreateTimerQueueTimer
IsValidLanguageGroup
EnumSystemCodePagesW
GlobalAlloc
FindClose
HeapCreate
LZOpenFileW
GetModuleHandleA
FreeLibraryAndExitThread
GetUserDefaultLCID
HeapAlloc
GetAtomNameA
LocalFileTimeToFileTime
AllocateUserPhysicalPages
GetCurrentThread
VirtualAlloc

winsta

WinStationGetAllProcesses
LogonIdFromWinStationNameW
_WinStationReInitializeSecurity
WinStationVirtualOpen
_WinStationGetApplicationInfo
ServerLicensingGetPolicyInformationW
_WinStationNotifyDisconnectPipe
_WinStationNotifyLogon
_WinStationUpdateClientCachedCredentials
WinStationOpenServerW
_WinStationAnnoyancePopup
WinStationQueryLogonCredentialsW
WinStationGetMachinePolicy
ServerLicensingUnloadPolicy
WinStationGetProcessSid
WinStationRenameW
_WinStationFUSCanRemoteUserDisconnect
_WinStationNotifyNewSession
WinStationShutdownSystem
WinStationUnRegisterConsoleNotification
WinStationFreeMemory
_NWLogonQueryAdmin
WinStationGetLanAdapterNameA
WinStationEnumerate_IndexedW
ServerLicensingGetPolicyInformationA
WinStationInstallLicense
ServerLicensingSetPolicy
_WinStationCallback
WinStationSendWindowMessage
WinStationEnumerateA
LogonIdFromWinStationNameA
WinStationShadowStop
WinStationBroadcastSystemMessage
WinStationDisconnect
WinStationSetInformationA
WinStationShadow
ServerLicensingGetPolicy
ServerSetInternetConnectorStatus
WinStationEnumerateProcesses
WinStationWaitSystemEvent
WinStationTerminateProcess
WinStationFreeGAPMemory

hhsetup

??0CFolder@@QAE@XZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?RemoveAll@CFIFOString@@QAEXXZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
??1CFolder@@QAE@XZ
?SetLanguage@CFolder@@QAEXG@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?SetId@CTitle@@QAEXPBG@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
??1CFIFOString@@QAE@XZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DecrementRefTitleCount@CCollection@@QAEXXZ
?GetIdW@CLocation@@QAEPBGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetPathW@CLocation@@QAEPBGXZ
?GetLangId@CCollection@@QAEGPBD@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?GetLanguage@CFolder@@QAEGXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
??1CTitle@@QAE@XZ
?GetParent@CFolder@@QAEPAV1@XZ
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?IncrementRefTitleCount@CCollection@@QAEXXZ
?GetSampleLocationW@CCollection@@QAEPBGXZ

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d1e8b9121e36e2a28362b7437bcac7a

Headers

File Characteristics

Imports

opengl32

psapi

wtsapi32

kernel32

winsta

hhsetup

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 249KB - Virtual size: 649KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 249KB - Virtual size: 649KB

.rsrc
Size: 19KB - Virtual size: 19KB