d48fce25f8b2b8783e5b45508be1476aaca1c6a82fe999114f305ee278c5dc62

Sharing

Copy URL Twitter E-mail

General

Target

d48fce25f8b2b8783e5b45508be1476aaca1c6a82fe999114f305ee278c5dc62
Size

827KB
MD5

158736785c8e30db6e0881a19db01905
SHA1

af175ee620986af239aee65c0a5357a4ef35addd
SHA256

d48fce25f8b2b8783e5b45508be1476aaca1c6a82fe999114f305ee278c5dc62
SHA512

298647e5f65c53075e90860e4f51b43b5598498d20149a8fd85615c419839ce314d3f7de3a71b1a104af65129f7ce4bed60efd1c1469184c217563c1cee95c82
SSDEEP

12288:MhUwSUP2Hanctn08Yy8fbGPquqP+7f1LB4sBRHY4OMM7DPo4ymCnv+Hi8PdhQEXC:ich108XXq/PClPHjESJvagEXoht

Score

N/A

Malware Config

Signatures

Files

d48fce25f8b2b8783e5b45508be1476aaca1c6a82fe999114f305ee278c5dc62
.exe windows x86

d339d059bda0c5d3afb30d444b62746c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hhsetup

?SetFindMergedCHMS@CCollection@@QAEXH@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetFindMergedCHMS@CCollection@@QAEHXZ
?MergeKeywords@CCollection@@QAEHPAG@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
?bIsVisable@CFolder@@QAEHXZ
?HandleLocation@CCollection@@AAEKPAVCParseXML@@PAD@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?Save@CCollection@@QAEKXZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?Close@CCollection@@QAEKXZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
??1CFIFOString@@QAE@XZ

msasn1

ASN1BERDecU16Val
ASN1CEREncUTCTime
ASN1_SetEncoderOption
ASN1BERDecS16Val
ASN1BEREncCheck
ASN1BERDecTag
ASN1utctime_cmp
ASN1BEREncUTF8String
ASN1BERDecEndOfContents
ASN1BERDecBool
ASN1BEREncDouble
ASN1BERDecObjectIdentifier2
ASN1BEREoid_free
ASN1_CreateModule
ASN1BEREoid2DotVal
ASN1BERDecCharString
ASN1_Decode
ASN1intx_sub
ASN1BEREncTag
ASN1intx_free

resutils

ResUtilAddUnknownProperties
ResUtilFindLongProperty
ResUtilGetResourceDependency
ResUtilGetMultiSzProperty
ClusWorkerCheckTerminate
ClusWorkerStart
ResUtilPropertyListFromParameterBlock
ResUtilGetProperties
ResUtilEnumPrivateProperties
ResUtilGetDwordValue
ResUtilGetPrivateProperties
ResUtilSetResourceServiceStartParameters
ResUtilSetPropertyTableEx

msdart

?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?ReadLock@CSpinLock@@QAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
?_TryLock@CSpinLock@@AAE_NXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?Clear@CLKRHashTable@@QAEXXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?GetSpinCount@CSpinLock@@QBEGXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?IsWriteUnlocked@CCritSec@@QBE_NXZ

cmutil

MakeBold
CmStrtokW
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
IsFarEastNonOSR2Win95
SzToWz
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
WzToSz
CmLoadImageW
?WPPB@CIniA@@QAEXPBD0H@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?Start@CmLogFile@@QAEJH@Z
?Write@CmLogFile@@AAEJPAG@Z
WzToSzWithAlloc
SzToWzWithAlloc
CmStrchrW
GetOSBuildNumber
?Clear@CIniA@@QAEXXZ
CmLoadStringW
?Banner@CmLogFile@@QAEXXZ
?GPPS@CIniA@@QBEPADPBD00@Z
?GetSection@CIniA@@QBEPBDXZ
?GetLogFilePath@CmLogFile@@QAEPBGXZ
??0CmLogFile@@QAE@XZ
?Init@CRandom@@QAEXK@Z
CmStrCpyAllocW
?SetReadICSData@CIniA@@QAEXH@Z
?GPPI@CIniW@@QBEKPBG0K@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?Generate@CRandom@@QAEHXZ

kernel32

GetModuleHandleW
UnregisterConsoleIME
HeapValidate
PrivMoveFileIdentityW
SetVolumeLabelW
GetCurrentThread
LoadLibraryW
FatalAppExitA
ReadConsoleW
QueryActCtxW
GetLocaleInfoA
GetEnvironmentStrings
GetCompressedFileSizeA
BackupWrite
BuildCommDCBAndTimeoutsW

crypt32

CertFindAttribute
CertRDNValueToStrA
CertEnumCertificatesInStore
CertEnumSystemStore
CertNameToStrA
CertFindCertificateInCRL
I_CryptGetAsn1Encoder
CertSerializeCTLStoreElement
CertGetCertificateContextProperty
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptSignCertificate
CryptStringToBinaryW

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d339d059bda0c5d3afb30d444b62746c

Headers

DLL Characteristics

File Characteristics

Imports

hhsetup

msasn1

resutils

msdart

cmutil

kernel32

crypt32

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 1024B - Virtual size: 892B