af61baae280435d14c51d9776069e716ab572ee1d47c066329b699baeb59d64d

Sharing

Copy URL Twitter E-mail

General

Target

af61baae280435d14c51d9776069e716ab572ee1d47c066329b699baeb59d64d
Size

771KB
MD5

39e06c3a5765c6247ba94453cd9e9b30
SHA1

ed9f05366ca697c1d0735937c9436e7eb400bc8d
SHA256

af61baae280435d14c51d9776069e716ab572ee1d47c066329b699baeb59d64d
SHA512

84b6a1e7f5a50d2321f19d795f286826debaa49b4d8184dbb5f719977dae6bcf5d1ef7081d28f50d824057765b36525172e88108757656b4ca1ae6e1e17667a2
SSDEEP

12288:QeM3zUTAR+f+GXm4WxXEWDWpkDW8iiSMHTLHTUDrvn9nd/imG:QeM3wTzvXm4hWDi4iuzLHI/n9nA

Score

N/A

Malware Config

Signatures

Files

af61baae280435d14c51d9776069e716ab572ee1d47c066329b699baeb59d64d
.exe windows x86

2cf7f29764a799031c42666fb7d4ad47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_ultoa
mbtowc
realloc
ferror
_wgetcwd
isalpha
ldiv
abort
fprintf
__RTDynamicCast
?name@type_info@@QBEPBDXZ
_controlfp
_wcsnicmp
_mbsnbcmp
??0exception@@QAE@ABQBD@Z
_getpid
__lc_codepage
_vsnwprintf
__p__commode
strncpy
srand
fwprintf
__lc_handle
_wcmdln
__isascii

advapi32

InitializeSecurityDescriptor
EnumDependentServicesW
GetFileSecurityA
CreateProcessWithLogonW
RegLoadKeyW
GetCurrentHwProfileA
GetSecurityDescriptorLength
CreateRestrictedToken
LsaOpenTrustedDomainByName
RegOverridePredefKey
LsaNtStatusToWinError
LsaFreeMemory
BuildSecurityDescriptorW
DestroyPrivateObjectSecurity
GetNamedSecurityInfoA
RegEnumKeyW
AreAllAccessesGranted
GetNamedSecurityInfoW
CryptDestroyHash
LsaQueryDomainInformationPolicy
QueryServiceStatusEx
CreatePrivateObjectSecurity
QueryServiceObjectSecurity
GetKernelObjectSecurity
SystemFunction016
RegEnumKeyExA
RegCreateKeyExA
CloseServiceHandle
SetTokenInformation
SetNamedSecurityInfoW
AddAce
DeregisterEventSource
CryptGetProvParam

oleaut32

SysAllocStringByteLen
VariantChangeTypeEx
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
VariantChangeType
VariantClear
VariantInit
SysReAllocStringLen
VariantCopyInd
VariantCopy
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
GetErrorInfo

shlwapi

PathUnquoteSpacesA
StrToInt64ExA
UrlUnescapeA
PathRemoveExtensionA
SHDeleteKeyW
StrStrIW
StrToIntExA
PathUnExpandEnvStringsW
StrSpnW
wnsprintfW
SHRegCloseUSKey
IntlStrEqWorkerW
PathParseIconLocationW
wnsprintfA
ColorHLSToRGB
PathUndecorateA
PathIsUNCServerW
SHRegWriteUSValueW
PathRemoveFileSpecW
PathIsURLA
SHRegCreateUSKeyW
StrCmpIW
PathRemoveExtensionW
PathIsRelativeW
UrlGetPartW
PathCreateFromUrlW
StrCpyW
PathIsPrefixW
SHRegEnumUSValueW
PathStripToRootA
SHSetValueW

winspool.drv

DocumentPropertiesA
AddPrinterW
EnumPrintProcessorsW
ClosePrinter
SetPrinterDataExW
FindFirstPrinterChangeNotification
EnumPrintersW
StartDocPrinterW
EnumMonitorsA
DocumentPropertiesW
DeleteFormW
GetPrintProcessorDirectoryW
AbortPrinter
AddPrinterDriverExW
EndPagePrinter
GetPrinterDriverW
AddPrinterDriverW
GetFormW
GetJobA
EnumPrinterDriversW
XcvDataW

kernel32

InterlockedDecrement
LocalLock
FindResourceExW
Module32NextW
lstrcmpW
GlobalAlloc
Thread32Next
GetDriveTypeA
GetProfileIntW
LockFile
GetOverlappedResult
FatalExit
FreeLibrary
VirtualAlloc
FlushFileBuffers
ReplaceFileA
GetLongPathNameW
CopyFileExW
SetConsoleScreenBufferSize
WritePrivateProfileStructA
GetTickCount
ReadFile
OpenMutexW
GetCompressedFileSizeA
SetCurrentDirectoryW
Sleep
WriteConsoleA
ReadConsoleOutputA
AssignProcessToJobObject
RtlUnwind
GetProcessTimes
UnregisterWaitEx
GetFullPathNameA
FreeEnvironmentStringsW
GetTimeZoneInformation
GetCurrentProcessId
FreeResource

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_GetImageInfo
CreatePropertySheetPageA
ImageList_BeginDrag
CreatePropertySheetPageW
PropertySheetA
InitCommonControls
ImageList_Draw
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_GetIcon
ImageList_SetBkColor
ImageList_Write
ImageList_Add
PropertySheetW
ImageList_Read
CreateStatusWindowA
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_SetIconSize
ImageList_SetOverlayImage
ImageList_ReplaceIcon

crypt32

CertFreeCertificateContext

userenv

GetDefaultUserProfileDirectoryW
DeleteProfileW
GetAppliedGPOListW
GetProfilesDirectoryW
RsopSetPolicySettingStatus
RsopResetPolicySettingStatus
ProcessGroupPolicyCompleted
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
UnregisterGPNotification
LoadUserProfileW
GetAllUsersProfileDirectoryW
ForceSyncFgPolicy
RegisterGPNotification
DestroyEnvironmentBlock
GetUserProfileDirectoryA
FreeGPOListW
LeaveCriticalPolicySection
GetUserProfileDirectoryW
UnloadUserProfile
ProcessGroupPolicyCompletedEx
RefreshPolicy
GetProfileType
CreateEnvironmentBlock

Sections

.text
Size: 28KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CRT
Size: 224KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 217KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cf7f29764a799031c42666fb7d4ad47

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

oleaut32

shlwapi

winspool.drv

kernel32

comctl32

crypt32

userenv

Sections

.text Size: 28KB - Virtual size: 404KB

.rdata Size: 139KB - Virtual size: 233KB

CRT Size: 224KB - Virtual size: 291KB

.rdata Size: 217KB - Virtual size: 431KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 512B - Virtual size: 294B

.text
Size: 28KB - Virtual size: 404KB

.rdata
Size: 139KB - Virtual size: 233KB

CRT
Size: 224KB - Virtual size: 291KB

.rdata
Size: 217KB - Virtual size: 431KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 512B - Virtual size: 294B