9ff96486222a940295e19c3564c9881ff31852b7afa99d1f7d482b996a8a6cf2

Sharing

Copy URL Twitter E-mail

General

Target

9ff96486222a940295e19c3564c9881ff31852b7afa99d1f7d482b996a8a6cf2
Size

251KB
MD5

e3bb2a895a056a17b9b8186cdcfb9cdd
SHA1

aa51cf8ab12790f0764b1222ee41de7ebc259a6f
SHA256

9ff96486222a940295e19c3564c9881ff31852b7afa99d1f7d482b996a8a6cf2
SHA512

bd58dbf10dfed1a90779488a6856ab7198183f20c87665ac62ab630efde4dacbd3dd4420ec8ba226a98e6605167fa5581548edca4f51f0132a6f698c9ee4e6ab
SSDEEP

3072:HES9nbDTU2g4sGC94zz7JWzGncye3ylei7EZovoq8URz3fRaZX6fnvry3dqRAefi:HESpbDTUFETw2mnq8UR9yX6fvG3y7TTe

Score

N/A

Malware Config

Signatures

Files

9ff96486222a940295e19c3564c9881ff31852b7afa99d1f7d482b996a8a6cf2
.exe windows x86

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoUninitialize
OleRun
CoTaskMemFree
CoInitialize

kernel32

IsDebuggerPresent
GetLocalTime
GetProcessHeap
GetPrivateProfileStringW
GetFileSize
UnmapViewOfFile
FormatMessageW
WaitForMultipleObjects
OutputDebugStringA
DeleteFileW
SetUnhandledExceptionFilter
GetTempPathW
TlsFree
TlsGetValue
lstrcpyW
GetDateFormatW
LocalFree
LoadLibraryExW
WaitForSingleObject
EnterCriticalSection
GetPrivateProfileIntW
SetFilePointer
OpenProcess
LeaveCriticalSection
FindNextFileW
CreateFileMappingW
MapViewOfFile
FindFirstFileW
CreateMutexW
lstrcpynW
TlsSetValue
FindClose
GetCurrentThreadId
SetLastError
TlsAlloc
CloseHandle
GetModuleHandleW
lstrlenW
DeleteCriticalSection
OpenEventW
HeapFree
FreeLibrary
CreateFileW
ReadFile
CreateEventW
DeviceIoControl
UnhandledExceptionFilter
CreateProcessW
ResetEvent
WriteFile
CreateDirectoryW
GetSystemTimeAsFileTime
GetTimeFormatW
VirtualAllocEx

ws2_32

send
gethostbyname
bind
WSAEventSelect
htons
socket
WSAWaitForMultipleEvents
inet_addr
connect
htonl
ntohs
gethostname
WSAAccept
listen
closesocket
recv
WSAStartup
shutdown
WSACleanup
WSAGetLastError
WSASetEvent
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

advapi32

SetServiceStatus
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
SetSecurityInfo
AdjustTokenPrivileges
OpenSCManagerW
RegCloseKey
GetSecurityInfo
DeleteService
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
StartServiceW
LookupAccountSidW
OpenServiceW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorDacl
RegQueryValueExW
RegConnectRegistryW
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CreateProcessAsUserW
CreateServiceW
ControlService
ConvertStringSidToSidW
DuplicateTokenEx
GetUserNameW
SetTokenInformation

urlmon

FindMimeFromData

user32

LoadStringW
wsprintfW

mscms

CreateProfileFromLogColorSpaceW
UnregisterCMMW
InternalGetPS2CSAFromLCS
OpenColorProfileA
InstallColorProfileW
SetColorProfileHeader

zipfldr

DllGetClassObject
RouteTheCall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YDee
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yfOok
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jRe
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xMC
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qq
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CrDK
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aI
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731f172583621256866c9a8daa2aa262

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

ws2_32

advapi32

urlmon

user32

mscms

zipfldr

Sections

.text Size: 17KB - Virtual size: 16KB

.YDee Size: 2KB - Virtual size: 3KB

.yfOok Size: 2KB - Virtual size: 3KB

.jRe Size: 512B - Virtual size: 382B

.xMC Size: 1024B - Virtual size: 1KB

.Qq Size: 1KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.CrDK Size: 512B - Virtual size: 315B

.data Size: 211KB - Virtual size: 493KB

.aI Size: 1KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 17KB - Virtual size: 16KB

.YDee
Size: 2KB - Virtual size: 3KB

.yfOok
Size: 2KB - Virtual size: 3KB

.jRe
Size: 512B - Virtual size: 382B

.xMC
Size: 1024B - Virtual size: 1KB

.Qq
Size: 1KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.CrDK
Size: 512B - Virtual size: 315B

.data
Size: 211KB - Virtual size: 493KB

.aI
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB