a7a363443eb12926684fc491f7aeeb7df3f206c920f35fca4f8f3f738863b0b5

Sharing

Copy URL Twitter E-mail

General

Target

a7a363443eb12926684fc491f7aeeb7df3f206c920f35fca4f8f3f738863b0b5
Size

161KB
MD5

0dda00f70eb6a37c290e4421ec2c2405
SHA1

18e9ee56a1f703e30b13fa857e39694226ca9e7d
SHA256

a7a363443eb12926684fc491f7aeeb7df3f206c920f35fca4f8f3f738863b0b5
SHA512

3008af002ae4bee6b536308eba04fe470190054430e2ca22e79fdcb83464dea08798c8297d32a98f33d0cacf58aeab8d10d9853d5fb03a85348c7bb0df84765e
SSDEEP

3072:cURKH84JIwgWyeZtvyRf4+HvBFHmdJ0E4P9+T0jI9f41mBOs:cUwH84J4dvPHmsE4P9+T0j6f41G

Score

N/A

Malware Config

Signatures

Files

a7a363443eb12926684fc491f7aeeb7df3f206c920f35fca4f8f3f738863b0b5
.exe windows x86

aeeda9102e28523521d6d7a0f6297fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FillRect
UnionRect
GetProcessWindowStation
DdeFreeDataHandle
EndPaint
GetKBCodePage
GetSysColorBrush
EnumDisplaySettingsExA
MessageBoxA
keybd_event
GetMenuItemRect
RegisterWindowMessageA
DdeNameService
CharToOemBuffA
DrawStateW
CascadeChildWindows
LoadBitmapA
CreateDialogIndirectParamA
PaintMenuBar
RegisterClassExA
UnregisterClassW
SetLastErrorEx
GetWindowTextW
GetForegroundWindow
CharToOemBuffW
CharUpperBuffA
GetPriorityClipboardFormat
MessageBoxW
GetTabbedTextExtentA
RemovePropW
MenuItemFromPoint
UserRegisterWowHandlers
QuerySendMessage
PostQuitMessage
GetWindowContextHelpId
DisplayExitWindowsWarnings
LoadImageW
DdeImpersonateClient
LoadStringA
SetProcessDefaultLayout
GetMenuState
GetCursorFrameInfo
SetProgmanWindow
RegisterClassA
DdeInitializeW
DefWindowProcA
GetRawInputData

msvcrt

_strnset
wcstoul
__p__commode
__p__iob
_wfindnext
_open_osfhandle
_wutime64
_mbscat
setbuf
__iscsymf
_wpgmptr
_wstrtime
__p__osver
??0bad_cast@@AAE@PBQBD@Z
exit
_seterrormode
_spawnlp
cosh
_ftime64
_adj_fdivr_m32
__STRINGTOLD
_spawnlpe
__unguarded_readlc_active
__p__winminor
_mbscpy
_findclose
__pctype_func
fputc
asctime
__set_app_type
fopen
_wspawnlpe
_wcsicoll
__getmainargs

dnsapi

Dns_SendAndRecvUdp
DnsStatusString
DnsApiFree
DnsIsStringCountValidForTextType
DnsDhcpSrvRegisterInit
Dns_UpdateLibEx
DnsFree
DnsApiHeapReset
Dns_PingAdapterServers
NetInfo_Clean
DnsUnicodeToUtf8
DnsMapRcodeToStatus
DnsNameCompareEx_UTF8
Dns_ParsePacketRecord
DnsGetDnsServerList
Dns_AllocateMsgBuf
DnsModifyRecordsInSet_W
Dns_AddRecordsToMessage
DnsWriteQuestionToBuffer_W
DnsUpdateTest_A
DnsUpdateTest_UTF8
DnsQueryExUTF8
DnsRemoveRegistrations
Dns_WriteQuestionToMessage
DnsQuery_UTF8
DnsGetLastFailedUpdateInfo
NetInfo_IsForUpdate
DnsAcquireContextHandle_A
DnsGetBufferLengthForStringCopy
Dns_SkipToRecord
DnsNameCompare_W
NetInfo_Free
DnsReplaceRecordSetUTF8
Dns_InitializeMsgRemoteSockaddr

atmlib

ATMGetOutline
ATMGetPostScriptNameW
ATMMakePSS
ATMEnumFonts
ATMRemoveSubstFontA
ATMGetMenuName
ATMSelectEncoding
ATMForceFontChange
ATMBBoxBaseXYShowText
ATMSelectObject
ATMBBoxBaseXYShowTextW
ATMGetMenuNameW
ATMEnumFontsW
ATMGetOutlineW
ATMFontAvailableW
ATMGetFontInfoW
ATMSetFlags
ATMRemoveFontW
ATMGetPostScriptNameA
ATMGetFontPathsA
ATMGetGlyphList
ATMProperlyLoaded
ATMGetOutlineA
ATMRemoveFont
ATMGetBuildStrW
ATMFontStatus
ATMGetFontPathsW
ATMGetNtmFieldsW
ATMGetNtmFields
ATMXYShowText
ATMGetVersion
ATMGetFontPaths
ATMBBoxBaseXYShowTextA
ATMAddFontA
ATMGetBuildStr
ATMGetVersionExA
ATMMakePFMA
ATMGetGlyphListW
ATMEnumMMFontsW
ATMAddFontEx
ATMAddFontExW
ATMEnumMMFonts
ATMMakePFM
ATMGetFontInfoA
ATMFontStatusA

msvcirt

??_Eostrstream@@UAEPAXI@Z
??5istream@@QAEAAV0@AAI@Z
?dbp@streambuf@@QAEXXZ
?lockc@ios@@KAXXZ
?seekg@istream@@QAEAAV1@J@Z
??0istream@@IAE@XZ
??5istream@@QAEAAV0@AAF@Z
?sync_with_stdio@ios@@SAXXZ
??0ifstream@@QAE@HPADH@Z
??_Gstdiostream@@UAEPAXI@Z
?getline@istream@@QAEAAV1@PAEHD@Z
??_8ostrstream@@7B@
??0ostrstream@@QAE@ABV0@@Z
?allocate@streambuf@@IAEHXZ
??4ofstream@@QAEAAV0@ABV0@@Z
?lock@ios@@QAAXXZ
??_7exception@@6B@
?overflow@strstreambuf@@UAEHH@Z
?ignore@istream@@QAEAAV1@HH@Z
?x_curindex@ios@@0HA
?setmode@fstream@@QAEHH@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?cerr@@3Vostream_withassign@@A
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0streambuf@@IAE@XZ
?setf@ios@@QAEJJJ@Z
?setg@streambuf@@IAEXPAD00@Z
??_7filebuf@@6B@
?x_maxbit@ios@@0JA
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
??_Efilebuf@@UAEPAXI@Z
??_8strstream@@7Bostream@@@
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_8istream_withassign@@7B@
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?flush@@YAAAVostream@@AAV1@@Z
??_Dstrstream@@QAEXXZ
?tie@ios@@QBEPAVostream@@XZ
??_Gios@@UAEPAXI@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z

kernel32

LoadLibraryA
GetSystemWindowsDirectoryW
SetCalendarInfoA
GetVersion
lstrcatW
EnumTimeFormatsW
IsDebuggerPresent
_lopen
SetFirmwareEnvironmentVariableA
CancelDeviceWakeupRequest
EnumDateFormatsExW
WaitCommEvent
WriteConsoleInputVDMW
GetNumaProcessorNode
VirtualAlloc
LZCloseFile
CompareFileTime
SetVolumeLabelA
WaitForMultipleObjectsEx
QueryPerformanceCounter
_lread
GetSystemDefaultUILanguage
RegisterWaitForSingleObjectEx
GetProcessIoCounters
GetLocalTime
lstrcatA
HeapValidate
ReadConsoleOutputW
WriteConsoleOutputCharacterA
VirtualUnlock
GetEnvironmentStringsA

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeeda9102e28523521d6d7a0f6297fd0

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

dnsapi

atmlib

msvcirt

kernel32

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 49KB - Virtual size: 207KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 49KB - Virtual size: 207KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B