426bf99957a09887cca0629eb6f6df1fa4d0bd183a1bbb410272fbb92e557bb8

Sharing

Copy URL

Twitter E-mail

General

Target

426bf99957a09887cca0629eb6f6df1fa4d0bd183a1bbb410272fbb92e557bb8
Size

124KB
MD5

00c6d3fa9529cab0b3f292fe1b00d96d
SHA1

878187569b011a791c6a03c5c3ba7cfb69ae1b11
SHA256

426bf99957a09887cca0629eb6f6df1fa4d0bd183a1bbb410272fbb92e557bb8
SHA512

0af45e72659eb0872c33e0b75cdebc3d9ea0a5bbc4da8842e78185c506d52febb93ea18e4da0d8d51fceb377a0164da6394571e0c60f41c5eb541b5102c2dd41
SSDEEP

3072:tS78uT08Z9ETaMQgETAfak1effvN8tt+tNfaTwJQh5Fhq:T8wTaMQgETWONZBa5zFhq

Score

N/A

Malware Config

Signatures

Files

426bf99957a09887cca0629eb6f6df1fa4d0bd183a1bbb410272fbb92e557bb8
.dll windows x86

96667436c120066415e880b3c80a55b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadIdealProcessor
CompareFileTime
FindAtomW
Process32NextW
FindFirstChangeNotificationW
FindNextVolumeMountPointW
GetThreadLocale
GetConsoleAliasesLengthW
HeapLock
LoadModule
LoadLibraryA
CreateDirectoryExA
GetCPInfoExA
TlsFree
GetProcAddress
GetFullPathNameA
Module32FirstW
GetNamedPipeInfo
VerLanguageNameW
GetHandleInformation
GetVolumePathNameW
TryEnterCriticalSection
VirtualUnlock
SetInformationJobObject
SetFileAttributesA
CreateEventW
GetModuleHandleA
GetNamedPipeHandleStateA
GetSystemTime
FindNextFileA
GetQueuedCompletionStatus
EnumSystemCodePagesW
SleepEx
VirtualFreeEx
VerLanguageNameA
GetBinaryTypeW
FindVolumeMountPointClose
FindResourceExW
WaitCommEvent
GetVersion
FindFirstFileExW
EnumDateFormatsExA
VirtualAlloc
IsValidLocale

gdi32

ExtFloodFill
CreateDiscardableBitmap
DeleteDC
PolyBezierTo
GetObjectW
GetCharABCWidthsFloatA
SetDIBits
EqualRgn
GdiFlush
CreateFontW
GetViewportExtEx
GetSystemPaletteUse
ColorCorrectPalette
GetBkMode
GetEnhMetaFileDescriptionA
SetLayout
AddFontResourceExW
GetDIBColorTable
InvertRgn
ModifyWorldTransform
CreateDIBPatternBrush
CreateDIBPatternBrushPt
LineDDA
GetFontLanguageInfo
GetNearestColor
CombineTransform
TranslateCharsetInfo
GetGlyphOutlineW
ExtTextOutW
SetBrushOrgEx
Escape
EndDoc
EnumFontsA
GdiGetPageCount
PlgBlt
ScaleViewportExtEx
CreateICW
EndPage

advapi32

QueryServiceStatus
IsValidSid
SystemFunction020
AccessCheck
LookupPrivilegeDisplayNameW
AddAuditAccessObjectAce
SystemFunction028
ConvertSecurityDescriptorToAccessNamedW
CreateRestrictedToken
ElfOpenEventLogW
StartServiceA
ObjectDeleteAuditAlarmA
RegReplaceKeyA

comctl32

DrawStatusTextW
ImageList_DragShowNolock
FlatSB_GetScrollPos
ImageList_DragLeave
_TrackMouseEvent
FlatSB_GetScrollInfo
FlatSB_SetScrollPos
ImageList_Merge
ImageList_GetImageRect
PropertySheetW
ImageList_LoadImageW
ImageList_SetIconSize
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetIconSize
ord6
ImageList_Read
ImageList_Remove
ord5
ImageList_GetDragImage
ord17
ord14
ImageList_DrawEx
ImageList_SetFilter
ImageList_LoadImageA
ImageList_Copy
InitializeFlatSB
ImageList_AddIcon
ImageList_SetOverlayImage
ImageList_Draw
ord8
ImageList_DrawIndirect
DestroyPropertySheetPage
ord15
CreateStatusWindowW
ord7
ImageList_DragEnter

shell32

RealShellExecuteW
RealShellExecuteExA
StrNCmpW
SHFileOperationW
DuplicateIcon
Shell_NotifyIconW
SHGetInstanceExplorer
SHGetSpecialFolderLocation
StrRChrIW
StrChrA
InternalExtractIconListA
SHGetDiskFreeSpaceA
StrNCmpIW
SHInvokePrinterCommandA
StrRStrA
ShellAboutA
SHGetPathFromIDListW
ExtractAssociatedIconA

shlwapi

UrlHashA
SHIsLowMemoryMachine
PathAddBackslashA
PathRemoveExtensionW
PathMakePrettyA
PathBuildRootW
StrCmpW
PathAppendA
PathRemoveBlanksW
SHRegDeleteUSValueW
PathRemoveArgsW
StrFromTimeIntervalA
SHRegGetUSValueW
StrFormatByteSizeW
SHQueryInfoKeyA

version

GetFileVersionInfoW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA
VerInstallFileW
GetFileVersionInfoSizeW
VerQueryValueA
VerInstallFileA

winmm

waveOutGetErrorTextA
mixerClose
midiOutOpen
auxOutMessage
WOW32ResolveMultiMediaHandle
mciGetErrorStringA
mixerGetControlDetailsA
mmioGetInfo
joySetCapture
midiInGetErrorTextA
mmioSendMessage
PlaySoundA
waveOutRestart
midiInOpen
timeGetDevCaps
midiOutSetVolume
mciGetDeviceIDFromElementIDW
waveOutGetErrorTextW
mciSendStringA
joyGetPosEx
mmioAdvance
mciSendCommandA
waveOutSetVolume
mod32Message
waveOutSetPitch
waveInOpen
mmDrvInstall
mmioInstallIOProcW
mixerOpen
midiInGetDevCapsW
joySetThreshold
waveOutGetNumDevs
midiOutPrepareHeader
mciSendCommandW
WOW32DriverCallback
joyReleaseCapture
mixerSetControlDetails
mciDriverYield

winspool.drv

SetFormW
EnumPrinterKeyW
GetSpoolFileHandle
AddPrintProvidorW
SetPrinterDataA
GetPrinterDriverDirectoryA
FindFirstPrinterChangeNotification
FreePrinterNotifyInfo
ADVANCEDSETUPDIALOG
DocumentPropertySheets
DeleteMonitorW
EnumPrintProcessorDatatypesA
ReadPrinter
ord100
DeletePrinterDataExA
ord211
GetPrinterDriverA
ConvertAnsiDevModeToUnicodeDevmode
AddPrinterConnectionA
DocumentEvent
ConfigurePortW
DeletePrinterDataW
CloseSpoolFileHandle
AddFormW
AddJobW
AddPrintProvidorA
DeletePrinterIC
EnumJobsW
FindNextPrinterChangeNotification
DEVICECAPABILITIES
StartPagePrinter
EnumJobsA
ord203
AddPortExW
EnumPrintersW
PrinterMessageBoxA
DeletePrinterConnectionA
GetPrinterDriverDirectoryW
SetPrinterW
ord212
AddPrinterConnectionW
ResetPrinterW
DeviceCapabilitiesW
ScheduleJob
ord215
EnumFormsW

msvcrt

memset
_tzname
_inp
_eof
_unlink
fputs
fprintf
fputc
_j1
fopen
fread
fwrite
feof
wcsncpy
printf
fseek
fsetpos
__p__mbctype
_wmakepath
_CIpow
fclose
fwprintf
ferror
_stricmp
ftell
_mbsninc
strcat
sprintf

Exports

Exports

Cqcssvsckf
Lblbcvrmvq
Pietj
Pkrbau
Rega
Rzfulhhefz
Tykeuhpua
Ujqs
Yezxevx
Yrovu

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96667436c120066415e880b3c80a55b3

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

comctl32

shell32

shlwapi

version

winmm

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 7KB