96e5b6830d5ecf3faf58a0867043083d927489213c2242c54b953aefbc815e4b

Sharing

Copy URL

Twitter E-mail

General

Target

96e5b6830d5ecf3faf58a0867043083d927489213c2242c54b953aefbc815e4b
Size

147KB
MD5

60f95a2595cb4b596482c76c599d6493
SHA1

5e48689411c21cc10435917c2c7ef555584311f0
SHA256

96e5b6830d5ecf3faf58a0867043083d927489213c2242c54b953aefbc815e4b
SHA512

a48e2e4d0301e6fe17718f9205b3ba8080870ec1476e147e566fcb35fb1ebcbe0b2678a10df0b2070b64e70695c8b214912b0f5d2e0be9bc80a82fb09da94c91
SSDEEP

3072:POiwDVhfK4Ic0Wgm8vDR+3kd0MYJ10i3+J:anIc0WgZvDo3x3+J

Score

N/A

Malware Config

Signatures

Files

96e5b6830d5ecf3faf58a0867043083d927489213c2242c54b953aefbc815e4b
.exe windows x86

de20e9ccf8a598a5a3ab610588ddaae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kbdca

KbdLayerDescriptor

mprdim

ServiceMain

apphelp

SdbGetPermLayerKeys
SdbDeletePermLayerKeys
SdbQueryData
SdbGetNextChild
SdbGetStringTagPtr
SdbFindFirstTag
SdbReadEntryInformation

rshx32

DllCanUnloadNow
DllGetClassObject
DllUnregisterServer
DllRegisterServer

comsnap

DllUnregisterServer
InstallDsExtension

tapi32

tapiGetLocationInfo
lineGetGroupListW
phoneGetStatusA
lineSetCallTreatment
phoneNegotiateExtVersion
lineGetAppPriorityA
lineSetAgentStateEx
linePickupA
lineGetTranslateCapsW
lineGetCallInfo
linePrepareAddToConferenceW
lineGatherDigits
lineUnhold
phoneSetDisplay
lineSetAgentSessionState
lineDialA
lineMonitorMedia
lineGetAddressStatus
lineSetQueueMeasurementPeriod
lineSendUserUserInfo
phoneGetMessage
lineProxyMessage
phoneNegotiateAPIVersion
MMCRemoveProvider
lineDeallocateCall
internalPerformance
phoneGetID
tapiRequestMediaCallW

kernel32

CloseConsoleHandle
RtlCaptureContext
ReadConsoleOutputW
DuplicateHandle
GetSystemTimeAsFileTime
GetProcAddress
SetProcessWorkingSetSize
SetCalendarInfoA
Module32FirstW
SetWaitableTimer
GetPrivateProfileIntW
WriteConsoleOutputCharacterW
WinExec
GlobalFindAtomA
GetThreadPriorityBoost
GetConsoleCommandHistoryW
GetPriorityClass
SetFileAttributesW
GetTapePosition
BeginUpdateResourceA
GetFullPathNameW
GetBinaryTypeW
EnumSystemGeoID
SetConsoleCP
SetEndOfFile
FindNextChangeNotification

user32

SendDlgItemMessageA
SendInput
EnumDisplayMonitors
CharUpperBuffW
InsertMenuItemA
DrawTextExA
CharLowerBuffA
GetPriorityClipboardFormat
GetTaskmanWindow
ShowScrollBar
DrawCaptionTempW
ReuseDDElParam
LoadCursorA
EnumWindowStationsA
RemovePropA
GetCursorPos
SetWindowTextA
ValidateRgn
SendDlgItemMessageW
VkKeyScanW
GetWindowPlacement
GetDlgItemInt
IsWindowUnicode
MessageBeep
DdePostAdvise
ModifyMenuA
InSendMessage
LoadKeyboardLayoutA
GetForegroundWindow
IsDialogMessageA
BeginPaint

adsldpc

LdapFirstAttribute
LdapcKeepHandleAround
FreeADsMem
LdapControlFree
FindEntryInSearchTable
LdapCacheAddRef
LdapCrackUserDNtoNTLMUser2
ADsSetLastError
ADSIOpenDSObject
LdapGetNextPageS
LdapTypeToAdsTypeGeneralizedTime
MapADSTypeToLDAPType
LdapSearchInitPage
ADsDeleteClassDefinition
LdapTypeFreeLdapObjects
LdapIsClassNameValidOnServer
ConvertSidToString
LdapGetSubSchemaSubEntryPath

pdh

PdhTranslateLocaleCounterA
PdhEnumObjectsA
PdhReadRawLogRecord
PdhExpandWildCardPathW
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhAdd009CounterA
PdhOpenQueryA
PdhSetQueryTimeRange
PdhBrowseCountersA
PdhExpandWildCardPathHA
PdhVbUpdateLog
PdhUpdateLogA

Sections

.qmlKT
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Jp
Size: 3KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UW
Size: 90KB - Virtual size: 146KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.G
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de20e9ccf8a598a5a3ab610588ddaae9

Headers

DLL Characteristics

File Characteristics

Imports

kbdca

mprdim

apphelp

rshx32

comsnap

tapi32

kernel32

user32

adsldpc

pdh

Sections

.qmlKT Size: 20KB - Virtual size: 19KB

.Jp Size: 3KB - Virtual size: 27KB

.UW Size: 90KB - Virtual size: 146KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 11KB

.G Size: 3KB - Virtual size: 18KB

.g Size: 1KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 2KB - Virtual size: 4KB

.qmlKT
Size: 20KB - Virtual size: 19KB

.Jp
Size: 3KB - Virtual size: 27KB

.UW
Size: 90KB - Virtual size: 146KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 11KB

.G
Size: 3KB - Virtual size: 18KB

.g
Size: 1KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 2KB - Virtual size: 4KB