95a1052ce0375d0636611f41dde5a531f82dc21be243686a86a8a39875b9f3d4

Sharing

Copy URL Twitter E-mail

General

Target

95a1052ce0375d0636611f41dde5a531f82dc21be243686a86a8a39875b9f3d4
Size

535KB
MD5

997dfb0e5566c2c18a2bc10163a84ecf
SHA1

b770b5fa27d2a2f6e3bfa713e2d5ed349279e641
SHA256

95a1052ce0375d0636611f41dde5a531f82dc21be243686a86a8a39875b9f3d4
SHA512

82177a7a010d0b062214453a219d13b87765c0b1892ff0c434ece940a3759c45820e8624d2f7f2dbcfb63701b4d815bcb7e856ddf6b2ba1076ce5d6816c3a276
SSDEEP

12288:jUY9roE0FrXP6sxmPAjwvnXbBDTDOuZwhNTHEEO61kgdAkqP1eKIKNZk:o4roE0bProPSynNDTDjoNjEEOLpkXcNu

Score

N/A

Malware Config

Signatures

Files

95a1052ce0375d0636611f41dde5a531f82dc21be243686a86a8a39875b9f3d4
.exe windows x86

b7797187cf77d8dc15e1a36e0bd019d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CheckRadioButton
SetProcessWindowStation
WINNLSGetEnableStatus
DestroyCursor
WaitMessage
LoadBitmapA
RemoveMenu
CallMsgFilterW
SetWindowRgn
GetMessageExtraInfo
SetWindowPos
ShowWindowAsync
MapDialogRect
CascadeWindows
GetMenu
MessageBeep
SendDlgItemMessageA
GetMenuStringA
ExitWindowsEx
SendIMEMessageExW
DdeFreeStringHandle
DdeInitializeA
CharPrevW
DdeCreateStringHandleA
SetPropW
GetClipboardViewer
SetWindowContextHelpId
DefWindowProcA
DlgDirSelectExW
GetKeyboardLayoutList
SetMenuInfo
TileChildWindows
EnumDisplaySettingsA
MapWindowPoints
GetDlgItem
MessageBoxExW
CopyImage
CreateWindowExW
GetNextDlgGroupItem
ShowCaret
GetKeyNameTextW
DdeDisconnect
GetCapture
GetWindowRect
UnhookWindowsHookEx
ChangeClipboardChain
LoadCursorFromFileA
GetScrollInfo
GetDC
GetDCEx
GetClassWord
DdeReconnect
DdeConnectList
GetMenuItemInfoW
CreateDialogIndirectParamA
IsIconic
SetForegroundWindow
GetMenuItemID
GetWindowLongW
GetClassInfoExW
EnumDisplaySettingsExA
GetMenuCheckMarkDimensions
DdeNameService
TrackMouseEvent
TranslateMessage
GetClipboardFormatNameA
ImpersonateDdeClientWindow
NotifyWinEvent
RegisterWindowMessageW
ModifyMenuA
GetWindowTextLengthW
MonitorFromRect
SetParent
InternalGetWindowText
IsCharLowerW
SwitchDesktop
LoadAcceleratorsA
EnableMenuItem
GetCaretPos
SetScrollRange
DefWindowProcW
EnableWindow
GetKeyboardType
OemToCharA
GetNextDlgTabItem
SetCaretBlinkTime
ShowWindow
DrawStateW
FindWindowW
ExcludeUpdateRgn
DialogBoxIndirectParamW
OemToCharBuffA
DefDlgProcW
RegisterDeviceNotificationA
TranslateAcceleratorA
DefDlgProcA
MapVirtualKeyA
CreatePopupMenu
CreateDialogParamA
GetWindowInfo
PaintDesktop
DdeQueryStringA
VkKeyScanExW
CharNextExA
VkKeyScanA
SetActiveWindow
EnumPropsA
UnregisterClassA
OffsetRect
GetDoubleClickTime
SwapMouseButton
GetSystemMenu
SetWindowsHookW
LoadImageW
IsCharAlphaNumericW
IsClipboardFormatAvailable
IsZoomed
GetKBCodePage
CreateMenu
GetTopWindow
SwitchToThisWindow
ClipCursor
SetMenuItemBitmaps
InsertMenuItemW
UnhookWinEvent
SetShellWindow
SetLastErrorEx
SendMessageCallbackW

shlwapi

StrRStrIW
SHRegQueryInfoUSKeyA
SHQueryValueExA
UrlIsNoHistoryA
StrStrIW
SHEnumValueW
PathMakeSystemFolderA
PathFindFileNameW
PathIsUNCW
StrNCatA
UrlCombineA
SHRegWriteUSValueA
PathRemoveExtensionW
SHOpenRegStream2W
UrlGetLocationA
PathAppendW
SHRegGetUSValueA
UrlHashA
UrlIsOpaqueW
StrFormatKBSizeA
PathFindOnPathW
PathSearchAndQualifyA
PathMakeSystemFolderW
PathIsURLW
SHRegEnumUSKeyW
UrlCompareW
StrTrimW
PathMakePrettyW
SHRegCreateUSKeyW
UrlIsW
StrTrimA
PathCanonicalizeA
SHRegQueryUSValueA
PathIsUNCServerA
StrStrA
StrRStrIA
ChrCmpIW
UrlUnescapeA
SHRegOpenUSKeyA
SHQueryValueExW
StrCmpNA
PathIsRelativeW
UrlIsOpaqueA
StrFormatKBSizeW
PathIsRootA
PathIsNetworkPathA
PathMakePrettyA
StrCatBuffA
PathIsNetworkPathW
StrCSpnA
StrChrIW
PathAddExtensionA
StrCatW
StrCSpnIW
StrRChrA
SHRegWriteUSValueW
SHEnumKeyExW
PathIsFileSpecA
SHRegDeleteUSValueW
StrCmpNIA
SHRegSetUSValueA
SHDeleteEmptyKeyA
SHRegSetUSValueW
UrlIsA
PathIsSameRootA
PathCombineA
SHRegGetUSValueW
wvnsprintfA
PathGetArgsW
PathParseIconLocationW
SHDeleteEmptyKeyW
PathRemoveBlanksW
PathIsRootW
SHRegGetBoolUSValueA
PathIsLFNFileSpecW
StrRetToStrA
UrlEscapeW
PathRenameExtensionW
PathRemoveFileSpecA
PathRenameExtensionA
PathIsURLA
PathIsLFNFileSpecA
ChrCmpIA
PathIsContentTypeW
SHCreateStreamOnFileA
PathAppendA
SHRegDeleteEmptyUSKeyW
HashData
SHGetValueW
PathRemoveArgsW
SHRegDeleteEmptyUSKeyA
SHRegCloseUSKey
SHRegEnumUSValueW
PathRemoveBackslashA
PathIsRelativeA
StrFormatByteSize64A
UrlGetPartA
PathIsUNCServerShareA
PathCanonicalizeW
PathIsDirectoryA
PathUnmakeSystemFolderA
wnsprintfA
PathAddBackslashA
PathIsSystemFolderW
UrlCreateFromPathW
PathMatchSpecA
PathCompactPathExA
StrSpnW
AssocQueryKeyA
SHRegOpenUSKeyW
SHOpenRegStream2A
PathIsUNCServerShareW
PathRelativePathToA
StrRetToStrW
PathStripToRootW

advapi32

RevertToSelf
RegCloseKey
LookupAccountNameW
CryptDestroyHash
OpenServiceW
LookupPrivilegeNameA
OpenSCManagerA
AddAce
RegSaveKeyA
RegCreateKeyExW
RegFlushKey
DeleteService
QueryServiceLockStatusW
BackupEventLogW
LookupPrivilegeValueW
GetEffectiveRightsFromAclW
CryptGetDefaultProviderA
SetThreadToken
LookupPrivilegeValueA
SetSecurityInfo
SetSecurityInfoExA
RegSetValueExW
SetEntriesInAccessListA
LookupAccountNameA
CryptHashSessionKey
BuildTrusteeWithNameW
SetSecurityDescriptorOwner
GetOverlappedAccessResults
ControlService
NotifyBootConfigStatus
ImpersonateSelf
RegSetKeySecurity
AccessCheckAndAuditAlarmW
GetServiceKeyNameW
SetNamedSecurityInfoExA
GetServiceDisplayNameA
ConvertAccessToSecurityDescriptorA
GetNamedSecurityInfoA
GetFileSecurityW
RegCreateKeyA
GetEffectiveRightsFromAclA
RegUnLoadKeyA
BuildImpersonateExplicitAccessWithNameW
BuildSecurityDescriptorW
RegCreateKeyExA
ConvertSecurityDescriptorToAccessA
SetEntriesInAccessListW
ClearEventLogA
BuildTrusteeWithSidW
GetAclInformation
PrivilegedServiceAuditAlarmA
FindFirstFreeAce
RegisterServiceCtrlHandlerA
GetExplicitEntriesFromAclA
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
RegOpenKeyW
RegEnumKeyExW
BuildExplicitAccessWithNameA
RegLoadKeyA
OpenEventLogA
EnumDependentServicesW
AreAllAccessesGranted
LookupAccountSidW
DeregisterEventSource
EqualSid
RegEnumKeyExA
AllocateLocallyUniqueId
GetCurrentHwProfileW
CloseServiceHandle
GetUserNameA
ReadEventLogA
RegUnLoadKeyW
ConvertSecurityDescriptorToAccessNamedW
RegEnumValueA
GetSidIdentifierAuthority
CryptGenRandom
FreeSid
GetMultipleTrusteeW
ObjectDeleteAuditAlarmA
DuplicateToken
ObjectOpenAuditAlarmA
PrivilegeCheck
ObjectOpenAuditAlarmW
DeleteAce
StartServiceA
SetServiceStatus
RegOpenKeyExW
EnumServicesStatusA
RegLoadKeyW
SetFileSecurityA
BuildImpersonateTrusteeA
RegQueryValueA
RegSetValueA
CryptReleaseContext
BuildImpersonateTrusteeW
CryptGetDefaultProviderW
BuildExplicitAccessWithNameW
ImpersonateNamedPipeClient
CryptEnumProvidersA
RegConnectRegistryA
RegGetKeySecurity
GetSecurityDescriptorDacl
RegDeleteValueA
GetKernelObjectSecurity
ObjectCloseAuditAlarmW
RegEnumKeyW
CryptSetProvParam
CryptEncrypt
SetEntriesInAclW
OpenSCManagerW
AccessCheck
GetOldestEventLogRecord
OpenEventLogW

kernel32

SetProcessWorkingSetSize
GetThreadSelectorEntry
DuplicateHandle
GetLocaleInfoA
GetPrivateProfileIntW
GetTapeParameters
SetCommBreak
GetShortPathNameA
OpenFile
ReadConsoleInputA
FindAtomW
lstrcatW
SetConsoleCursorPosition
WriteConsoleW
EnumResourceLanguagesA
IsValidCodePage
GetVersionExW
WriteConsoleInputA
EnumSystemCodePagesW
SetEnvironmentVariableW
GenerateConsoleCtrlEvent
HeapWalk
CreateFiber
GetDiskFreeSpaceExW
BuildCommDCBAndTimeoutsW
GlobalFix
FatalAppExitA
GetCommProperties
LoadLibraryA
SystemTimeToFileTime
CallNamedPipeW
WritePrivateProfileStringW
ConnectNamedPipe
FindFirstChangeNotificationA
EndUpdateResourceW
CreateEventA
IsBadStringPtrW
DebugActiveProcess
ReadConsoleOutputA
GetFileSize
FlushViewOfFile
GetCPInfoExW
GetLongPathNameA
GetWindowsDirectoryW
LockResource
EnumCalendarInfoExW
CopyFileW
GetDevicePowerState
GetDefaultCommConfigA
GetConsoleTitleA
Process32First
CopyFileA
VirtualAlloc
WritePrivateProfileSectionA
SetTimeZoneInformation
DisconnectNamedPipe
SetConsoleOutputCP
FindResourceW
SetCommConfig
OpenEventA
GetEnvironmentStringsW
LocalHandle
GlobalLock
EnumDateFormatsExW
GetStringTypeA
FindNextChangeNotification
lstrcpy
GetStringTypeW
SetThreadAffinityMask
GetHandleInformation
TlsAlloc
VirtualProtect
SetDefaultCommConfigW
HeapCompact
PostQueuedCompletionStatus
FindNextFileW
GetFileAttributesExW
MultiByteToWideChar
GetThreadPriorityBoost
HeapFree
GlobalFindAtomA
SetLastError
EnumCalendarInfoW
MoveFileExW
FlushFileBuffers
SetThreadContext
WinExec
SetPriorityClass
IsDebuggerPresent
SetProcessShutdownParameters
WriteConsoleOutputW
ClearCommBreak
FindFirstFileExA
SetErrorMode
QueueUserAPC
FormatMessageA
MoveFileW
AllocConsole
GetCalendarInfoA
CreateEventW
OpenMutexA
VirtualFree
SetProcessPriorityBoost
ReadConsoleInputW
SetVolumeLabelW
CancelWaitableTimer
SetThreadPriorityBoost
Heap32ListNext
AreFileApisANSI
GetProfileStringA
GetEnvironmentVariableA
lstrcatA
ExitProcess
GlobalGetAtomNameW
SetLocaleInfoW
RemoveDirectoryW
SetHandleCount
lstrcmp
ConvertDefaultLocale
LCMapStringA
Sleep
lstrcmpi
CommConfigDialogW
GlobalHandle
GetDateFormatA
InitializeCriticalSectionAndSpinCount
WaitNamedPipeW
FindResourceExA
ResetEvent
GetUserDefaultLangID
CreateMailslotW

ole32

CreateObjrefMoniker
GetHookInterface
CoRegisterClassObject
CoRegisterMessageFilter
OleCreateFromFileEx
GetRunningObjectTable
OleSaveToStream
OleCreateFromDataEx
OleSetAutoConvert
GetHGlobalFromILockBytes
CoCreateGuid
OleBuildVersion
CoUnmarshalInterface
CoGetClassObject
OleIsCurrentClipboard
ReleaseStgMedium
CoCreateFreeThreadedMarshaler
StgGetIFillLockBytesOnFile
GetConvertStg
OleGetIconOfClass
OleDuplicateData
CoGetMarshalSizeMax
CoInitializeSecurity
StgCreateDocfileOnILockBytes
ReadStringStream
OleCreateDefaultHandler
OleCreateLinkToFile
CoRevokeMallocSpy
CreateBindCtx
CoGetPSClsid
OleSetClipboard
CoGetCurrentProcess
ReadFmtUserTypeStg
SetConvertStg
CoRegisterChannelHook
OleGetIconOfFile
StgOpenStorageEx
CoGetStandardMarshal
CreateDataCache
CoTaskMemAlloc
StringFromGUID2
OleTranslateAccelerator
CoFileTimeToDosDateTime
CoCopyProxy
OleCreateLinkFromData
OleCreateEx
IsEqualGUID
OleMetafilePictFromIconAndLabel
ReadClassStg
OleNoteObjectVisible
StgOpenAsyncDocfileOnIFillLockBytes
CoUninitialize
OleSetContainedObject
CreateDataAdviseHolder
OleInitialize
CoIsOle1Class
CoSwitchCallContext
CoGetMalloc
CoGetTreatAsClass
MonikerRelativePathTo
CoBuildVersion
CoTreatAsClass
CoInitializeEx
StgOpenStorageOnILockBytes
OleConvertOLESTREAMToIStorageEx
GetClassFile
WriteClassStg
CoFileTimeNow
MkParseDisplayName
OleIsRunning
OleUninitialize
CreateItemMoniker
StringFromIID
CreatePointerMoniker
OleConvertIStorageToOLESTREAMEx
CoQueryProxyBlanket
OleLockRunning
PropVariantCopy
CoReleaseMarshalData
ProgIDFromCLSID
OleCreateLinkToFileEx
StgCreateStorageEx
CoGetInstanceFromFile
OleConvertOLESTREAMToIStorage
CreateStreamOnHGlobal
CoRevertToSelf
MonikerCommonPrefixWith
CoGetObject
OleGetClipboard
DoDragDrop
OleRegGetUserType
CoRegisterSurrogate
OleCreateFromData
CoDisconnectObject
CLSIDFromProgID
ReadClassStm

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7797187cf77d8dc15e1a36e0bd019d7

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

advapi32

kernel32

ole32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 211B

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 211B