9b28f949a79e6b894536e15a7a18e6aae2e9437b553a3c76b83abe179168dd33

Sharing

Copy URL Twitter E-mail

General

Target

9b28f949a79e6b894536e15a7a18e6aae2e9437b553a3c76b83abe179168dd33
Size

176KB
MD5

48b2f76630cca8882f9afe4ae811b55a
SHA1

254237c1cf3dc0e0df4c0a4f27241bcf3da3fe20
SHA256

9b28f949a79e6b894536e15a7a18e6aae2e9437b553a3c76b83abe179168dd33
SHA512

12280e51e9d8fc30c3726e0eab1796202572f8d81537f811da669f5806998950ee1515336855e7a58a94e291c2262262b209b4277e3e12fa1779192847ec6dc6
SSDEEP

3072:AkZRhDYQEkk2WvGR+5vcCmAJ3rFzn40SoHyYngWGFSyfoPgNhv:AkZHHLTWvI0vnmA1J40nyMHIo6Z

Score

N/A

Malware Config

Signatures

Files

9b28f949a79e6b894536e15a7a18e6aae2e9437b553a3c76b83abe179168dd33
.exe windows x86

179c18344a55b50dcf6479e9c8b15d9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

admparse

AdmClose

rpcrt4

RpcMgmtInqStats
NdrVaryingArrayBufferSize
UuidFromStringW
NdrCorrelationInitialize
NdrPartialIgnoreServerUnmarshall
I_RpcReallocPipeBuffer
I_RpcNsInterfaceUnexported
NdrNonConformantStringBufferSize
NdrPointerUnmarshall
NdrNonConformantStringUnmarshall
RpcSmClientFree
RpcObjectInqType
NdrContextHandleSize
NdrAsyncClientCall
NdrConformantStructMemorySize
I_RpcBindingHandleToAsyncHandle
NdrRpcSmClientFree
RpcBindingSetAuthInfoW
RpcMgmtInqServerPrincNameW
NdrDllRegisterProxy
I_RpcBindingToStaticStringBindingW
RpcBindingToStringBindingA
CStdStubBuffer_DebugServerRelease
NdrProxyInitialize
NdrNsGetBuffer
NdrTypeFree
RpcSmSetThreadHandle
UuidCompare
RpcBindingSetObject
I_RpcSsDontSerializeContext
RpcServerInqBindings
RpcEpResolveBinding
I_RpcBindingInqDynamicEndpointW
NdrMesTypeDecode2
RpcSmFree
NdrFullPointerFree
NdrpReleaseTypeFormatString
NdrPartialIgnoreClientMarshall
NdrFixedArrayFree
CStdStubBuffer_Disconnect
NdrConformantArrayFree
I_RpcSend
NdrNsSendReceive
I_RpcMapWin32Status
CStdStubBuffer_QueryInterface
RpcNetworkInqProtseqsA
RpcServerUseAllProtseqsIfEx

kbdru1

KbdLayerDescriptor

msvcirt

?cerr@@3Vostream_withassign@@A
??_8ostream@@7B@
??_7ifstream@@6B@
??_8fstream@@7Bistream@@@
??_7ostrstream@@6B@
??_8strstream@@7Bostream@@@

netplwiz

DllCanUnloadNow

wmi

ControlTraceA
WmiDevInstToInstanceNameW
WmiSetSingleInstanceW
WmiNotificationRegistrationA

oleprn

DllCanUnloadNow
DllUnregisterServer
DllRegisterServer
DllGetClassObject

wtsapi32

WTSSendMessageA
WTSFreeMemory
WTSSetSessionInformationA
WTSTerminateProcess

imm32

ImmSetConversionStatus
ImmIMPSetIMEA
ImmSetActiveContext
ImmRegisterWordW
ImmConfigureIMEA
ImmGetImeInfoEx
ImmUnlockClientImc
ImmCreateIMCC
ImmGetIMCLockCount
ImmGetHotKey
ImmSetActiveContextConsoleIME

kbdfo

KbdLayerDescriptor

mciwave

DriverProc

qdv

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

sendmail

DllGetClassObject
DllCanUnloadNow

avicap32

videoThunk32

query

?CoTaskAllocator@@3VCCoTaskAllocator@@A
DoneFILTERPerformanceData
InitializeFILTERPerformanceData
CITextToSelectTreeEx

odbc32

SQLDataSources
SQLSpecialColumns
SQLSetConnectAttrA
SQLDriversW
SQLForeignKeysW
SQLSetConnectOptionW
SQLSetConnectAttr
SQLGetTypeInfoA
SQLProcedureColumnsW
SQLPrepareW
CollectODBCPerfData
SQLDrivers
SQLSpecialColumnsW
SQLAllocHandle
SQLTablePrivilegesW
SQLFreeEnv
SQLDriversA

mfc42u

DllGetClassObject

sfc_os

SfcGetNextProtectedFile
SfcIsFileProtected

kernel32

GetCurrencyFormatA
GetLongPathNameW
SetThreadPriority
SetCommBreak
IsBadStringPtrA
UnregisterConsoleIME
ConvertThreadToFiber
LocalReAlloc
GetVersion
CallNamedPipeA
FlushConsoleInputBuffer
EnumerateLocalComputerNamesW
GetUserDefaultLangID
LocalFileTimeToFileTime
NlsGetCacheUpdateCount
GetLastError
QueryDosDeviceA
GetDateFormatA
FindAtomW
VirtualAllocEx
LocalSize
LeaveCriticalSection
UTRegister
GetProcAddress
GetConsoleFontSize
GetLogicalDriveStringsW
AddAtomA

user32

GetKeyNameTextA
ChangeClipboardChain
DispatchMessageW
IsHungAppWindow
CreateDialogIndirectParamAorW
PeekMessageA
BuildReasonArray
EnumThreadWindows
GetGuiResources
SetScrollInfo
IsWindowUnicode
RegisterClassA
EnumWindowStationsW
GetRawInputBuffer
LoadRemoteFonts
IMPSetIMEA
TranslateAccelerator
NotifyWinEvent
SendMessageA
PrivateExtractIconsA
DdeInitializeA
HideCaret
LoadImageA
GetMenuBarInfo
IsCharUpperW
RealGetWindowClassW
GetKeyboardLayoutList
EnumPropsA
LoadLocalFonts
OpenWindowStationA
IsChild

apphelp

SdbFindFirstTagRef
SdbReadWORDTag
SdbGetPermLayerKeys
ApphelpCheckRunApp
SdbOpenApphelpDetailsDatabase
SdbGetDatabaseVersion
SdbSetPermLayerKeys

wintrust

CryptCATCDFEnumAttributes
CryptCATAdminAcquireContext
WTHelperCertIsSelfSigned
CryptCATCDFEnumMembersByCDFTagEx
SoftpubInitialize
WTHelperGetFileHash
CryptCATAdminRemoveCatalog
CryptCATAdminCalcHashFromFileHandle
WintrustGetDefaultForUsage
TrustFindIssuerCertificate
SoftpubCleanup
MsCatConstructHashTag
WVTAsn1SpcLinkEncode
WVTAsn1SpcSpOpusInfoDecode

Sections

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

179c18344a55b50dcf6479e9c8b15d9b

Headers

DLL Characteristics

File Characteristics

Imports

admparse

rpcrt4

kbdru1

msvcirt

netplwiz

wmi

oleprn

wtsapi32

imm32

kbdfo

mciwave

qdv

sendmail

avicap32

query

odbc32

mfc42u

sfc_os

kernel32

user32

apphelp

wintrust

Sections

.edata Size: 2KB - Virtual size: 1KB

.edata Size: 24KB - Virtual size: 24KB

.data Size: 120KB - Virtual size: 194KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 1KB

.edata
Size: 24KB - Virtual size: 24KB

.data
Size: 120KB - Virtual size: 194KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB