b1234f161378c6e1260dbe347e99fd47bd8e761ad9aa0be985a81c40f72bf405

Sharing

Copy URL

Twitter E-mail

General

Target

b1234f161378c6e1260dbe347e99fd47bd8e761ad9aa0be985a81c40f72bf405
Size

175KB
MD5

7a9fe7b0e26e4d1a0c10dfbbfd48af77
SHA1

09ebf9472bf04d3fcfac120f5f150f2556220b89
SHA256

b1234f161378c6e1260dbe347e99fd47bd8e761ad9aa0be985a81c40f72bf405
SHA512

f3cadc106c633104f93824a3bd16a06865a01f9063f7b79afd05c2f9f84171625481e54666c60286d76c6eb07f7969a142bdc6641f490b5b97977d20bd920685
SSDEEP

3072:RdzggGXwJRQbL6HEURNj+Ve3cYaInrCZQq0BdG/CEDajWncQNSsQ:RZ/GTX6zzqe3cI+Zf0Gqx6t

Score

N/A

Malware Config

Signatures

Files

b1234f161378c6e1260dbe347e99fd47bd8e761ad9aa0be985a81c40f72bf405
.exe windows x86

f2c294f371197efa8bcbd0f5513d0a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFileEx
SetCommBreak
QueueUserWorkItem
RtlUnwind
SetProcessPriorityBoost
TlsSetValue
SetComputerNameW
WaitForSingleObjectEx
OutputDebugStringA
GetFirmwareEnvironmentVariableW
GetConsoleCommandHistoryLengthW
lstrcpyn
SetConsoleCtrlHandler
DebugSetProcessKillOnExit
FindFirstVolumeMountPointW
LZCloseFile
GetCommMask
GetConsoleAliasW
GetAtomNameW
SetConsoleNumberOfCommandsA
SetMessageWaitingIndicator
RaiseException
lstrcmpA
ReplaceFile
GetTempFileNameA
SetConsolePalette
LoadLibraryExA
WTSGetActiveConsoleSessionId
OpenConsoleW
lstrcmp
IsBadStringPtrA
QueryActCtxW
PrivCopyFileExW
WriteFileGather
GetEnvironmentStringsA
UnlockFileEx
WaitCommEvent
GetProcAddress
GetCompressedFileSizeA
UnregisterWait
EndUpdateResourceW
GetMailslotInfo
WriteProcessMemory
GetCPInfoExA
ClearCommBreak
Module32First
VerifyVersionInfoA
AreFileApisANSI
OpenWaitableTimerA
GlobalMemoryStatus
UnhandledExceptionFilter
CreateProcessInternalA
GetSystemTimeAdjustment
HeapWalk
GetVersion
BaseCleanupAppcompatCacheSupport
WriteConsoleInputA
ReleaseSemaphore
GetTapeParameters
GetProcessWorkingSetSize
SetConsoleCursor
LocalHandle
FileTimeToSystemTime
IsBadHugeWritePtr
GetModuleFileNameA
SetCommMask
FlushViewOfFile
GlobalGetAtomNameW
WriteProfileSectionW

user32

DrawTextExW
HideCaret
CharNextA
GetInputDesktop
DdeClientTransaction
OemToCharW
SetMenuItemBitmaps
SwitchToThisWindow
EnumWindowStationsA
DdeDisconnect
CreateWindowExW
SetTaskmanWindow
SetCapture
WinHelpA
SetLayeredWindowAttributes
DestroyCursor
GetWindowWord
MenuItemFromPoint
GetKeyboardLayoutNameW
LoadBitmapW
SetMenu
SystemParametersInfoA
DestroyAcceleratorTable
ExcludeUpdateRgn
DdeNameService
LoadImageW
AdjustWindowRectEx
RegisterClassExA
CreateDialogParamW
IsGUIThread
SetClassLongW
PrivateExtractIconExA
GetMenuItemInfoA
DestroyCaret
SetPropW
GetProcessWindowStation
GetThreadDesktop
IsWindowVisible
IsRectEmpty
AppendMenuA
CreatePopupMenu
DdeKeepStringHandle
SetScrollPos
GetNextDlgTabItem
PostMessageA
SetWindowTextA
GetClassInfoExA
ToUnicode
EnumDisplayMonitors
ScrollDC
GetDlgItemTextW
SetMenuItemInfoW
GetWindowTextA

advapi32

RegEnumValueW
SystemFunction022
SetSecurityDescriptorRMControl
DeleteService
UpdateTraceA
QueryServiceStatus
CloseCodeAuthzLevel
SetPrivateObjectSecurity
CryptExportKey
ElfOldestRecord
RegCreateKeyExW
DeregisterEventSource
WmiReceiveNotificationsW
AddAccessDeniedObjectAce
StartTraceW
GetPrivateObjectSecurity
RegQueryInfoKeyW
MakeSelfRelativeSD
WmiQuerySingleInstanceA
LsaICLookupSidsWithCreds
OpenServiceA
LsaOpenAccount
QueryRecoveryAgentsOnEncryptedFile
RegNotifyChangeKeyValue
LsaCreateAccount
LsaSetInformationTrustedDomain
LookupPrivilegeNameW
LsaQuerySecret
GetWindowsAccountDomainSid
EnumServicesStatusExW
DuplicateEncryptionInfoFile
SetEntriesInAclA
ConvertStringSDToSDRootDomainW

shell32

DuplicateIcon
SHBrowseForFolderA
StrRStrIW
StrChrIW

comctl32

CreatePropertySheetPageA
ImageList_GetIcon
GetMUILanguage
ImageList_Write
ImageList_SetFlags

ole32

OleLoad
CoInitialize
StringFromCLSID
CoGetClassVersion
CLSIDFromProgID

version

GetFileVersionInfoW
VerQueryValueW

urlmon

IsLoggingEnabledW
CoInternetCombineUrl
RegisterBindStatusCallback
IsAsyncMoniker
CDLGetLongPathNameW
RegisterFormatEnumerator
ReleaseBindInfo
URLOpenBlockingStreamW
URLDownloadW

winmm

midiInGetID
mciGetErrorStringW
waveInGetID
midiInOpen
waveOutGetPlaybackRate
OpenDriver
midiOutGetErrorTextA
waveOutClose
midiOutGetDevCapsA
mmioGetInfo
midiInAddBuffer
midiStreamOut
mci32Message

sqlunirl

_GetTextExtentExPoint_@28
_CommDlg_OpenSave_GetSpec@12
_QueryServiceConfig_@16
_LoadLibraryEx_@12
_CopyMetaFile_@8
_GlobalFindAtom_@4
_VkKeyScanEx_@8
_CreateWindowStation_@16
_FindWindow_@8
_GetTempPath_@8

crypt32

CryptUnprotectData
RegOpenHKCUKeyExU
CertFreeCertificateChainEngine
CryptGetDefaultOIDFunctionAddress
CertAddCRLContextToStore
I_CryptInstallAsn1Module
CertFreeCertificateChain
CryptEncodeObjectEx
CryptEncodeObject
CertSerializeCRLStoreElement
CryptGetMessageCertificates

d3dim

FlushD3DDevices
D3DMalloc

crtdll

__dllonexit
_strset
__doserrno
iswpunct
_eof
system
_cscanf
_getdllprocaddr
_fpclass

loadperf

LoadPerfCounterTextStringsA
LoadPerfCounterTextStringsW
InstallPerfDllW

Sections

.Ad
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OQCF
Size: 3KB - Virtual size: 43KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.G
Size: 125KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c294f371197efa8bcbd0f5513d0a75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

comctl32

ole32

version

urlmon

winmm

sqlunirl

crypt32

d3dim

crtdll

loadperf

Sections

.Ad Size: 18KB - Virtual size: 17KB

.rdata Size: 7KB - Virtual size: 6KB

.OQCF Size: 3KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 8KB

.G Size: 125KB - Virtual size: 203KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 3KB - Virtual size: 64KB

.Ad
Size: 18KB - Virtual size: 17KB

.rdata
Size: 7KB - Virtual size: 6KB

.OQCF
Size: 3KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 8KB

.G
Size: 125KB - Virtual size: 203KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 3KB - Virtual size: 64KB