d2122a8910c134a18aad8f9553707ab6b1e59d0f327f06705c10b3fa57ef606f

Sharing

Copy URL

Twitter E-mail

General

Target

d2122a8910c134a18aad8f9553707ab6b1e59d0f327f06705c10b3fa57ef606f
Size

176KB
MD5

36f95abff0a42e1aababd9b60c281f8f
SHA1

782f4e935883d3ccf56e9a8ee701c39391ec0090
SHA256

d2122a8910c134a18aad8f9553707ab6b1e59d0f327f06705c10b3fa57ef606f
SHA512

3f8b4b7ddb3d50100307325bc2996b3e51dd1640319fc150424015d1bca8ea898999411fc0e7df860eeb4826a746b7e6c8feba23af03f028d087d3abb86f2b5c
SSDEEP

3072:H3LEBAHGwuJ6q9VwUw5wi8KVQbeElo1cx0tfJzLClv6Yjw5qm9oJl3HtmSKr:XLE6GHHVwJL5h9JzL0voT9cHO

Score

N/A

Malware Config

Signatures

Files

d2122a8910c134a18aad8f9553707ab6b1e59d0f327f06705c10b3fa57ef606f
.exe windows x86

04c656e95a9429dd2ea5412c9029ffec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

FlatSB_SetScrollRange
FlatSB_EnableScrollBar
PropertySheetA
CreatePropertySheetPage
ImageList_DragLeave
ImageList_GetFlags
MakeDragList
ShowHideMenuCtl
ImageList_GetImageInfo
DrawStatusText
ImageList_Read
CreateUpDownControl
ImageList_DragEnter
ImageList_AddMasked
ImageList_GetDragImage
ImageList_ReplaceIcon
DllGetVersion
FlatSB_GetScrollProp
ImageList_DragShowNolock
ImageList_LoadImage
PropertySheet
ImageList_Write
DrawStatusTextA
ImageList_DrawIndirect
CreateMappedBitmap
PropertySheetW
ImageList_SetImageCount
InitCommonControlsEx
ImageList_GetIconSize
DrawStatusTextW
FlatSB_GetScrollPos
ImageList_GetImageRect
ImageList_Merge
FlatSB_SetScrollPos
CreateStatusWindow

atmlib

ATMGetPostScriptNameA
ATMRemoveSubstFontA
ATMMakePSSW
ATMBBoxBaseXYShowTextA
ATMSelectObject
ATMGetFontInfoW
ATMGetVersionEx
ATMGetGlyphList
ATMGetVersionExW
ATMForceFontChange
ATMGetGlyphListA
ATMEnumFontsA
ATMFontAvailableW
ATMFontStatusA
ATMFontSelected
ATMEnumFontsW
ATMEnumMMFontsA
ATMBeginFontChange
ATMGetVersion
ATMXYShowText
ATMBBoxBaseXYShowTextW
ATMEndFontChange
ATMFontStatusW
ATMAddFontExW
ATMGetBuildStr
ATMGetNtmFieldsW
ATMMakePFM
ATMGetOutlineA
ATMMakePSSA
ATMGetBuildStrW
ATMAddFontEx
ATMGetVersionExA
ATMClient
ATMGetFontBBox
ATMGetPostScriptNameW

kernel32

HeapSummary
GetProcessShutdownParameters
SetConsoleTitleA
BaseFlushAppcompatCache
GetCurrentProcessId
EnumSystemCodePagesW
HeapQueryInformation
FindClose
ScrollConsoleScreenBufferW
RemoveDirectoryW
LockFileEx
SetSystemTimeAdjustment
GetTimeZoneInformation
AddLocalAlternateComputerNameA
EnumResourceLanguagesA
FindNextFileA
LocalFlags
GetFirmwareEnvironmentVariableW
VirtualAlloc
GetFileSize
FindNextVolumeMountPointA
LoadLibraryA
EnumSystemLanguageGroupsA
FindFirstChangeNotificationW
AddAtomA
Process32Next
DisconnectNamedPipe
CreateWaitableTimerW
OutputDebugStringA
QueryPerformanceCounter
ReadFileEx
SetComputerNameA
ClearCommError
HeapDestroy
BaseInitAppcompatCacheSupport
WritePrivateProfileSectionA
AreFileApisANSI
BaseUpdateAppcompatCache
GetLongPathNameW
GetVolumeNameForVolumeMountPointA
SetConsoleMenuClose
SetCommConfig
LoadLibraryExW
GetOEMCP
FileTimeToLocalFileTime
GetWriteWatch
LZRead
GetACP
GetTempPathA
lstrcat
GetProcessVersion
CompareFileTime
WritePrivateProfileStringW
Heap32First
EnumDateFormatsExW
FindFirstFileExA
CreateMemoryResourceNotification
GetSystemDefaultUILanguage
GlobalUnfix
TryEnterCriticalSection
GetStringTypeW
GetThreadPriority
GetDiskFreeSpaceA
WriteConsoleA
GetPrivateProfileSectionW
GetConsoleAliasA
GlobalGetAtomNameA
WriteProfileSectionA
SetFileApisToOEM
GetProfileIntW
IsProcessorFeaturePresent
SetConsoleCursor
IsBadHugeWritePtr
GetEnvironmentStringsW
LCMapStringW

oleaut32

VarI8FromUI1
VarCyCmpR8
DosDateTimeToVariantTime
VarDateFromI4
VarR4FromCy
VarDecFromR4
VarR8FromUI1
CreateDispTypeInfo
SafeArrayDestroyData
VarDecFromI2
DllGetClassObject
VarUI8FromI2
VarBoolFromCy
VarDateFromDec
VarUI4FromUI2
VarDecDiv
VarCat
VARIANT_UserUnmarshal
SafeArrayDestroy
VarDateFromDisp
VarUI1FromI1
VarIdiv
VarUI8FromR4
VarDateFromUI4
SysFreeString
VarCyFromR4
VarDecFromUI1
UnRegisterTypeLib
VarUI4FromI4
VarDecFromBool
VarCyNeg
DispCallFunc
VARIANT_UserMarshal
VarI1FromDec
BstrFromVector
VarFormatCurrency
SafeArraySetIID
VarCyAbs
VarUI8FromI1
VarUI4FromI8
CreateTypeLib
VarI4FromUI2
DispGetIDsOfNames
VarDecFromI4

msvcrt40

??_Efilebuf@@UAEPAXI@Z
_wtmpnam
?bitalloc@ios@@SAJXZ
ispunct
_ismbbkana
sqrt
_aexit_rtn
??1__non_rtti_object@@UAE@XZ
_wpopen
?fill@ios@@QBEDXZ
_wsearchenv
_fpclass
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
__unDName
wcscoll
printf
??_8iostream@@7Bostream@@@
feof
??_8ofstream@@7B@
wcslen
??5istream@@QAEAAV0@AAO@Z
abort
malloc
strcmp
_spawnle
_chsize
_fileno
_adj_fdivr_m16i
memcpy
putwc
cosh
??4ios@@IAEAAV0@ABV0@@Z
_wchdir
??_7exception@@6B@
_adj_fdiv_m32i
isgraph
_CIcos
??_7istrstream@@6B@
iscntrl
?sync@stdiobuf@@UAEHXZ
?terminate@@YAXXZ
isupper
tmpnam
_fgetwchar
_execvpe

wintrust

SoftpubFreeDefUsageCallData
TrustDecode
CatalogCompactHashDatabase
WVTAsn1CatNameValueEncode
CryptSIPGetInfo
SoftpubAuthenticode
WintrustGetRegPolicyFlags
WTHelperProvDataFromStateData
CryptCATOpen
CryptCATCatalogInfoFromContext
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcLinkEncode
WintrustLoadFunctionPointers
WVTAsn1SpcMinimalCriteriaInfoDecode
IsCatalogFile
WTHelperGetProvPrivateDataFromChain
SoftpubCheckCert
WVTAsn1SpcPeImageDataDecode
CryptCATAdminEnumCatalogFromHash
CryptCATCDFOpen
AddPersonalTrustDBPages
SoftpubLoadSignature
CryptCATCDFEnumCatAttributes
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
SoftpubDefCertInit
WinVerifyTrustEx
WVTAsn1SpcSpOpusInfoEncode
CryptSIPGetSignedDataMsg
WVTAsn1CatMemberInfoEncode
SoftpubLoadMessage
mssip32DllUnregisterServer
HTTPSFinalProv
CryptCATAdminRemoveCatalog
CryptCATCDFEnumMembersByCDFTag
OpenPersonalTrustDBDialog
WintrustCertificateTrust
SoftpubCleanup
CryptCATAdminCalcHashFromFileHandle
WTHelperGetKnownUsages
WTHelperGetAgencyInfo

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04c656e95a9429dd2ea5412c9029ffec

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

atmlib

kernel32

oleaut32

msvcrt40

wintrust

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 45KB - Virtual size: 241KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 45KB - Virtual size: 241KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B