363c8ccdc115db158b1c4d46b5bcfd62b2b7eeb2aca814622f0e336bd63600b3

Sharing

Copy URL Twitter E-mail

General

Target

363c8ccdc115db158b1c4d46b5bcfd62b2b7eeb2aca814622f0e336bd63600b3
Size

28KB
MD5

15a85bd34c5939bf9f7bcfe1fc39b260
SHA1

1b2a5f78b3f78f4d242e92ad8345abc66ac56232
SHA256

363c8ccdc115db158b1c4d46b5bcfd62b2b7eeb2aca814622f0e336bd63600b3
SHA512

b083db7705e97531204800566d7960463a0d00e859997c7960cd3ddba43004bbf944d0f5f725c83bae54adacdb31b897fb66dbb968f74f8343ea0bfffcec2fbf
SSDEEP

384:oBbAHJQzEXBMigpHIdacb34guJBZiuzm2OqS32u2OqyO8zq6GGbzchbVKc9RyVNY:oB0HLBMRodzRchbVZR0+k/0I/kIUd

Score

N/A

Malware Config

Signatures

Files

363c8ccdc115db158b1c4d46b5bcfd62b2b7eeb2aca814622f0e336bd63600b3
.exe windows x86

cb0f9248ab90c9be4a9127ba8c0c32c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
LoadLibraryExA
ScrollConsoleScreenBufferW
lstrcpyA
SetCurrentDirectoryA
GetVersionExA
MultiByteToWideChar
lstrlenA
CreateDirectoryA
GetLastError
TerminateProcess
FormatMessageA
GetTapeStatus
LocalFree
lstrcpynA
VirtualAlloc
LoadLibraryA
Sleep
CreateFileA
SetUnhandledExceptionFilter
GetTickCount
SetConsoleCursor
CreateFileW
GetPrivateProfileIntA
GetCurrentProcessId
DeviceIoControl
UnhandledExceptionFilter
QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
CreateMutexA
HeapFree
GetSystemDirectoryA
MoveFileA
CloseHandle
GetWindowsDirectoryA
GetFileAttributesExW

avifil32

AVIFileOpen
EditStreamSetInfo

colbact

DllRegisterServer
DllUnregisterServer
DllGetClassObject

msvcrt

_searchenv
_findnext
_ismbslead
islower
_chdir
_initterm
_wfindfirsti64
_getws
_write
_adj_fdivr_m16i
_close
_adjust_fdiv
__p___winitenv
_ismbbgraph
free
_lsearch
_ismbcl2
modf
_Getmonths
fseek

dciman32

DCICreatePrimary
WinWatchOpen
DCISetSrcDestClip
WinWatchGetClipList
DCISetDestination
DCICloseProvider
DCIEndAccess
WinWatchNotify
DCIDraw
GetWindowRegionData
WinWatchClose
DCIBeginAccess
DCIDestroy

user32

GetKeyboardLayoutNameW
SetPropA
UnregisterDeviceNotification
OpenDesktopW
DeviceEventWorker
SendMessageW
LoadStringA
OemKeyScan
ClientThreadSetup
TranslateAcceleratorW
IsCharAlphaNumericA
UnionRect
BeginDeferWindowPos
MessageBoxA
ValidateRect
GetClipboardFormatNameW
GetDesktopWindow
DrawMenuBarTemp
PeekMessageA
GetMenuContextHelpId
EnumPropsW
GetWindowTextA
DispatchMessageA
UpdateLayeredWindow
LoadMenuIndirectW
wsprintfA
DefWindowProcW
UnhookWinEvent
LoadIconA
TrackMouseEvent
DefFrameProcA
VkKeyScanExW
DestroyIcon
InvertRect
ModifyMenuW
MapVirtualKeyExW
CreateDialogIndirectParamW
TranslateMessage
DeregisterShellHookWindow
GetPriorityClipboardFormat
CreateDesktopW
DrawCaptionTempA
OpenInputDesktop
SetMenu
DrawStateA
GetClipboardFormatNameA
MBToWCSEx
SetMenuItemInfoA
CharUpperW
EnumPropsA
IsRectEmpty
EditWndProc
SystemParametersInfoW
DrawFrame
SendInput
DefDlgProcW

shell32

SHQueryRecycleBinW
DragQueryPoint
SheGetDirA
SHCreateProcessAsUserW
SHIsFileAvailableOffline
SHGetPathFromIDListA
ExtractIconEx
StrStrIW
SHGetDesktopFolder
DllUnregisterServer
SHFileOperationW
SHFileOperationA
Control_RunDLLAsUserW
SHGetPathFromIDList
StrStrIA
DragQueryFile
SHInvokePrinterCommandA
SheSetCurDrive
SHInvokePrinterCommandW
StrStrW
CheckEscapesW
StrCmpNIW
ShellExecuteEx
DllInstall
SHLoadInProc
SHFormatDrive
SheChangeDirExW
StrCmpNIA
Shell_NotifyIconW
StrRChrA
DragQueryFileA
OpenAs_RunDLLA
StrRChrW
SHBrowseForFolderA

mtxoci

oparse
ologof
ologTransacted
odescr
oopt
MTxOciRegisterCursor
opinit
Enlist

synceng

AddFolderTwin
CloseBriefcase
RemoveAllTwinsFromTwinList
IsPathOnVolume
FindFirstBriefcase
CreateFolderTwinList
DeleteBriefcase
DestroyTwinList
FindNextBriefcase
GetFolderTwinStatus
IsOrphanObjectTwin
FindBriefcaseClose
CompareFileStamps
IsFolderTwin
CountSourceFolderTwins
OpenBriefcase
CreateRecList
GetOpenBriefcaseInfo
SaveBriefcase
CreateTwinList
DestroyFolderTwinList
ReleaseTwinHandle
AddTwinToTwinList
ReconcileItem
GetObjectTwinHandle
RemoveTwinFromTwinList
BeginReconciliation
GetFileStamp
EndReconciliation
ClearBriefcaseCache
GetVolumeDescription
DestroyRecList
DeleteTwin
AddObjectTwin
AddAllTwinsToTwinList
AnyTwins

pid

DllGetClassObject
DllCanUnloadNow

advapi32

LookupPrivilegeValueA
RegQueryValueExA
WmiNotificationRegistrationW
CryptSetHashParam
OpenTraceW
SystemFunction008
OpenProcessToken
RegDeleteValueA
I_ScPnPGetServiceName
AccessCheckByTypeResultListAndAuditAlarmW
GetAclInformation
RegEnumKeyExW
BuildTrusteeWithObjectsAndNameA
LookupAccountSidA
SystemFunction002
LsaEnumerateTrustedDomainsEx
RemoveTraceCallback
SetEntriesInAclW
CommandLineFromMsiDescriptor
RegUnLoadKeyA
FreeSid
RegCloseKey
FindFirstFreeAce
DuplicateTokenEx
LsaLookupPrivilegeValue
AllocateAndInitializeSid
ProcessTrace
WmiQueryAllDataW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameW
CloseServiceHandle
SetTraceCallback
RegEnumValueA
GetSecurityDescriptorDacl
ConvertSecurityDescriptorToAccessNamedA
RegSetValueExA
ObjectOpenAuditAlarmA

ntshrui

GetLocalPathFromNetResourceW
GetLocalPathFromNetResourceA
IsPathShared
GetNetResourceFromLocalPath
IsPathSharedA
DllCanUnloadNow
GetLocalPathFromNetResource
IsPathSharedW
GetNetResourceFromLocalPathA
GetNetResourceFromLocalPathW
DllGetClassObject

mpr

WNetGetProviderTypeA
WNetClearConnections
WNetGetNetworkInformationA
WNetOpenEnumW
WNetGetConnectionA
WNetFormatNetworkNameW
WNetSetLastErrorW
WNetGetConnection2W
WNetSupportGlobalEnum
WNetSetConnectionA
MultinetGetConnectionPerformanceW
WNetGetConnectionW
WNetGetPropertyTextW
WNetAddConnection3W
WNetUseConnectionW
WNetOpenEnumA
WNetGetUniversalNameA
WNetAddConnection2A
WNetCancelConnection2W
WNetGetUserA
WNetConnectionDialog2
WNetDisconnectDialog
WNetGetConnection3W
WNetEnumResourceA
WNetPasswordChangeNotify
WNetCancelConnectionA
WNetDisconnectDialog1A
WNetGetResourceParentW
WNetDisconnectDialog2
WNetPropertyDialogA
WNetCloseEnum
WNetAddConnectionA
WNetGetConnection2A
WNetGetDirectoryTypeA
WNetDisconnectDialog1W
WNetGetProviderTypeW
WNetGetDirectoryTypeW
WNetCancelConnection2A
WNetGetConnection3A
WNetGetLastErrorA
WNetGetSearchDialog
WNetPropertyDialogW
WNetDirectoryNotifyW
WNetGetPropertyTextA

Sections

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb0f9248ab90c9be4a9127ba8c0c32c7

Headers

File Characteristics

Imports

kernel32

avifil32

colbact

msvcrt

dciman32

user32

shell32

mtxoci

synceng

pid

advapi32

ntshrui

mpr

Sections

.rsrc Size: 1024B - Virtual size: 928B

.text Size: 15KB - Virtual size: 14KB

.data Size: - Virtual size: 64KB

.rdata Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 928B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: - Virtual size: 64KB

.rdata
Size: 11KB - Virtual size: 10KB