ce107bd8dd1e394fdccd2d0c9d607f639bf4abd36f03ef72bf41e3bd0a10f0fd

Sharing

Copy URL Twitter E-mail

General

Target

ce107bd8dd1e394fdccd2d0c9d607f639bf4abd36f03ef72bf41e3bd0a10f0fd
Size

136KB
MD5

e3b4eff8b99ad023ee60406bfab31c4a
SHA1

1be326400e3085cda5bc63bce015fccad4ee419a
SHA256

ce107bd8dd1e394fdccd2d0c9d607f639bf4abd36f03ef72bf41e3bd0a10f0fd
SHA512

751c4b47960493853b87ae9b75322916546666f42c0db502ababd059cb0faa61605d58e600adba5c83fb63dde170ef1d1a401c557a05412d22bc4bf06c4c478d
SSDEEP

3072:0/cVnJ/CdZyYkGdo/yMu3yjkE9/BFUBmi1Lx7toyqhEh:0/QnJ/C/yYVqjkC/c5Bo3h

Score

N/A

Malware Config

Signatures

Files

ce107bd8dd1e394fdccd2d0c9d607f639bf4abd36f03ef72bf41e3bd0a10f0fd
.exe windows x86

549f88f316bda038573cf24a8b746b39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmpbk32

PhoneBookEnumNumbers
PhoneBookEnumRegions
PhoneBookGetPhoneType
PhoneBookLoad
PhoneBookGetPhoneCanonicalA
PhoneBookGetCurrentCountryId
PhoneBookHasPhoneType
PhoneBookGetPhoneNonCanonicalA
PhoneBookMergeChanges
PhoneBookUnload
PhoneBookParseInfoA
PhoneBookCopyFilter
PhoneBookGetCountryId
PhoneBookEnumCountries
PhoneBookGetRegionNameA
PhoneBookGetCountryNameW
PhoneBookFreeFilter
PhoneBookGetPhoneDescA
PhoneBookMatchFilter
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetCountryNameA
PhoneBookGetPhoneDispA
PhoneBookGetPhoneDUNA

user32

RemoveMenu
SendMessageCallbackW
SetDlgItemTextW
SetDlgItemTextA
GetClipboardOwner
MsgWaitForMultipleObjectsEx
GetMenuItemCount
ToAscii
CheckMenuRadioItem
DrawTextA
GetClassLongA
GetKeyboardType
InvertRect
ModifyMenuW
MoveWindow
WCSToMBEx
PeekMessageW

wtsapi32

WTSVirtualChannelQuery
WTSSetUserConfigW
WTSVirtualChannelOpen
WTSFreeMemory
WTSVirtualChannelWrite
WTSEnumerateServersW
WTSWaitSystemEvent
WTSVirtualChannelClose
WTSUnRegisterSessionNotification
WTSQueryUserConfigW
WTSVirtualChannelPurgeInput
WTSDisconnectSession
WTSOpenServerW
WTSCloseServer
WTSSetSessionInformationA
WTSEnumerateProcessesW
WTSEnumerateSessionsW
WTSSetUserConfigA
WTSSetSessionInformationW

kernel32

TermsrvAppInstallMode
GetPrivateProfileIntW
AttachConsole
ActivateActCtx
VirtualAlloc
GetSystemTimeAsFileTime
SetFileShortNameW
LoadLibraryA
ReplaceFile
SetConsoleTextAttribute
FindFirstFileExA
CreateRemoteThread
GetLongPathNameA
GlobalSize
GlobalHandle
SetThreadUILanguage
GetSystemPowerStatus
DebugActiveProcess
PeekNamedPipe

softpub

OfficeInitializePolicy
SoftpubLoadMessage
SoftpubAuthenticode
SoftpubDefCertInit
SoftpubLoadDefUsageCallData
AddPersonalTrustDBPages
OfficeCleanupPolicy
HTTPSCertificateTrust
SoftpubInitialize
SoftpubLoadSignature
DriverInitializePolicy
DriverCleanupPolicy
GenericChainCertificateTrust
FindCertsByIssuer
OpenPersonalTrustDBDialog

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

549f88f316bda038573cf24a8b746b39

Headers

DLL Characteristics

File Characteristics

Imports

cmpbk32

user32

wtsapi32

kernel32

softpub

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 134KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 992B

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 134KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 992B