cd79cee4cdb5c0011754bce2b59c4d80ae544256baf8cfb34f25bce12ded4df4

Sharing

Copy URL Twitter E-mail

General

Target

cd79cee4cdb5c0011754bce2b59c4d80ae544256baf8cfb34f25bce12ded4df4
Size

348KB
MD5

585bef67a54610ce3a785740210774d7
SHA1

dc57303547d1f4e8958a93252947e880e58cfdcd
SHA256

cd79cee4cdb5c0011754bce2b59c4d80ae544256baf8cfb34f25bce12ded4df4
SHA512

f72119750309de416f87dde2443e95832f1bc4d0bef858008ecbbca3baec9fda0ba1e39d7456da41dd7cc72c8deea2dbc486e7355b04c663c7d3545f352e056f
SSDEEP

6144:s+ESivpmmbKzzg19P9d+4UGPr80h6rL3j3GFwH4IC51xOH:GSivpA74Ugth6P3iCHc/+

Score

N/A

Malware Config

Signatures

Files

cd79cee4cdb5c0011754bce2b59c4d80ae544256baf8cfb34f25bce12ded4df4
.exe windows x86

4a68a20f278d0acaf9a8dc081bd8cfd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

GetErrorInfo
VariantTimeToSystemTime
GetRecordInfoFromGuids
SafeArrayGetDim
SafeArrayCreate
SafeArrayGetElement
SysAllocStringByteLen
SafeArrayGetVartype
LoadRegTypeLi
SafeArrayUnlock
SafeArrayLock
DispCallFunc
SafeArrayCopy
SafeArrayGetLBound
VarBstrFromDate
VarBstrCmp
SysStringByteLen
SysStringLen
VariantChangeType
VarDateFromUdate
SafeArrayGetUBound
SafeArrayUnaccessData
VariantCopyInd
VariantInit
SysFreeString
SafeArrayCreateVectorEx
SystemTimeToVariantTime
SafeArrayRedim
SysAllocString
SafeArrayDestroy
VarDateFromStr
VariantCopy
SysAllocStringLen
VariantClear
SafeArrayAccessData
LoadTypeLi

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathCompactPathExW
PathAppendW
PathCompactPathW
StrRetToStrW
StrChrW
StrRStrIW
PathFileExistsW
ColorAdjustLuma
PathIsDirectoryW

user32

BeginPaint
ReleaseDC
IsCharAlphaNumericW
IntersectRect
CopyRect
InflateRect
TabbedTextOutW
CharNextW
ShowWindow
GetWindowThreadProcessId
ModifyMenuW
IsMenu
GetTabbedTextExtentW
GetActiveWindow
GetCapture
GetMessagePos
GetWindowTextW
DestroyIcon
LoadCursorW
GetDlgItem
GetMessageW
WindowFromPoint
CreatePopupMenu
LoadBitmapW
IsWindowVisible
GetParent
PtInRect
OffsetRect
GetMenuItemCount
SetClipboardData
IsDialogMessageW
CallWindowProcW
LoadImageW
MapDialogRect
GetFocus
SystemParametersInfoW
MessageBeep
UnhookWindowsHookEx
BeginDeferWindowPos
GetWindow
IsChild
IsCharAlphaW
KillTimer
DrawStateW
ScrollWindowEx
SendMessageW
GetSysColor
GetScrollPos
IsClipboardFormatAvailable
GetDC
PostMessageW
TranslateAcceleratorW
GetNextDlgTabItem
PeekMessageW
ClientToScreen
DestroyWindow
FindWindowW
InvalidateRect
IsCharLowerW
MessageBoxW
UpdateWindow
SetRectEmpty
LockWindowUpdate
CharLowerW
AnimateWindow
DrawFocusRect
TranslateMessage
RemoveMenu
IsRectEmpty
ScreenToClient
MoveWindow
SetDlgItemTextW
TrackPopupMenu
DrawIconEx
DefWindowProcW
DeferWindowPos
SetFocus
SetWindowPos
SetWindowPlacement
GetWindowPlacement
SetScrollInfo
PostQuitMessage
GetSystemMetrics
GetMenu
SetWindowsHookExW
EndDialog
LoadAcceleratorsW
GetWindowRect
SetMenu
DrawEdge
EnableWindow
SetTimer
CallNextHookEx
UnregisterClassA
ReleaseCapture
GetDesktopWindow
LoadMenuW
ExitWindowsEx
OpenClipboard
RegisterClassExW
CloseClipboard
GetKeyState
SetForegroundWindow
MsgWaitForMultipleObjects
EqualRect
EndPaint
GetSubMenu
GetScrollInfo
MonitorFromPoint
SetWindowTextW
GetMenuItemInfoW
DeleteMenu
EnableMenuItem
SetMenuItemInfoW
SetCursor
GetClipboardData
EmptyClipboard
GetClassInfoExW
CreateDialogParamW
wsprintfW
CharUpperBuffW
TrackPopupMenuEx
SetCapture
GetGUIThreadInfo
CreateWindowExW
SetCursorPos
GetClientRect
LoadStringA
GetMonitorInfoW
DrawFrameControl
FillRect
GetTopWindow
RegisterWindowMessageW
DrawAnimatedRects
GetWindowLongW
SetWindowLongW
GetCursor
AttachThreadInput
LoadStringW
GetSystemMenu
GetForegroundWindow
IsWindowEnabled
GetClassNameW
DialogBoxParamW
SetScrollPos
DestroyMenu
DrawTextW
CharUpperW
GetWindowDC
GetCursorPos
GetDlgCtrlID
AppendMenuW
EndDeferWindowPos
IsIconic
WindowFromDC
IsWindow
FrameRect
GetWindowTextLengthW
GetSysColorBrush
RedrawWindow
DispatchMessageW
SetMenuDefaultItem
MapWindowPoints
LoadIconW

ole32

CoGetInterfaceAndReleaseStream
CLSIDFromProgID
StringFromCLSID
CoInitializeSecurity
CoCreateInstance
CoResumeClassObjects
StringFromGUID2
CoInitializeEx
CoTaskMemFree
OleRun
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoRevokeClassObject
CoInitialize
CoUninitialize
CoRegisterClassObject
CreateStreamOnHGlobal

activeds

ord9
ord7
ord3

comdlg32

GetSaveFileNameW
FindTextW
GetOpenFileNameW

kernel32

GetACP
GetUserDefaultLangID
FindResourceW
lstrcmpiW
DeleteFileW
DeleteCriticalSection
ResetEvent
SetFilePointer
WriteFile
GlobalAlloc
GetLogicalDriveStringsW
LoadResource
SetLastError
VirtualAlloc
GetTempPathW
HeapSize
FindFirstFileW
FindClose
GetExitCodeThread
DuplicateHandle
GetFileSize
GetNumberFormatW
UnhandledExceptionFilter
LocalFree
CreateThread
VirtualFree
GetSystemInfo
GetComputerNameW
lstrcatW
lstrcpynW
GlobalFree
FreeLibrary
GetCurrentThreadId
CloseHandle
GetDriveTypeW
GetFileType
GetModuleHandleW
lstrcmpW
lstrcpyW
CreateFileW
SystemTimeToTzSpecificLocalTime
FindResourceExW
ResumeThread
CreateEventW
FatalAppExitW
lstrcpynA
SetCurrentDirectoryW
SetUnhandledExceptionFilter
MulDiv
CreateWaitableTimerW
RaiseException
HeapAlloc
lstrlenA
lstrlenW
LockResource
IsDebuggerPresent
HeapFree
SizeofResource
WideCharToMultiByte
TerminateThread
OpenEventW
GetTimeFormatW
GetWindowsDirectoryW
WaitForSingleObject
GetSystemTime
GetSystemTimeAsFileTime
GetDateFormatW
GetThreadLocale
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
HeapReAlloc
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetCommandLineW
LoadLibraryExW
GlobalUnlock
SetThreadPriority
ReadFile
GlobalLock
GetCurrentDirectoryW
GetUserDefaultLCID
GetLongPathNameW
IsProcessorFeaturePresent
FileTimeToSystemTime
GetProcessHeap
HeapDestroy
LocalAlloc
FlushInstructionCache
GetFullPathNameW
SetWaitableTimer
BeginUpdateResourceW

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_GetImageCount
DestroyPropertySheetPage
ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetImageInfo
CreateStatusWindowW
PropertySheetW
_TrackMouseEvent
ImageList_DrawIndirect
ord8

userenv

UnloadUserProfile

secur32

TranslateNameW
GetUserNameExW

netapi32

NetApiBufferFree
NetQueryDisplayInformation

msimg32

AlphaBlend
GradientFill

gdi32

GetPixel
LineTo
ExtCreatePen
CombineRgn
GetObjectType
CreatePen
DeleteObject
RoundRect
SetROP2
CreateRectRgnIndirect
GetDeviceCaps
IntersectClipRect
GetClipRgn
MoveToEx
UnrealizeObject
CreateSolidBrush
CreateBitmap
PatBlt
Polygon
ExtTextOutW
Rectangle
PtInRegion
CreateRectRgn
SelectClipRgn
SetBrushOrgEx
GetObjectW
SetTextColor
SetBkMode
SetPixel
BitBlt
GetTextMetricsW
CreatePolygonRgn
CreatePatternBrush
GetTextExtentPoint32W
SetBkColor
SetViewportOrgEx
CreateCompatibleBitmap
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetTextExtentExPointW
TextOutW
CreateFontIndirectW
GetStockObject
SetTextAlign
GetCurrentObject
GetBkColor
SelectObject

advapi32

RegNotifyChangeKeyValue
InitializeSecurityDescriptor
GetTokenInformation
AddAce
GetUserNameW
EqualSid
IsValidSid
RegOpenKeyExW
RegQueryValueExA
GetSecurityDescriptorGroup
CopySid
ConvertSidToStringSidW
GetAclInformation
StartServiceW
GetSecurityDescriptorSacl
GetSidLengthRequired
CheckTokenMembership
RegQueryValueExW
CloseServiceHandle
SetSecurityDescriptorDacl
RegOpenKeyExA
LookupPrivilegeValueW
RegCloseKey
OpenSCManagerW
GetSecurityDescriptorDacl
MakeSelfRelativeSD
InitializeSid
FreeSid
SetFileSecurityW
GetSecurityDescriptorLength
LookupAccountSidW
OpenServiceW
GetFileSecurityW
MakeAbsoluteSD
RegCreateKeyExW
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
LookupAccountNameW
RegOpenKeyW
QueryServiceStatus
GetSecurityDescriptorOwner
RegSetValueExW
ConvertStringSidToSidW
AllocateAndInitializeSid
GetLengthSid
GetSidSubAuthority
GetAce
GetSecurityDescriptorControl

shell32

DragQueryFileW
DragAcceptFiles
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

esent

JetCreateIndex
JetDupCursor
JetDupSession
JetSetLS
JetTerm
JetInit2
JetDBUtilities
JetCreateInstance2
JetGetTableIndexInfo
JetBeginTransaction
JetCloseDatabase
JetFreeBuffer
JetBeginSession
JetReadFileInstance

zipfldr

RouteTheCall

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a68a20f278d0acaf9a8dc081bd8cfd4

Headers

File Characteristics

Imports

oleaut32

shlwapi

user32

ole32

activeds

comdlg32

kernel32

comctl32

userenv

secur32

netapi32

msimg32

gdi32

advapi32

shell32

version

esent

zipfldr

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 307KB - Virtual size: 884KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 307KB - Virtual size: 884KB

.rsrc
Size: 2KB - Virtual size: 1KB