bb19b6db3f93248513ee112a8a463d95efbfd9591f2d1e20fc722acd878c9d1c

Sharing

Copy URL Twitter E-mail

General

Target

bb19b6db3f93248513ee112a8a463d95efbfd9591f2d1e20fc722acd878c9d1c
Size

425KB
MD5

6056d83cf05df0c0b7400c4589545089
SHA1

f44538b5a4bd29daef62cf3622130656e47a8da2
SHA256

bb19b6db3f93248513ee112a8a463d95efbfd9591f2d1e20fc722acd878c9d1c
SHA512

480179490a8f5a2bd10dd1c20acce033b684f5db7b6a9e0b37a3593ab25e6bed04428c6fbcfdd90c9327ae24012b23a61b21e97d5faa64b4c5f3c3a67feac237
SSDEEP

12288:DZ42Jok7YZBYvPiPL+rF0cQ1c9C6svhYVYAuZ5C:P7YETmjcH2zZ

Score

N/A

Malware Config

Signatures

Files

bb19b6db3f93248513ee112a8a463d95efbfd9591f2d1e20fc722acd878c9d1c
.exe windows x86

0d1e8b9121e36e2a28362b7437bcac7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glColor3bv
glColor3iv
glTexCoord1s
glColor4us
glRectdv
glLoadMatrixf
glPushClientAttrib
glVertex4f
glRasterPos2i
glDrawPixels
glIndexi
glTexImage1D
glTexEnvfv
glRasterPos4sv
glGenTextures
glTexCoord1dv
glCallList
glVertex2i
glMultMatrixd
glMap2d
glPopAttrib
glRectfv
glGetTexParameteriv
wglSwapBuffers
glRectf
wglGetDefaultProcAddress
glNormalPointer
glGetPointerv
glTexCoord2d
glGetTexEnvfv
glColor3uiv
glTexParameteriv
glVertex2iv
glIndexfv
glRasterPos2fv
glVertex4i
glNormal3sv
glVertex3dv
glGetMapfv
glMapGrid1d
glColor3f
wglGetCurrentDC
glDepthFunc
glTexCoord4f
wglCreateLayerContext
glRects
glTexCoord2s
glIndexsv
glIsEnabled
glReadPixels
glTexCoord4iv
glColor3sv
glLighti
glTexImage2D
glGetError
glColor4iv
glMaterialfv
glRasterPos3f
glCopyPixels
glColor4f
glIndexd
glNormal3f
wglGetPixelFormat
glDeleteTextures
glPixelStorei
glRasterPos3iv
glNormal3dv
glEndList
wglSwapLayerBuffers
glNormal3d
glTexCoord4sv
glVertex2f
glVertex4d
glDepthRange
glEvalCoord2d
glGetTexGendv
glColorPointer
glTexParameteri
glVertex3sv
glVertex2sv
glIndexiv
glGetString
glTexCoord1i

psapi

GetProcessMemoryInfo
EnumPageFilesA
EnumDeviceDrivers
GetMappedFileNameA
GetWsChanges
GetModuleInformation
GetModuleBaseNameA
QueryWorkingSet
GetDeviceDriverFileNameW
EmptyWorkingSet
GetPerformanceInfo
GetDeviceDriverFileNameA
EnumPageFilesW
EnumProcessModules
GetMappedFileNameW
GetModuleFileNameExA
GetDeviceDriverBaseNameW
GetModuleFileNameExW
GetDeviceDriverBaseNameA
EnumProcesses
GetModuleBaseNameW
GetProcessImageFileNameA
GetProcessImageFileNameW
InitializeProcessForWsWatch

wtsapi32

WTSEnumerateServersW
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSSendMessageA
WTSCloseServer
WTSVirtualChannelClose
WTSVirtualChannelPurgeOutput
WTSVirtualChannelWrite
WTSSetUserConfigW
WTSVirtualChannelPurgeInput
WTSQueryUserToken
WTSVirtualChannelRead
WTSSendMessageW
WTSTerminateProcess
WTSOpenServerA
WTSVirtualChannelOpen
WTSLogoffSession
WTSDisconnectSession
WTSRegisterSessionNotification
WTSEnumerateServersA
WTSWaitSystemEvent
WTSSetSessionInformationA
WTSEnumerateProcessesW
WTSSetSessionInformationW
WTSEnumerateProcessesA
WTSFreeMemory
WTSOpenServerW
WTSEnumerateSessionsW
WTSQueryUserConfigA
WTSSetUserConfigA
WTSQueryUserConfigW
WTSVirtualChannelQuery
WTSShutdownSystem

kernel32

lstrcmpiW
lstrcmpi
ReplaceFileA
IsValidCodePage
WriteTapemark
LoadLibraryExW
CreateDirectoryExW
BackupWrite
ConvertThreadToFiber
EscapeCommFunction
VerLanguageNameW
SearchPathA
GetConsoleFontInfo
FindFirstVolumeMountPointW
LoadLibraryA
CreateTimerQueueTimer
IsValidLanguageGroup
EnumSystemCodePagesW
GlobalAlloc
FindClose
HeapCreate
LZOpenFileW
GetModuleHandleA
FreeLibraryAndExitThread
GetUserDefaultLCID
HeapAlloc
GetAtomNameA
LocalFileTimeToFileTime
AllocateUserPhysicalPages
GetCurrentThread
VirtualAlloc

winsta

WinStationGetAllProcesses
LogonIdFromWinStationNameW
_WinStationReInitializeSecurity
WinStationVirtualOpen
_WinStationGetApplicationInfo
ServerLicensingGetPolicyInformationW
_WinStationNotifyDisconnectPipe
_WinStationNotifyLogon
_WinStationUpdateClientCachedCredentials
WinStationOpenServerW
_WinStationAnnoyancePopup
WinStationQueryLogonCredentialsW
WinStationGetMachinePolicy
ServerLicensingUnloadPolicy
WinStationGetProcessSid
WinStationRenameW
_WinStationFUSCanRemoteUserDisconnect
_WinStationNotifyNewSession
WinStationShutdownSystem
WinStationUnRegisterConsoleNotification
WinStationFreeMemory
_NWLogonQueryAdmin
WinStationGetLanAdapterNameA
WinStationEnumerate_IndexedW
ServerLicensingGetPolicyInformationA
WinStationInstallLicense
ServerLicensingSetPolicy
_WinStationCallback
WinStationSendWindowMessage
WinStationEnumerateA
LogonIdFromWinStationNameA
WinStationShadowStop
WinStationBroadcastSystemMessage
WinStationDisconnect
WinStationSetInformationA
WinStationShadow
ServerLicensingGetPolicy
ServerSetInternetConnectorStatus
WinStationEnumerateProcesses
WinStationWaitSystemEvent
WinStationTerminateProcess
WinStationFreeGAPMemory

hhsetup

??0CFolder@@QAE@XZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?RemoveAll@CFIFOString@@QAEXXZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
??1CFolder@@QAE@XZ
?SetLanguage@CFolder@@QAEXG@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?SetId@CTitle@@QAEXPBG@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
??1CFIFOString@@QAE@XZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DecrementRefTitleCount@CCollection@@QAEXXZ
?GetIdW@CLocation@@QAEPBGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetPathW@CLocation@@QAEPBGXZ
?GetLangId@CCollection@@QAEGPBD@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?GetLanguage@CFolder@@QAEGXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
??1CTitle@@QAE@XZ
?GetParent@CFolder@@QAEPAV1@XZ
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?IncrementRefTitleCount@CCollection@@QAEXXZ
?GetSampleLocationW@CCollection@@QAEPBGXZ

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d1e8b9121e36e2a28362b7437bcac7a

Headers

File Characteristics

Imports

opengl32

psapi

wtsapi32

kernel32

winsta

hhsetup

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 249KB - Virtual size: 649KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 249KB - Virtual size: 649KB

.rsrc
Size: 19KB - Virtual size: 19KB