ba395e10233c0254c39b9cf46c1b15d141e217a6def7b8aca422390a8997ea97

Sharing

Copy URL Twitter E-mail

General

Target

ba395e10233c0254c39b9cf46c1b15d141e217a6def7b8aca422390a8997ea97
Size

529KB
MD5

344970f350a3ddaed313d1b0e6ee0270
SHA1

710c7f2cb5b14bf7a0237633e31e34ebfdd2e1eb
SHA256

ba395e10233c0254c39b9cf46c1b15d141e217a6def7b8aca422390a8997ea97
SHA512

eef1ae37805c0ff72cbe9a21b0ff406385dfd1a9e1d580c5e807ac29e7f2e8024f983ed450b2fce7f225e527bc0e903abfb977dca6980ec36aa0cd00e1a34229
SSDEEP

12288:yCpyhlzBFfb+z0qeDD/sZtS4QTL5jEBLc3YydF:yFhlFFz+gQ2T9E8Yyd

Score

N/A

Malware Config

Signatures

Files

ba395e10233c0254c39b9cf46c1b15d141e217a6def7b8aca422390a8997ea97
.dll windows x86

9f5157a35502b9ecb33ff71d3f58d92a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AccessCheckByTypeAndAuditAlarmA
ConvertStringSidToSidW
DecryptFileA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegSetValueExA
SetAclInformation
CryptSetProvParam
RegCreateKeyExA
AddUsersToEncryptedFile
CryptImportKey
GetMultipleTrusteeW
CryptGetHashParam
DecryptFileW
LsaOpenSecret
OpenProcessToken
ProcessTrace
RegDeleteKeyA
AddAce
BuildImpersonateTrusteeW
ElfNumberOfRecords
GetNamedSecurityInfoW
LsaEnumerateTrustedDomains
LsaOpenTrustedDomain
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SetSecurityDescriptorGroup

kernel32

FreeLibrary
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
GetSystemWindowsDirectoryA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
OutputDebugStringA
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
GetProfileIntA
GlobalFree
GlobalHandle
GlobalUnlock
HeapDestroy
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LocalAlloc
LocalFree
LocalHandle
MultiByteToWideChar
ReleaseSemaphore
ResetEvent
SetConsoleMode
SetEvent
SetThreadPriority
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrlenA
ExpandEnvironmentStringsA
GetDriveTypeA
GetFullPathNameA
GetModuleFileNameA
InterlockedCompareExchange
RaiseException
SearchPathA
Sleep
CreateIoCompletionPort
GetCurrentProcess
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
lstrcatW
lstrcpyW
lstrlenW
CompareStringA
CompareStringW
CreateFileA
DeleteFileA
EnumDateFormatsExA
FlushFileBuffers
GetCurrencyFormatA
GetModuleHandleA
GetProcessVersion
GetTempFileNameA
GetVersion
GlobalAlloc
GlobalLock
GlobalReAlloc
IsBadReadPtr
OpenFile
ReadFile
SetFilePointer
lstrcpyA
CreateEventW
CreateThread
FindFirstVolumeW
GetBinaryTypeW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ResumeThread
CreateProcessA
FormatMessageA
GetFileAttributesA
GetPrivateProfileSectionA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
LoadLibraryExW
MoveFileA
SetFileAttributesA
WaitForSingleObjectEx
WriteFile
lstrcatA
lstrcpynA
CreateDirectoryW
CreateTimerQueueTimer
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetComputerNameW
GetProcessHeap
GetStringTypeW
HeapWalk
LoadResource
LockResource
SetSystemTime
SizeofResource
lstrcmpi
VirtualAlloc
DnsHostnameToComputerNameW
GetEnvironmentStrings
MapUserPhysicalPagesScatter
ReleaseMutex
SetThreadExecutionState
lstrcpynW
GetLocaleInfoW
GetLastError
HeapFree
HeapAlloc
GetExitCodeProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
SetErrorMode
ExitThread
MoveFileW
GetModuleHandleW
ExitProcess
GetCPInfo
HeapSize
GetTimeFormatA
GetDateFormatA
FindFirstFileA
FindNextFileA
GetFileType
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
IsDBCSLeadByteEx
ReadConsoleA
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetEnvironmentVariableA
GetCommandLineA
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapCreate
VirtualFree
HeapReAlloc
LCMapStringW
SetConsoleCtrlHandler
LCMapStringA
GetStringTypeA
SetStdHandle
GetTimeZoneInformation
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
GetFileAttributesW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateProcessW
SetEnvironmentVariableW

ole32

OpenOrCreateStream
HMETAFILE_UserFree
HMETAFILEPICT_UserFree
CLIPFORMAT_UserSize
StgCreateDocfile
OleCreateEmbeddingHelper
HMENU_UserMarshal
HENHMETAFILE_UserSize
CLIPFORMAT_UserMarshal
HDC_UserFree
ReadClassStm
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
SNB_UserUnmarshal
CoTaskMemRealloc

oleaut32

VarCyAdd
VarDateFromR4
VarCyFromUI4
VarR4FromUI4
VarDecFromR4
VarCyFromUI2
OleLoadPictureFileEx
VarBstrCmp
VarR8FromDisp
VarI2FromUI4
VarDateFromR8
VarCyFromR8
OleLoadPicturePath

shell32

SHBrowseForFolderA

Exports

Exports

Cylpludyht

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f5157a35502b9ecb33ff71d3f58d92a

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 431KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 22KB - Virtual size: 36KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 431KB - Virtual size: 431KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 22KB - Virtual size: 36KB

.reloc
Size: 15KB - Virtual size: 15KB