c0d6a7cc84fcc5aa5ce8655cb90a478d3539e543f7d1edbaec122031e6b98390

Sharing

Copy URL Twitter E-mail

General

Target

c0d6a7cc84fcc5aa5ce8655cb90a478d3539e543f7d1edbaec122031e6b98390
Size

49KB
MD5

ad22e9cbaf4bd86926a6a32eeb278816
SHA1

2f36ec2518afba348913d25d75b7bf97fa436453
SHA256

c0d6a7cc84fcc5aa5ce8655cb90a478d3539e543f7d1edbaec122031e6b98390
SHA512

b8ef5905ce1372f86d0d2f45f0e4e638da7ee5ac57c54e85060bc5b2a552682fa3cc988e600ce45bed769ca9ca045bf2ff922bf4122cfb6f8a8550abea2e00ee
SSDEEP

768:Us/87V8G41xcQ7d1lNoY30O6qUh8PPc4gclTYeBDdM4t8aOdlim9RZ:x/5HcqdJ9HSclTdo4tTOdlii

Score

N/A

Malware Config

Signatures

Files

c0d6a7cc84fcc5aa5ce8655cb90a478d3539e543f7d1edbaec122031e6b98390
.exe windows x86

82cef688a8e6bf06d81ed8ba48264e13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d8thk

OsThunkDdUnlock
OsThunkDdLockD3D
OsThunkDdColorControl
OsThunkDdUnlockD3D
OsThunkD3dValidateTextureStageState
OsThunkDdGetDC
OsThunkDdReleaseDC
OsThunkDdDestroySurface
OsThunkDdDestroyMoComp
OsThunkDdCanCreateSurface
OsThunkDdCreateSurfaceObject
OsThunkDdEndMoCompFrame
OsThunkD3dContextDestroy
OsThunkDdGetDxHandle
OsThunkDdAlphaBlt
OsThunkDdAddAttachedSurface
OsThunkD3dContextCreate
OsThunkDdCreateMoComp
OsThunkDdDeleteSurfaceObject
OsThunkDdCreateDirectDrawObject
OsThunkD3dContextDestroyAll
OsThunkDdGetMoCompGuids
OsThunkDdRenderMoComp
OsThunkDdUpdateOverlay
OsThunkDdCreateSurface

hhsetup

??1CTitle@@QAE@XZ
?RemoveAll@CFIFOString@@QAEXXZ
??0CTitle@@QAE@XZ
?SetLanguage@CTitle@@QAEXG@Z
?SetPath@CLocation@@QAEXPBD@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z
??1CPointerList@@QAE@XZ
?ConfirmTitles@CCollection@@QAEXXZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?GetVolumeW@CLocation@@QAEPBGXZ
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?Close@CCollection@@QAEKXZ
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?MergeKeywords@CCollection@@QAEHPAD@Z
?SetTitle@CFolder@@QAEXPBG@Z
?SetId@CTitle@@QAEXPBG@Z
?GetPath@CLocation@@QAEPADXZ
?GetOrder@CFolder@@QAEKXZ
?HandleLocation@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z

kernel32

ConvertFiberToThread
QueryInformationJobObject
ExitProcess
GetSystemTime
LoadLibraryA
GetEnvironmentStringsW
WritePrivateProfileSectionW
CreateMutexW
WritePrivateProfileStringA
LoadResource
GlobalWire
GetVersionExA
GlobalDeleteAtom
GetExitCodeThread
IsDebuggerPresent
QueueUserAPC
InitializeCriticalSection
RegisterConsoleVDM
VirtualFree
OutputDebugStringA
FindFirstFileExA
ReadDirectoryChangesW
GetQueuedCompletionStatus
FlushFileBuffers
GetThreadContext
GetOEMCP
OpenWaitableTimerW
FindNextChangeNotification
FindNextVolumeMountPointA
FlushViewOfFile
CreateFileA
SetConsoleInputExeNameA
SystemTimeToTzSpecificLocalTime
VirtualAlloc
Process32NextW
SetLastError
WideCharToMultiByte
WriteConsoleOutputCharacterW
GetComputerNameW
SetConsoleTextAttribute
DosPathToSessionPathA
IsValidLocale
GetShortPathNameW
ReadConsoleOutputCharacterA
WriteTapemark
GetNamedPipeHandleStateA
OpenMutexW
FindFirstFileA
SetNamedPipeHandleState
CommConfigDialogA

drprov

NPCloseEnum
NPAddConnection
NPGetUniversalName
NPEnumResource
NPGetCaps
NPOpenEnum
NPGetConnection
NPCancelConnection
NPGetResourceParent
NPAddConnection3
NPGetResourceInformation

ifsutil

?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?Initialize@DIGRAPH@@QAEEK@Z
?Pop@INTSTACK@@QAEXK@Z
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QuerySize@TLINK@@QBEGXZ
??1VOL_LIODPDRV@@UAE@XZ
?Read@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
??1NUMBER_SET@@UAE@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Initialize@INTSTACK@@QAEEXZ
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wprkqyl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82cef688a8e6bf06d81ed8ba48264e13

Headers

DLL Characteristics

File Characteristics

Imports

d3d8thk

hhsetup

kernel32

drprov

ifsutil

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 29KB

wprkqyl Size: - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 29KB

wprkqyl
Size: - Virtual size: 4KB