b5f3a8aa8aef374f98300989ff9971b90625286912ca5803fb3bf24f16dae3cc

Sharing

Copy URL Twitter E-mail

General

Target

b5f3a8aa8aef374f98300989ff9971b90625286912ca5803fb3bf24f16dae3cc
Size

39KB
MD5

1b49b16d38f9d10180dcf9f0d07917eb
SHA1

100f8c77a0df4a72fd5f6a72d83215563e59bf0e
SHA256

b5f3a8aa8aef374f98300989ff9971b90625286912ca5803fb3bf24f16dae3cc
SHA512

7ddd8cc9b5b65bfbe063b89b087d6280391c377ae5c0217672dec515379c31cdeccbabb435685c26461e55768d03da3283ec9e61baf85341b496fe5514e7f4c6
SSDEEP

768:ctsonCDMnQN3nqXamaQ/Dn1zDz/Vp4UqgGVnXdr6pR89kKzQrrVqIf:chCDMeqa9o1zDzzlqgqXdrtlzArVqA

Score

N/A

Malware Config

Signatures

Files

b5f3a8aa8aef374f98300989ff9971b90625286912ca5803fb3bf24f16dae3cc
.exe windows x86

dba83812a885ae4d353630ee9245f080

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarUI2FromUI1
VarBoolFromI8
BSTR_UserMarshal
GetActiveObject
VarI1FromUI8
VarUI8FromStr
BSTR_UserSize
VarR4FromUI4
QueryPathOfRegTypeLib
VarR8FromI4
SafeArrayDestroyDescriptor
DllUnregisterServer
VarCyFromI2
VarBstrFromDec
VarSub
VarDecAdd
VarDecFromI4
VarR4FromDec
SafeArrayCreateEx
VarI8FromUI4
DispGetParam
OACreateTypeLib2
SafeArrayCopy
VarRound
VarBstrFromDate
VarDateFromCy
VarI1FromUI4

kernel32

GetCurrentThread
SetEnvironmentVariableW
GetExitCodeThread
GetTempFileNameA
BuildCommDCBAndTimeoutsW
SuspendThread
OpenJobObjectA
GetDevicePowerState
GetLastError
WritePrivateProfileStructW
UnregisterWaitEx
RemoveDirectoryA
BindIoCompletionCallback
UTUnRegister
SetMessageWaitingIndicator
LoadLibraryW
GetLocaleInfoA
GetDiskFreeSpaceW
QueryPerformanceCounter
HeapUnlock
IsWow64Process
CreateConsoleScreenBuffer
GetModuleHandleA
BuildCommDCBW
RtlMoveMemory
MapViewOfFileEx
GetPrivateProfileIntW

ws2help

WahCloseApcHelper
WahCloseNotificationHandleHelper
WahInsertHandleContext
WahDestroyHandleContextTable
WahNotifyAllProcesses
WahOpenCurrentThread
WahWaitForNotification
WahCreateNotificationHandle
WahOpenApcHelper
WahCloseHandleHelper
WahOpenNotificationHandleHelper
WahCreateSocketHandle
WahEnableNonIFSHandleSupport
WahReferenceContextByHandle
WahCreateHandleContextTable
WahCloseSocketHandle
WahQueueUserApc
WahOpenHandleHelper
WahEnumerateHandleContexts
WahRemoveHandleContext
WahDisableNonIFSHandleSupport
WahCompleteRequest
WahCloseThread

usp10

LpkPresent
ScriptIsComplex
UspAllocCache
ScriptCacheGetHeight
ScriptStringGetOrder
ScriptStringCPtoX
ScriptApplyDigitSubstitution
ScriptCPtoX
ScriptPlace
ScriptGetLogicalWidths
ScriptLayout
ScriptString_pLogAttr
ScriptItemize
ScriptStringXtoCP
ScriptShape
ScriptRecordDigitSubstitution
ScriptString_pSize
ScriptJustify
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptGetGlyphABCWidth
ScriptApplyLogicalWidth
ScriptTextOut
ScriptStringValidate
ScriptGetProperties

crypt32

CryptMemAlloc
CryptSIPRemoveProvider
CertFreeCertificateChain
I_CryptGetFileVersion
CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CryptMsgDuplicate
CryptHashPublicKeyInfo
CryptSetProviderU
CertAddCTLLinkToStore
CertGetCRLFromStore
CertAddCertificateLinkToStore

inetcomm

MimeOleAlgNameFromSMimeCap
HrGetAttachIconByFile
CreateRASTransport
HrAttachDataFromFile
CreateIMAPTransport2
MimeOleGetFileInfoW
MimeOleStripHeaders
MimeOleSMimeCapInit
MimeOleGetExtContentType
MimeOleCreateVirtualStream
MimeOleGenerateCID

msvcrt

_stricmp
_beep
_wcsicoll
fputws
__crtLCMapStringW
_mktemp
__uncaught_exception
towlower
__set_app_type
_pclose
_outpd
__getmainargs
_chsize
_endthread
_mbsspnp
vswprintf
iswlower
localeconv
exit
_mbsnccnt
clock
_wutime64
wcscspn
__p__commode
??1type_info@@UAE@XZ
_CItanh
ungetc
_Getmonths

netapi32

NetpNetBiosReset
NetFileClose
NetGroupSetUsers
NetpAllocFtinfoEntry
NetLocalGroupEnum
NetpwNameCompare
NetUserEnum
NetapipBufferAllocate
DsRoleAbortDownlevelServerUpgrade
I_BrowserResetNetlogonState
I_NetlogonComputeServerDigest
I_NetServerGetTrustInfo
NetGetAnyDCName
DsRoleGetDatabaseFacts
NetServerSetInfo

user32

EndDialog

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dba83812a885ae4d353630ee9245f080

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

ws2help

usp10

crypt32

inetcomm

msvcrt

netapi32

user32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 470B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 470B

.rsrc
Size: 3KB - Virtual size: 2KB