b874491a5a2bfd33bc015e41f01af3f34a003d71da66ecd11a109bcab7788c47

Sharing

Copy URL

Twitter E-mail

General

Target

b874491a5a2bfd33bc015e41f01af3f34a003d71da66ecd11a109bcab7788c47
Size

385KB
MD5

ed92ae2ec8b61ff8cd670f2abf598e58
SHA1

76a1b7c128fd4f095418b9c59ccec376a9c45634
SHA256

b874491a5a2bfd33bc015e41f01af3f34a003d71da66ecd11a109bcab7788c47
SHA512

05d64cf3f72c13597b3d2e96a9898276008db390d32889c36e17985fda2e789c7b8b3aa89e68013d84e2aa75b091190311f2292ee37015ca280c4e32c7132103
SSDEEP

6144:+pRbXiQ/RxAjScD40oXwixW/wTbTjhXBVcOCZbCFkf8wM86qrq:aXN5cDCXwy1PTPoZblnl3

Score

N/A

Malware Config

Signatures

Files

b874491a5a2bfd33bc015e41f01af3f34a003d71da66ecd11a109bcab7788c47
.exe windows x86

a4df913e85edd1c5f48b0d2e9af372fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advpack

NeedRebootInit
RegisterOCX
AdvInstallFile
TranslateInfString
GetVersionFromFileEx
UserUnInstStubWrapper
UserInstStubWrapper
FileSaveRestore
ExtractFiles
FileSaveMarkNotExist
SetPerUserSecValues
OpenINFEngine
RebootCheckOnInstall
GetVersionFromFile
DelNodeRunDLL32
LaunchINFSection
RegInstall
RegSaveRestore
AddDelBackupEntry
CloseINFEngine
RegRestoreAll
IsNTAdmin
RunSetupCommand
DoInfInstall
TranslateInfStringEx
RegSaveRestoreOnINF
DelNode
ExecuteCab
NeedReboot
LaunchINFSectionEx
FileSaveRestoreOnINF

shlwapi

SHReleaseThreadRef
UrlIsW
SHRegEnumUSValueW
UrlApplySchemeA
StrChrA
PathCanonicalizeW
UrlCreateFromPathW
SHRegGetBoolUSValueA
PathGetArgsW
StrCSpnIA
PathAppendA
SHIsLowMemoryMachine
PathFindFileNameW
PathIsDirectoryA
HashData
PathAppendW
PathFindExtensionW
StrSpnW
PathRemoveBlanksA
PathAddBackslashW
PathIsRelativeW
PathIsPrefixW
StrRetToBSTR
SHGetValueA
StrToIntA
StrDupA
SHGetInverseCMAP
PathRemoveArgsW
PathRemoveBackslashA
StrCmpNIA
SHSetValueW
PathIsNetworkPathA
SHRegSetUSValueA
ChrCmpIW
PathFindExtensionA
StrCSpnIW
SHGetThreadRef
SHSkipJunction
PathRenameExtensionW
PathIsUNCServerW
SHOpenRegStreamW
PathParseIconLocationA
StrCmpNIW
PathIsPrefixA
StrPBrkW
PathQuoteSpacesA
PathGetArgsA
PathCombineW
SHRegGetPathW
PathRemoveExtensionA
StrStrNW
SHDeleteOrphanKeyW
GetMenuPosFromID
PathIsURLA
PathSkipRootW
PathIsUNCW
StrNCatA
SHDeleteValueW
UrlIsA
StrStrNIW
StrCmpIW
UrlCompareW
PathIsContentTypeA

mpr

WNetPropertyDialogW
WNetGetDirectoryTypeA
WNetCancelConnection2A
WNetCancelConnectionW
WNetDirectoryNotifyA
WNetConnectionDialog2
WNetDisconnectDialog2
WNetAddConnectionA
WNetGetUniversalNameW
WNetDirectoryNotifyW
WNetGetConnectionA
WNetGetConnectionW
WNetGetUserW
WNetGetResourceInformationA
WNetGetConnection3W
WNetAddConnection2A
WNetGetLastErrorW
WNetGetLastErrorA
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetUseConnectionA
WNetGetProviderTypeA
MultinetGetErrorTextA
WNetConnectionDialog
WNetGetConnection2W
WNetGetHomeDirectoryW
WNetOpenEnumW
WNetGetConnection3A
WNetCancelConnection2W
WNetFormatNetworkNameW
WNetAddConnectionW
WNetGetPropertyTextA
WNetGetResourceParentA
WNetSetLastErrorA
WNetGetNetworkInformationA
WNetSetLastErrorW
WNetConnectionDialog1A
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetAddConnection3W
WNetGetPropertyTextW
WNetGetResourceInformationW
WNetGetProviderNameA

powrprof

SetSuspendState
SetActivePwrScheme
CallNtPowerInformation
GetActivePwrScheme
EnumPwrSchemes
CanUserWritePwrScheme
IsPwrSuspendAllowed
MergeLegacyPwrScheme
LoadCurrentPwrScheme
GetPwrCapabilities
DeletePwrScheme
ReadPwrScheme
ReadProcessorPwrScheme
WriteProcessorPwrScheme
IsPwrHibernateAllowed
ReadGlobalPwrPolicy
IsPwrShutdownAllowed
IsAdminOverrideActive
GetPwrDiskSpindownRange
WritePwrScheme
WriteGlobalPwrPolicy
GetCurrentPowerPolicies
ValidatePowerPolicies

wldap32

ldap_bindW
ldap_perror
ldap_encode_sort_controlA
ldap_create_vlv_controlW
ldap_memfree
ldap_compareA
ldap_search_abandon_page
ldap_open
ldap_modify_s
ldap_delete_ext_sA
ldap_extended_operationA
ldap_result2error
ber_bvdup
ldap_first_reference
ldap_compare_ext
ldap_search_init_pageA
ldap_modrdn2
ldap_modifyW
ber_skip_tag
ldap_parse_sort_controlW
LdapGetLastError
ber_bvfree
ldap_get_values_lenA
ldap_rename_extW
ldap_add_extW
cldap_openW
ldap_sslinit
ldap_parse_vlv_controlA
ldap_compare_sA
ldap_parse_resultA
ldap_first_entry
ldap_next_reference
ldap_get_values_len
ldap_get_next_page_s
ldap_ufn2dn
ldap_rename_ext

kernel32

UnhandledExceptionFilter
GetFileSizeEx
LocalAlloc
GetWindowsDirectoryA
GlobalSize
IsValidLanguageGroup
MultiByteToWideChar
OpenEventW
FindFirstFileA
DebugActiveProcess
VerifyConsoleIoHandle
LoadLibraryA
VDMOperationStarted
_llseek
GetVersionExW
LocalShrink
FreeResource
InterlockedExchange
CreateIoCompletionPort
LockFileEx
SetUnhandledExceptionFilter
InterlockedFlushSList
SetConsolePalette
BaseInitAppcompatCacheSupport
GetEnvironmentStringsW
VirtualAlloc
SetConsoleActiveScreenBuffer
WaitForMultipleObjectsEx
FindNextVolumeW
InitializeCriticalSectionAndSpinCount
SetConsoleMode
_lwrite
SetComputerNameA
SetConsoleTitleW
FreeEnvironmentStringsW
GetCalendarInfoW
GetProcessWorkingSetSize
HeapSetInformation
SetConsoleCP
QueryPerformanceCounter
GetCurrentThread

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4df913e85edd1c5f48b0d2e9af372fe

Headers

DLL Characteristics

File Characteristics

Imports

advpack

shlwapi

mpr

powrprof

wldap32

kernel32

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 1KB - Virtual size: 570KB

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 1KB - Virtual size: 570KB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 1024B - Virtual size: 1024B