cd5a02f4a3a6a3411bfd4624489ae93c7ab18e574fecf8f5e546c601b5ca2fef

Sharing

Copy URL Twitter E-mail

General

Target

cd5a02f4a3a6a3411bfd4624489ae93c7ab18e574fecf8f5e546c601b5ca2fef
Size

264KB
MD5

d05114e53b83d2b9200911d23646d532
SHA1

1650f1911d937aabe36ece548b8ec52be6d34b85
SHA256

cd5a02f4a3a6a3411bfd4624489ae93c7ab18e574fecf8f5e546c601b5ca2fef
SHA512

f11689a9c87b4c3ae6c4786767275abdc0dc27c23994df94c2a2ba3bed3b9c5207188acf2b67597df5fc71632b874c8995fb76591724bc3ba4aa2e3b9e959f1b
SSDEEP

6144:8GkrT0X89r/zQjTk42ODoKH2A1CeEsIw9iVZqlKHdRgInFdB:DhX890SO0KHx1b0KySKHdPjB

Score

N/A

Malware Config

Signatures

Files

cd5a02f4a3a6a3411bfd4624489ae93c7ab18e574fecf8f5e546c601b5ca2fef
.exe windows x86

02e408c0e949f17f554215dab2ea4f92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
DispCallFunc
LoadRegTypeLi
VariantInit
OleCreatePropertyFrame
VarUI4FromStr
SysAllocStringByteLen
SysStringLen
SysStringByteLen
SysFreeString
VariantCopy
VariantChangeType
VariantClear
UnRegisterTypeLi

ole32

WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CreateOleAdviseHolder
OleLoadFromStream
OleRegEnumVerbs
OleRegGetUserType
OleSaveToStream

user32

EqualRect
SetCursor
MessageBoxA
UnionRect
UnregisterClassA
DestroyWindow
ShowWindow
PtInRect
SetWindowPos
GetParent
IsWindow
LoadCursorA
DefWindowProcA
IsChild
CharNextA
OffsetRect
GetWindowLongA
GetDC
SetWindowRgn
InvalidateRect
CallWindowProcA
GetFocus
IntersectRect
ReleaseDC
GetForegroundWindow
GetKeyState
SetFocus
wsprintfA
GetClientRect
SetWindowLongA

kernel32

SetHandleCount
FreeEnvironmentStringsW
MulDiv
CreateDirectoryW
GlobalLock
HeapFree
GetTempFileNameW
DeleteFileW
HeapSize
FlushInstructionCache
lstrcpyA
FindResourceA
GlobalAlloc
CloseHandle
CreateMutexA
WideCharToMultiByte
SizeofResource
GetThreadLocale
LoadLibraryExA
FindClose
TlsSetValue
HeapAlloc
IsProcessorFeaturePresent
lstrlenW
GlobalUnlock
CreateEventA
TlsAlloc
lstrcmpA
RaiseException
GetConsoleMode
CreateMutexW
VirtualProtect
HeapReAlloc
VirtualFree
TlsFree
DeleteFileA
CreateFileW
GetModuleHandleA
lstrlenA
DeleteCriticalSection
FlushFileBuffers
RtlUnwind
WriteConsoleA
SetFilePointer
GetConsoleOutputCP
GetTempPathA
GetCommandLineA
TerminateThread
CreateFileA
IsDBCSLeadByte
VirtualQuery
GetTempPathW
lstrcmpiA
GetConsoleCP
OutputDebugStringA
LCMapStringW
WriteFile
GetOEMCP
FreeLibrary
GetCurrentThreadId
FreeEnvironmentStringsA
IsDebuggerPresent
SetStdHandle
HeapDestroy
WaitForSingleObjectEx
UnhandledExceptionFilter
ReleaseMutex
GetSystemInfo
SetFileAttributesA
GetACP
WritePrivateProfileStringA
FindFirstFileA
TlsGetValue
EnterCriticalSection
ReadFile
WaitForSingleObject
FindNextFileA
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
SetLastError
WriteConsoleW
LeaveCriticalSection
GetLocalTime
WaitForMultipleObjects
GetProcessHeap
GetSystemTimeAsFileTime
LoadResource
IsValidCodePage
CreateThread
LCMapStringA
lstrcatA
VirtualAlloc
VirtualAllocEx

gdi32

GetDeviceCaps
SetWindowOrgEx
DeleteMetaFile
RestoreDC
CreateDCA
SetTextAlign
SaveDC
CreateMetaFileA
DeleteDC
SetViewportOrgEx
SetMapMode
CloseMetaFile
TextOutA
CreateRectRgnIndirect
SetWindowExtEx
LPtoDP

advapi32

RegDeleteKeyA
RegQueryValueExW
RegEnumKeyExA
RegDeleteValueA
RegOpenCurrentUser
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegQueryInfoKeyA
GetSidSubAuthority
BuildTrusteeWithObjectsAndSidW
StopTraceA
SaferComputeTokenFromLevel
GetServiceDisplayNameW
SystemFunction027
CryptGetProvParam
LsaSetSecurityObject
GetTraceLoggerHandle
SetTraceCallback
GetTrusteeFormW
CredReadA
ControlTraceW
BackupEventLogA
LsaQuerySecurityObject
BuildTrusteeWithObjectsAndNameW
WmiQueryAllDataMultipleW
CryptHashSessionKey
RegSetValueExW
GetTrusteeTypeA
CloseTrace
RegRestoreKeyA
LookupAccountSidW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetFileSecurityA
CryptSetProviderA
CredWriteDomainCredentialsA
RegDeleteKeyW
SetSecurityDescriptorRMControl
CryptExportKey
UnlockServiceDatabase
LsaOpenTrustedDomain
StartServiceCtrlDispatcherA
RemoveTraceCallback
ConvertSecurityDescriptorToAccessW
GetSecurityDescriptorControl
LsaOpenPolicy
MD5Update
CredReadDomainCredentialsW
LsaQueryTrustedDomainInfoByName
CryptSetHashParam
GetMultipleTrusteeA
WmiDevInstToInstanceNameW
LookupAccountSidA
CredpConvertTargetInfo
SystemFunction008
DeleteService
UpdateTraceA
CryptHashData
InitiateSystemShutdownA
WmiCloseBlock
MD4Update
ControlTraceA
WmiEnumerateGuids
GetManagedApplications
LogonUserExA
SetSecurityInfoExW
SystemFunction031
ProcessTrace
SetNamedSecurityInfoA
LsaCreateTrustedDomain
LsaLookupSids
IdentifyCodeAuthzLevelW
SetSecurityInfoExA
QueryAllTracesA
I_ScSetServiceBitsA
UnregisterIdleTask
MD4Final
ElfNumberOfRecords
RegSaveKeyExA
LsaQueryInfoTrustedDomain
AddAuditAccessAce

mycomput

DllUnregisterServer
DllGetClassObject

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.OfVSc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kIGoKIS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QJGGWrh
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FwgU
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xrlYFU
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TMrE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dpOl
Size: 1024B - Virtual size: 955B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XPJwSw
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jcTbkA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ahmhTi
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QsythHw
Size: 1024B - Virtual size: 795B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02e408c0e949f17f554215dab2ea4f92

Headers

File Characteristics

Imports

oleaut32

ole32

user32

kernel32

gdi32

advapi32

mycomput

Sections

.text Size: 20KB - Virtual size: 19KB

.OfVSc Size: 2KB - Virtual size: 1KB

.kIGoKIS Size: 2KB - Virtual size: 1KB

.QJGGWrh Size: 512B - Virtual size: 494B

.FwgU Size: 2KB - Virtual size: 1KB

.xrlYFU Size: 1KB - Virtual size: 1KB

.rdata Size: 212KB - Virtual size: 211KB

.TMrE Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 187KB

.rsrc Size: 6KB - Virtual size: 5KB

.dpOl Size: 1024B - Virtual size: 955B

.XPJwSw Size: 3KB - Virtual size: 2KB

.jcTbkA Size: 1KB - Virtual size: 1KB

.ahmhTi Size: 1KB - Virtual size: 1KB

.QsythHw Size: 1024B - Virtual size: 795B

.text
Size: 20KB - Virtual size: 19KB

.OfVSc
Size: 2KB - Virtual size: 1KB

.kIGoKIS
Size: 2KB - Virtual size: 1KB

.QJGGWrh
Size: 512B - Virtual size: 494B

.FwgU
Size: 2KB - Virtual size: 1KB

.xrlYFU
Size: 1KB - Virtual size: 1KB

.rdata
Size: 212KB - Virtual size: 211KB

.TMrE
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 187KB

.rsrc
Size: 6KB - Virtual size: 5KB

.dpOl
Size: 1024B - Virtual size: 955B

.XPJwSw
Size: 3KB - Virtual size: 2KB

.jcTbkA
Size: 1KB - Virtual size: 1KB

.ahmhTi
Size: 1KB - Virtual size: 1KB

.QsythHw
Size: 1024B - Virtual size: 795B