c4aa9bf3ca2ad18c7bb391c1b5e52d46f79d4696af8b213bc1f0186051d04975

Sharing

Copy URL Twitter E-mail

General

Target

c4aa9bf3ca2ad18c7bb391c1b5e52d46f79d4696af8b213bc1f0186051d04975
Size

143KB
MD5

d829282ff79613dfb1533e382e4befb8
SHA1

4f7e8b2a5e3e6c32663603632ec0a261a1b47fb7
SHA256

c4aa9bf3ca2ad18c7bb391c1b5e52d46f79d4696af8b213bc1f0186051d04975
SHA512

0e9b1ef7733f4c5233a40aaeeb5b0fd610dda074fe83ea1b95dfc84d529e3c62dc466a59eed1a214feb8ed98760f3413a96513fa457c7999aee6fd1cf1cf2cbd
SSDEEP

3072:BmSDJKu9HbFT4uPaf09mTIgH4aq857qHVsNZnhaFuCgASNh9+2vw:4ru9HxTPs5YB89UVUZnAFw5h9+2I

Score

N/A

Malware Config

Signatures

Files

c4aa9bf3ca2ad18c7bb391c1b5e52d46f79d4696af8b213bc1f0186051d04975
.exe windows x86

79fccfd0922b7fe7567c9933bf82f42b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
UnregisterDeviceNotification
SetCursorPos
RegisterDeviceNotificationA
PeekMessageA
MsgWaitForMultipleObjectsEx
CharUpperA

ws2_32

socket
send
select
recv
listen
ioctlsocket
htonl
getsockopt
getsockname
connect
closesocket
accept
__WSAFDIsSet
WSAGetLastError

advapi32

FreeSid
UninstallApplication
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetEntriesInAclW
RevertToSelf
ReportEventW
RegisterServiceCtrlHandlerExA
RegisterEventSourceW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenServiceW
OpenSCManagerW
OpenProcessToken
MapGenericMask
InitializeSecurityDescriptor
AccessCheck
AddAccessAllowedAce
AllocateAndInitializeSid
CheckTokenMembership
CreateServiceW
CryptGenRandom
CryptReleaseContext
DeleteService
DeregisterEventSource
EqualSid
GetExplicitEntriesFromAclW
GetFileSecurityW
GetLengthSid
GetOldestEventLogRecord
GetPrivateObjectSecurity
GetUserNameW
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl

shell32

SHGetFolderPathW

setupapi

SetupDiSetSelectedDriverW
SetupDiSetSelectedDevice
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoA
SetupDiInstallDevice
SetupDiGetSelectedDriverW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
CM_Request_Eject_PC
CM_Request_Device_EjectW
CM_Locate_DevNodeA
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyA
CM_Get_Depth

kernel32

TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcpyW
lstrlenW
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
ExpandEnvironmentStringsW
SetTimeZoneInformation
SetLastError
SetFileTime
SetFilePointer
SetFileApisToOEM
SetEvent
SetEndOfFile
ResetEvent
RequestDeviceWakeup
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
Process32NextW
OutputDebugStringW
OutputDebugStringA
OpenThread
OpenProcess
MultiByteToWideChar
MoveFileW
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryExW
LoadLibraryA
LeaveCriticalSection
IsDebuggerPresent
BackupWrite
CancelIo
CloseHandle
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateNamedPipeW
CreateThread
DeleteCriticalSection
DeleteFileW
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
IsBadReadPtr
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCommProperties
GetComputerNameExW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessHeaps
GetShortPathNameW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationW
GlobalUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
IsBadHugeReadPtr
TlsGetValue

ole32

CLSIDFromString
CoCreateInstance
CoGetMalloc
CoInitialize
CoQueryProxyBlanket
CoTaskMemFree
CoUninitialize
HBRUSH_UserFree

Exports

Exports

ADeviceStopPlay
OpenQueryDef
PVGetCertificateParam
ResetCounter
WriteStreamToFile

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 853B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79fccfd0922b7fe7567c9933bf82f42b

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

shell32

setupapi

kernel32

ole32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 853B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 853B