a9e50808043a0d5b29b533f370cc7825e508342a2edfa47b11fc65b7eefd5015

Sharing

Copy URL Twitter E-mail

General

Target

a9e50808043a0d5b29b533f370cc7825e508342a2edfa47b11fc65b7eefd5015
Size

49KB
MD5

7a9d937aad5b8727994dd2c1eed90a6b
SHA1

513a3a06220a55e7fec9886dc10701d067b47d14
SHA256

a9e50808043a0d5b29b533f370cc7825e508342a2edfa47b11fc65b7eefd5015
SHA512

f00249ac0db072cb0e19957eedc7158a85e78c752cb99cfdafa53f6a1b90ebedc0c6b964ba7af4bd833aaacfc42e3d95a4985a82be0c35bb028fdc6bd1ee3280
SSDEEP

1536:XktXz/NF0RDsJaxFLnfKvOCeHYH789c4szsptNzw:XktDsgJaxRnfKaYb89fdptt

Score

N/A

Malware Config

Signatures

Files

a9e50808043a0d5b29b533f370cc7825e508342a2edfa47b11fc65b7eefd5015
.exe windows x86

0bee78f2cbba5e2cf9149f32b11f97af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMGetOutlineA
ATMAddFont
ATMGetGlyphList
ATMAddFontW
ATMXYShowText
ATMFontAvailableW
ATMGetFontPathsA
ATMBBoxBaseXYShowTextA
ATMGetNtmFields
ATMGetFontInfoW
ATMMakePFMA
ATMRemoveFont
ATMEnumFontsW
ATMFontStatus
ATMGetNtmFieldsW
ATMGetMenuNameW
ATMGetVersion
ATMMakePSS
ATMGetPostScriptNameA
ATMEndFontChange
ATMGetVersionExW
ATMFinish
ATMProperlyLoaded
ATMForceFontChange
ATMGetFontInfoA
ATMAddFontExA
ATMBBoxBaseXYShowTextW
ATMEnumFontsA
ATMGetFontBBox
ATMRemoveSubstFontW
ATMGetFontPaths

kernel32

FindAtomW
GetMailslotInfo
SetPriorityClass
GetVersion
SetLocalTime
GetModuleHandleW
FindNextVolumeMountPointW
ReadConsoleOutputCharacterA
SetVolumeLabelA
PrivMoveFileIdentityW
GetCurrentProcess
DeleteVolumeMountPointW
ExitVDM
GetGeoInfoA
GetVolumePathNamesForVolumeNameW
SetComputerNameExA
SetConsoleCursorMode
SetProcessAffinityMask
WritePrivateProfileSectionW
AddConsoleAliasA
GetProcAddress
GetTickCount
HeapAlloc
SetSystemTimeAdjustment
WaitNamedPipeA
GlobalWire
GetNamedPipeHandleStateA
GetConsoleWindow
ConvertThreadToFiber
CreateJobObjectW
lstrlenA
GetModuleHandleA
SetComPlusPackageInstallStatus
ActivateActCtx
FoldStringA
TransmitCommChar
FoldStringW
FileTimeToSystemTime
RestoreLastError
VirtualUnlock
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
VirtualAlloc
HeapQueryInformation
InvalidateConsoleDIBits
GetPrivateProfileIntW
SearchPathA
lstrcpynW
lstrcmpA
CancelWaitableTimer
GetSystemDirectoryW
SetLocaleInfoA
ReleaseSemaphore
SetComputerNameA
GetCommMask
DeleteTimerQueue
GetEnvironmentVariableW
GetSystemTime
HeapValidate
SearchPathW
LoadLibraryA
GetPrivateProfileIntA
CreateWaitableTimerA

opengl32

glBegin
glVertex2s
glGetClipPlane
glNormalPointer
wglUseFontOutlinesA
glRasterPos4dv
glColor4ui
glColorMask
wglGetLayerPaletteEntries
glColor3ub
glGetIntegerv
glTexCoord4i
glColor4fv
glSelectBuffer
glGetLightiv
glGetTexGeniv
glPopAttrib
glPopMatrix
glLightf
glLoadMatrixd
wglGetCurrentContext
glIndexMask
glIndexs
glTexCoord1dv
glMap1f
glOrtho
glEvalCoord2fv
glRenderMode
glRasterPos4sv

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bee78f2cbba5e2cf9149f32b11f97af

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

kernel32

opengl32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 514B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 514B

.rsrc
Size: 2KB - Virtual size: 1KB