9f155995d28ac3b82cc0ec54fdc153b861621b26ad0f1fc3eb19b081be19ab26

Sharing

Copy URL Twitter E-mail

General

Target

9f155995d28ac3b82cc0ec54fdc153b861621b26ad0f1fc3eb19b081be19ab26
Size

585KB
MD5

58f546d51f8e44ba746c2b11542871b0
SHA1

fa321e75c1e87ec40e9a8a5f7248a70929d4e14c
SHA256

9f155995d28ac3b82cc0ec54fdc153b861621b26ad0f1fc3eb19b081be19ab26
SHA512

fa4795f6ebe9f0c277a05b1785562865e0fef1180528c1b5a909fad52c726c971d037212db27808668b48feb134b59de3c25d95f97415b4bbb9e89b98756648e
SSDEEP

12288:lbL0w/+B+PFTfhnsDDvp3ZdY11bOJ+dy:ln0/oTlsDFfY11bO0y

Score

N/A

Malware Config

Signatures

Files

9f155995d28ac3b82cc0ec54fdc153b861621b26ad0f1fc3eb19b081be19ab26
.dll windows x86

0ee3ff5b3ff9b8168521464c97bbeee5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateHardLinkW
EnumResourceLanguagesW
FindNextVolumeMountPointA
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetFileAttributesA
GetLocaleInfoA
GetModuleFileNameA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
MultiByteToWideChar
SetEnvironmentVariableA
VirtualQueryEx
WideCharToMultiByte
lstrcmpW
lstrlenA
lstrlenW
CloseHandle
DisableThreadLibraryCalls
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultUILanguage
InterlockedCompareExchange
LocalAlloc
LocalFree
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
_lopen
GetLocalTime
InterlockedExchange
ReadConsoleOutputAttribute
lstrcatW
lstrcpyW
VirtualAlloc
IsBadReadPtr
IsBadWritePtr
LoadLibraryExW
SetConsoleTextAttribute
UnhandledExceptionFilter
VirtualFreeEx
BackupRead
CreateEventW
CreateTapePartition
EnumCalendarInfoExA
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
GetDiskFreeSpaceExA
GetEnvironmentStringsA
GetFileAttributesW
GetModuleFileNameW
GetProcessHeap
GetThreadSelectorEntry
GetVersion
GetVersionExW
GetVolumePathNameA
LoadLibraryW
LocalLock
MoveFileW
OutputDebugStringA
SystemTimeToFileTime
TerminateJobObject
TlsSetValue
UnlockFileEx
lstrcmpiW
lstrcpyA
lstrcpynW
CreateSemaphoreW
DnsHostnameToComputerNameW
FileTimeToSystemTime
FindFirstFileA
FormatMessageA
ReleaseSemaphore
SearchPathA
SetEvent
VerLanguageNameW
GetProfileStringW
AddAtomW
CreateDirectoryExW
DebugActiveProcess
DebugBreak
FindResourceW
GetCommModemStatus
GetCommProperties
GetSystemDefaultLCID
GetSystemInfo
GlobalAddAtomW
GlobalGetAtomNameW
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
SetComputerNameExA
TlsGetValue
WriteProcessMemory
lstrcmpiA
EnumCalendarInfoW
EscapeCommFunction
GetConsoleOutputCP
ReadFile
SetCalendarInfoA
WaitForMultipleObjects
_lcreat
CreateConsoleScreenBuffer
GetProcessAffinityMask
GetStartupInfoW
LoadLibraryExA
Module32NextW
SetDefaultCommConfigW
WaitForSingleObject
CreateFileW
CreateMutexA
FatalAppExitW
FindNextFileA
FlushFileBuffers
GetCPInfoExA
GetLocaleInfoW
GetProcessTimes
GetProcessWorkingSetSize
GetSystemWindowsDirectoryW
GlobalFindAtomA
GlobalWire
HeapCreate
IsDBCSLeadByte
OpenWaitableTimerA
ProcessIdToSessionId
ReadConsoleOutputW
RegisterWaitForSingleObject
SetCommConfig
SetCurrentDirectoryA
SetMessageWaitingIndicator
SetSystemTimeAdjustment
UnregisterWait
VirtualProtect
WaitForSingleObjectEx
WritePrivateProfileSectionA
CompareFileTime
CreateProcessW
EnumDateFormatsA
FreeEnvironmentStringsA
GetLongPathNameW
GetVolumeInformationA
HeapValidate
IsValidLanguageGroup
ResetEvent
SetCommMask
WaitNamedPipeA
WriteFileEx
GetLastError
SetFilePointer
CreateProcessA
DuplicateHandle
FindFirstFileW
FindNextFileW
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
RtlUnwind
IsDBCSLeadByteEx
ReadConsoleA
GetConsoleCP
ReadConsoleW
ExitProcess
CreatePipe
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetFileType
SetFileAttributesA
GetTimeZoneInformation
WriteConsoleA
WriteConsoleW
RemoveDirectoryA
DeleteFileA
HeapReAlloc
MoveFileA
GetStdHandle
DeleteFileW
SetEndOfFile
ExitThread
ResumeThread
CreateThread
CreateFileA
ReadConsoleInputW
RemoveDirectoryW
GetCommandLineA
IsDebuggerPresent
SetHandleCount
GetStartupInfoA
SetStdHandle
TlsAlloc
TlsFree
SetLastError
GetExitCodeProcess
FileTimeToLocalFileTime
HeapDestroy
VirtualFree
WriteFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandle
PeekNamedPipe
HeapSize
VirtualQuery
SetFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetFullPathNameW
GetFullPathNameA
CompareStringA
CompareStringW
SetEnvironmentVariableW

oleaut32

VarNot
SafeArrayAllocDescriptorEx
VarCyFromUI4
VarDateFromUI2
VarI2FromDec
VarDecFromBool
VarDecFromI1
VarUI2FromStr
VarUI2FromR4
SafeArrayDestroy
VarDecFix
VarI1FromDate
VarR4FromDisp
GetRecordInfoFromGuids
VarCyCmpR8
VarBoolFromI2
VarCyNeg
VarDateFromUdate
VarUI2FromDec
VarUI4FromI4
SafeArraySetIID
VarDateFromDisp
VarDateFromR8
VarDateFromUI1
VarDecDiv
VarI2FromR8
VarI4FromDate
VarOr
VarUI1FromR4
DispCallFunc
VARIANT_UserFree
VarR4FromDate

rpcrt4

NdrConformantVaryingStructFree
NdrEncapsulatedUnionMemorySize
NdrProxyGetBuffer
NdrVaryingArrayFree
I_RpcServerUseProtseq2W
NdrConformantStructMemorySize
RpcStringBindingParseW
UuidCreateNil
MesDecodeIncrementalHandleCreate
NDRSContextUnmarshall
NdrDcomAsyncClientCall
NdrSimpleStructBufferSize
RpcCancelThread
RpcMgmtEpEltInqNextA
MesInqProcEncodingId
NdrPointerMarshall
RpcBindingFree
RpcBindingFromStringBindingW
RpcSmClientFree
RpcStringBindingComposeW
RpcStringFreeW
RpcEpResolveBinding
I_RpcDeleteMutex
I_RpcTransConnectionFreePacket
NDRSContextMarshallEx
NdrVaryingArrayUnmarshall
RpcBindingServerFromClient
RpcMgmtSetCancelTimeout
RpcSsFree
UuidHash
I_RpcBCacheAllocate
I_RpcReallocPipeBuffer
I_RpcServerAllocateIpPort
NdrFixedArrayMarshall
NdrXmitOrRepAsMarshall
I_RpcServerSetAddressChangeFn
NdrPointerFree
NdrPointerUnmarshall
NdrStubCall2
NdrStubGetBuffer
RpcBindingSetOption
RpcBindingToStringBindingW
RpcRevertToSelf
RpcRevertToSelfEx
CreateProxyFromTypeInfo
I_RpcNsBindingSetEntryNameA
NDRCContextBinding
NdrNonEncapsulatedUnionBufferSize

Exports

Exports

KLNVS

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ee3ff5b3ff9b8168521464c97bbeee5

Headers

File Characteristics

Imports

kernel32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 463KB - Virtual size: 463KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 34KB - Virtual size: 49KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 463KB - Virtual size: 463KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 34KB - Virtual size: 49KB

.reloc
Size: 21KB - Virtual size: 21KB