d3d71318d9af66819e180d3fce9894aa849c0f7975850ec74d02c891e9815446

Sharing

Copy URL Twitter E-mail

General

Target

d3d71318d9af66819e180d3fce9894aa849c0f7975850ec74d02c891e9815446
Size

45KB
MD5

c9824823d65e5f9fe3d945d5dabc5ea7
SHA1

55b458e615e5b524db8a40f76e7c2f24edfdcd69
SHA256

d3d71318d9af66819e180d3fce9894aa849c0f7975850ec74d02c891e9815446
SHA512

a88e0433617e5a140802979e19bbe378739e09d94478d6a0d46eff176125c13270ddbd457887101ab2838942ca0d8fa3427f59ee759368f7c0a1d2f004421567
SSDEEP

768:W/SaLGe6bUvNvpBLjJoawRYxwvyhEVFvpLSjD/8FaCyVrpATJy0:ybLGlgvtp9DwR8wK2Vdp6DvCi0I0

Score

N/A

Malware Config

Signatures

Files

d3d71318d9af66819e180d3fce9894aa849c0f7975850ec74d02c891e9815446
.exe windows x86

d0ab678d8046fe3203a75543936f3ddc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
BeginUpdateResourceW
GetProcAddress

user32

GetSystemMetrics
SendMessageW
IsIconic
GetAsyncKeyState
CharPrevW
MonitorFromWindow
MessageBoxA
MonitorFromPoint
OffsetRect
LoadMenuIndirectW
PostMessageA
RegisterWindowMessageW
WinHelpA
IsDlgButtonChecked
GetTopWindow
CharLowerW
DefWindowProcA
SetMenu
GetClassInfoA
GetDlgItemInt
PeekMessageA

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

winsta

WinStationCloseServer
_WinStationWaitForConnect
ServerLicensingGetPolicyInformationA
WinStationRemoveLicense
WinStationReset
_WinStationFUSCanRemoteUserDisconnect
WinStationSendMessageW
LogonIdFromWinStationNameW
WinStationVirtualOpen
ServerLicensingGetAvailablePolicyIds
WinStationFreeMemory
_WinStationNotifyLogoff
WinStationSendMessageA
_WinStationNotifyNewSession
ServerLicensingDeactivateCurrentPolicy
WinStationGenerateLicense

gdi32

ExtCreateRegion
CreatePolygonRgn
SetMetaFileBitsEx
CreateFontIndirectW
CreateRoundRectRgn
GetStockObject
CreatePatternBrush
CreateICW
GetEnhMetaFileW
RemoveFontResourceW
CreateBitmapIndirect
CreateDIBPatternBrushPt

ssdpapi

DHSetICSOff
FindServicesCancel
RegisterService
FreeSsdpMessage

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0ab678d8046fe3203a75543936f3ddc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winsta

gdi32

ssdpapi

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 17KB

CODE Size: 4KB - Virtual size: 132KB

.edata Size: 8KB - Virtual size: 87KB

.text Size: 5KB - Virtual size: 330KB

.data Size: 8KB - Virtual size: 147KB

.edata Size: 11KB - Virtual size: 86KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 17KB

CODE
Size: 4KB - Virtual size: 132KB

.edata
Size: 8KB - Virtual size: 87KB

.text
Size: 5KB - Virtual size: 330KB

.data
Size: 8KB - Virtual size: 147KB

.edata
Size: 11KB - Virtual size: 86KB

.rsrc
Size: 3KB - Virtual size: 3KB