98baefeb5ea01f150c2c8afbc6004fcd6ce76c8d6d58fcab73a282e7a3d5b3b4

Sharing

Copy URL Twitter E-mail

General

Target

98baefeb5ea01f150c2c8afbc6004fcd6ce76c8d6d58fcab73a282e7a3d5b3b4
Size

370KB
MD5

fe55f6c7b4eafd17ea1937b32f160b8a
SHA1

77842b029cc99933c60464f3705db2a6b004ebc7
SHA256

98baefeb5ea01f150c2c8afbc6004fcd6ce76c8d6d58fcab73a282e7a3d5b3b4
SHA512

34a00458e18aaab4e54a899266a4737dc369df87b6698f3051fd80545f317909ff464a5dfec9b05901c47695be093f56a49185ef10914dbb8bcf2e94bac337b6
SSDEEP

6144:QmjP3CYyPgOJ6C9m3LK/0lJwLMXswwM2P13ezZSNXrttUH:QmjfCdYf3LK88wstN3dF4

Score

N/A

Malware Config

Signatures

Files

98baefeb5ea01f150c2c8afbc6004fcd6ce76c8d6d58fcab73a282e7a3d5b3b4
.exe windows x86

0a0eee372f6c182fe085598a3402ce02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetCalendarInfoA
UnlockFileEx
SetConsoleCursorPosition
SystemTimeToTzSpecificLocalTime
CreateNamedPipeW
GetFirmwareEnvironmentVariableA
GetCommState
ReadConsoleInputW
GetModuleHandleA
NlsGetCacheUpdateCount
IsDebuggerPresent
SetThreadAffinityMask
InterlockedExchange
GetBinaryType
GetQueuedCompletionStatus
DeleteFiber
_lopen
ReplaceFileW
EnumUILanguagesW
AddAtomA
ReadProcessMemory
GetCurrentThread
FormatMessageW
FileTimeToDosDateTime
GetBinaryTypeA
_llseek
FindResourceExA
AttachConsole
GetVolumePathNameA
FindFirstVolumeMountPointW
GetBinaryTypeW
TlsAlloc
VirtualAlloc
SetThreadLocale
FlushConsoleInputBuffer
GetCommandLineA
GlobalFindAtomA
GetVolumePathNamesForVolumeNameW
ShowConsoleCursor
LocalAlloc
LoadLibraryA
GetCompressedFileSizeA
Module32Next
ChangeTimerQueueTimer
RtlFillMemory
GetPrivateProfileStructA
ReplaceFile
GetCPInfoExW
GlobalAlloc
WriteConsoleOutputCharacterA
GetProfileIntW
lstrlenW
BuildCommDCBA
RaiseException
TransmitCommChar
HeapDestroy
WaitForSingleObjectEx
FindNextFileW
GlobalMemoryStatusEx
SetThreadPriorityBoost
GetPrivateProfileSectionW
GetConsoleHardwareState
QueryPerformanceCounter
lstrcpyn
BaseFlushAppcompatCache
IsBadCodePtr
GetCPInfoExA
EnumCalendarInfoW
GetCurrentProcess
SetConsoleCursor
GetEnvironmentStringsW
GlobalFindAtomW
ResetWriteWatch
MapUserPhysicalPages
MoveFileWithProgressA
UTRegister
ConsoleMenuControl
SetEnvironmentVariableA
LocalUnlock
GetConsoleAliasExesA
GlobalUnlock
SetConsoleFont

cmutil

CmLoadIconW
??0CRandom@@QAE@XZ
?WPPI@CIniA@@QAEXPBD0K@Z
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?Banner@CmLogFile@@QAEXXZ
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
?SetFile@CIniW@@QAEXPBG@Z
?SetEntryFromIdx@CIniW@@QAEXK@Z
CmBuildFullPathFromRelativeW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
?SetFile@CIniA@@QAEXPBD@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
?SetEntry@CIniA@@QAEXPBD@Z
?Clear@CmLogFile@@QAEXH@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
CmLoadIconA
CmStrCpyAllocA
?CloseFile@CmLogFile@@AAEJXZ
??4CIniW@@QAEAAV0@ABV0@@Z
??0CmLogFile@@QAE@XZ
?SetRegPath@CIniA@@QAEXPBD@Z
IsFarEastNonOSR2Win95
?GetFile@CIniA@@QBEPBDXZ
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
ReleaseBold
WzToSz
?LoadEntry@CIniW@@IBEPAGPBG@Z
CmStrchrW

regapi

RegCdCreateA
RegCloseServer
RegWinStationDeleteA
RegWinStationQueryW
RegUserConfigQuery
RegPdQueryW
RegWinStationQueryEx
RegGetUserConfigFromUserParameters
RegPdDeleteW
RegWdEnumerateW
RegCdEnumerateW
RegPdEnumerateA
RegGetUserPolicy
RegDefaultUserConfigQueryW
RegWinStationSetNumValueW
RegUserConfigRename
RegWinStationSetSecurityA
RegWinStationQueryA
RegPdCreateA
RegBuildNumberQuery
RegWdQueryW
RegWdCreateW
RegWinStationAccessCheck
RegPdCreateW
RegGetMachinePolicyEx
RegConsoleShadowQueryW
RegWinStationQuerySecurityW
RegCdQueryW
RegWinStationDeleteW
RegWinStationCreateW
RegQueryUtilityCommandList
RegPdDeleteA
RegWinStationEnumerateA
RegCdDeleteA
RegUserConfigDelete
RegFreeUtilityCommandList
RegQueryOEMId
RegWinStationSetSecurityW

gdi32

DdEntry9
GetRgnBox
StretchBlt
CreateColorSpaceW
EngTextOut
DdEntry32
StartFormPage
CreateEnhMetaFileW
DeleteObject
DPtoLP
GdiAddGlsRecord
DdEntry10
DdEntry52
GetWorldTransform
GetDeviceCaps
DdEntry0
GetICMProfileW
GetTextExtentPoint32A
EngStretchBltROP
GetOutlineTextMetricsA
EudcUnloadLinkW
DdEntry19
DdEntry12
CopyEnhMetaFileA
GdiConvertFont
GetNearestPaletteIndex
GdiReleaseLocalDC
DdEntry5
CreateHalftonePalette
DdEntry20
HT_Get8BPPFormatPalette
GdiStartPageEMF
RemoveFontResourceTracking
GetCharacterPlacementW
GdiInitSpool
CreatePenIndirect
GdiAlphaBlend

msi

MsiProvideQualifiedComponentA
MsiRecordSetStreamA
MsiSourceListClearAllA
MsiDatabaseCommit
MsiGetTargetPathW
MsiDatabaseApplyTransformW
MsiCreateTransformSummaryInfoW
MsiGetFileSignatureInformationA
MsiSetFeatureStateA
MsiGetUserInfoA
MsiSourceListAddSourceA
MsiEnumProductsW
MsiAdvertiseProductA
MsiSetFeatureStateW
MsiDoActionW
MsiEnumFeaturesW
MsiMessageBoxW
MsiDatabaseExportW
MsiEnumRelatedProductsW
MsiRecordGetStringA
MsiGetFeatureStateA
MsiGetProductCodeA
MsiEnumComponentsW
MsiDatabaseOpenViewA
MsiGetFeatureUsageA
MsiConfigureProductA
MsiRecordGetStringW
MsiIsProductElevatedW
MsiViewModify
MsiSetFeatureAttributesA
MsiSetExternalUIW
DllGetClassObject
MsiEnumComponentsA
MsiEnumComponentQualifiersW
MsiOpenPackageExW
MsiLoadStringA
MsiGetComponentStateA
MsiGetPropertyA
MsiConfigureFeatureW

ctl3d32

StaticWndProc3d
Ctl3dSubclassDlg
Ctl3dEnabled
Ctl3dAutoSubclassEx
Ctl3dCtlColorEx
Ctl3dUnregister
Ctl3dSetStyle
Ctl3dDlgFramePaint
EditWndProc3d
BtnWndProc3d
Ctl3dIsAutoSubclass
Ctl3dUnAutoSubclass
Ctl3dAutoSubclass
Ctl3dSubclassCtlEx
Ctl3dColorChange
Ctl3dWinIniChange
Ctl3dSubclassDlgEx
Ctl3dRegister
Ctl3dDlgProc
ComboWndProc3d
Ctl3dCtlColor
Ctl3dUnsubclassCtl
Ctl3dSubclassCtl
ListWndProc3d
Ctl3dGetVer

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a0eee372f6c182fe085598a3402ce02

Headers

File Characteristics

Imports

kernel32

cmutil

regapi

gdi32

msi

ctl3d32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 512B - Virtual size: 516KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 512B - Virtual size: 516KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1024B - Virtual size: 1024B