97658dbe5bd4517321d3cbbb487455bd57d289cd9c907fd3b88af6c091eebddc

Sharing

Copy URL Twitter E-mail

General

Target

97658dbe5bd4517321d3cbbb487455bd57d289cd9c907fd3b88af6c091eebddc
Size

51KB
MD5

4a27d1675701d576176e110162d555d6
SHA1

539e06c91f854b091f3eb9d03eed46d765142308
SHA256

97658dbe5bd4517321d3cbbb487455bd57d289cd9c907fd3b88af6c091eebddc
SHA512

9d267fb9c8fc639e79bca682f79aa964e4eb3f0f7084b708befc6a65675ae9611e7195564f0cca3cdcb52d516caaf72ea4fb0303e19d498a35154e0ccc7bc3b8
SSDEEP

768:hM1ABwasPJECGIvOFy8iavPj5cwhsQ04TjMRJW17eIH/eTRs:Q2mcFFvPh0kjM7WoIHks

Score

N/A

Malware Config

Signatures

Files

97658dbe5bd4517321d3cbbb487455bd57d289cd9c907fd3b88af6c091eebddc
.exe windows x86

03ed6d8d8ef086ff50072e84fe844b34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPause
waveInUnprepareHeader
waveOutSetVolume
mmioSeek
mmioSetBuffer
mixerOpen
midiOutGetNumDevs
midiOutGetDevCapsA
mciSetYieldProc
mciDriverYield
mciGetDeviceIDW
waveOutGetVolume
waveOutUnprepareHeader
mciGetDeviceIDA
mmioRenameW
waveOutGetDevCapsA
joyGetPosEx
waveOutGetErrorTextW
mmioAscend
midiOutMessage
timeGetSystemTime
mixerGetLineControlsA
mciGetYieldProc
waveOutGetID
mixerGetControlDetailsA
SendDriverMessage
mmioOpenW
mmTaskSignal
waveOutClose
mixerClose
midiStreamRestart
aux32Message
waveOutGetPlaybackRate
joy32Message

clusapi

AddClusterResourceDependency
ClusterResourceEnum
AddClusterResourceNode
CloseClusterNetwork
EvictClusterNodeEx
OpenClusterNetwork
ClusterRegQueryInfoKey
GetClusterResourceKey
SetClusterName
ClusterRegEnumKey
ClusterNodeGetEnumCount
ClusterGroupEnum
CreateClusterGroup
ClusterRegSetValue
SetClusterQuorumResource
CreateClusterResource
DeleteClusterResource
ClusterRegEnumValue
RemoveClusterResourceNode
ClusterCloseEnum
ResumeClusterNode
ClusterRegOpenKey
GetClusterQuorumResource
SetClusterGroupNodeList
ClusterResourceControl
ClusterRegDeleteKey
GetClusterFromGroup
GetClusterFromNode
OpenCluster
OnlineClusterResource

kernel32

lstrcmpiW
GetConsoleAliasW
AddVectoredExceptionHandler
GetNamedPipeHandleStateA
EnumSystemLocalesA
CreateHardLinkW
GetNumberOfConsoleFonts
ExpungeConsoleCommandHistoryA
DeleteAtom
WritePrivateProfileStructA
GetThreadPriority
CommConfigDialogW
RemoveLocalAlternateComputerNameW
CopyLZFile
UnlockFileEx
GetLastError
LoadLibraryA
SetCriticalSectionSpinCount
DeleteTimerQueueEx
GetLocaleInfoW
VirtualAlloc
GetSystemTimeAsFileTime
lstrcatW
GetCPInfoExA
WritePrivateProfileSectionA
SetEnvironmentVariableW
SetLastError
GetFileInformationByHandle
ReleaseSemaphore
GetCommMask
GetConsoleCP
CreateActCtxW
GetSystemDefaultLangID
GlobalHandle
CreateTapePartition
GetCommandLineA
LockFile
InitAtomTable
GetVolumeNameForVolumeMountPointA
SuspendThread
FreeLibraryAndExitThread
GetSystemDefaultUILanguage

shlwapi

AssocQueryKeyA
SHDeleteValueW
UrlIsOpaqueA
PathGetDriveNumberA
SHGetInverseCMAP
PathAppendW
PathStripToRootA
StrStrA
SHCreateStreamOnFileEx
ChrCmpIA
SHRegGetUSValueA
PathFindExtensionW
StrCmpNIW
SHRegDeleteUSValueA
UrlGetPartW
UrlCreateFromPathA
PathIsURLW
PathGetCharTypeW
StrStrIW
StrIsIntlEqualA
StrPBrkA
PathCommonPrefixA
PathRemoveBlanksW
PathIsUNCServerShareW
UrlCanonicalizeA
PathMakeSystemFolderA
SHRegOpenUSKeyW
StrCSpnIW
StrPBrkW
StrRetToBufW
PathRemoveFileSpecA
PathQuoteSpacesA
SHRegOpenUSKeyA
ChrCmpIW
UrlHashA
StrCmpNA

ntmarta

AccRewriteSetHandleRights
AccProvGetTrusteesAccess
AccGetInheritanceSource
AccProvRevokeAccessRights
AccProvHandleGrantAccessRights
AccProvGrantAccessRights
AccTreeResetNamedSecurityInfo
AccConvertAccessMaskToActrlAccess
AccProvHandleGetTrusteesAccess
AccProvHandleSetAccessRights
AccRewriteGetHandleRights
AccProvHandleRevokeAccessRights
AccLookupAccountName
AccProvHandleGetAllRights
AccRewriteSetNamedRights
AccProvHandleIsObjectAccessible
AccProvHandleIsAccessAudited
AccGetExplicitEntries
EventNameFree
AccProvGetOperationResults
AccProvIsAccessAudited
AccLookupAccountTrustee
AccProvGetCapabilities
AccConvertAclToAccess
AccLookupAccountSid
AccProvRevokeAuditRights
AccSetEntriesInAList
AccProvHandleGetAccessInfoPerObjectType
EventGuidToName
AccRewriteGetNamedRights
AccGetAccessForTrustee
AccProvGetAccessInfoPerObjectType
AccFreeIndexArray

crtdll

strncat
_mbccpy
_mbsstr
clearerr
_rmtmp
wcstoul
_gcvt
strstr
_mbsspn
fgetwc
_mbscat
_cprintf
wcschr
_mbsnbcat
isspace
_mbstrlen
_mbslwr
_spawnlp
_environ_dll
isgraph
_isnan
_CIsqrt
strftime
_getsystime
_getdrive
tanh
exp
_dup
_ismbslead
tan
_winver_dll
_lrotl
_mbsrev
_getcwd
_mbscpy
wcscat
_isatty

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ed6d8d8ef086ff50072e84fe844b34

Headers

DLL Characteristics

File Characteristics

Imports

winmm

clusapi

kernel32

shlwapi

ntmarta

crtdll

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B