eebd690885fa61538303cd99f8a07f59f4760fb3b6a50c56582a57cd4aa26928

Sharing

Copy URL Twitter E-mail

General

Target

eebd690885fa61538303cd99f8a07f59f4760fb3b6a50c56582a57cd4aa26928
Size

46KB
MD5

9b99cf137758b0c01b0cf0abde82b3f2
SHA1

3bdb969a4fd6e40b5a0fd203b28cc929f4be6456
SHA256

eebd690885fa61538303cd99f8a07f59f4760fb3b6a50c56582a57cd4aa26928
SHA512

a0519318a6d677e96510b63fc461bc1394a2d5cda2534fa3810045a671e60a40bfd5cdc31fbab27787c1fb760564630a7cf3bb91bb93d50e81cde869e59b8e37
SSDEEP

768:aeeATKAwDrNqWOlRubJ5XCHEdNrhoYpQrnfTOxbr7I9Dx:aeeATjwDrNZUubnIEP1LpTrI99

Score

N/A

Malware Config

Signatures

Files

eebd690885fa61538303cd99f8a07f59f4760fb3b6a50c56582a57cd4aa26928
.exe windows x86

245b652192c9a1f6409c257070b590be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromOle1Class
HBRUSH_UserFree
WdtpInterfacePointer_UserFree
HACCEL_UserFree
CoGetMalloc
OleGetIconOfClass
SNB_UserMarshal
CoFreeUnusedLibrariesEx
HDC_UserFree

netapi32

NetAuditClear
NetFileEnum
NetUseAdd
NetServerComputerNameAdd
I_NetServerPasswordSet
NetEnumerateTrustedDomains
NetAddAlternateComputerName
NetpwNameCompare
NetGroupDelUser
NetDfsAddStdRoot
DsGetDcCloseW

kernel32

UpdateResourceW
SetCommState
FindAtomW
GetConsoleAliasesA
GetLocaleInfoA
EnumSystemLocalesW
lstrcpyn
OpenEventA
LoadLibraryW
AllocateUserPhysicalPages
CreateIoCompletionPort
ReplaceFileW
MapUserPhysicalPages
ReadConsoleOutputA
GetCurrentThread
GetTimeFormatA
ResetEvent
GlobalUnfix
RequestDeviceWakeup
GetMailslotInfo
SetCurrentDirectoryW
CreateRemoteThread
SetFileApisToOEM
ReadConsoleInputA
PrivCopyFileExW
WriteConsoleInputW
GetStartupInfoA
EnumResourceNamesW
CreateTimerQueue
DeviceIoControl
GetModuleHandleW
GlobalSize
GetSystemWow64DirectoryA

hhsetup

?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?IsDirty@CCollection@@QAEHXZ
?GetNextTitle@CTitle@@QAEPAV1@XZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?GetLanguage@CTitle@@QAEGXZ
?AddRefedTitle@CCollection@@AAEKPAVCFolder@@@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
??1CPointerList@@QAE@XZ
?GetVolume@CLocation@@QAEPADXZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?SetParent@CFolder@@QAEXPAV1@@Z
?SetLanguage@CFolder@@QAEXG@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?GetLangId@CCollection@@QAEGPBD@Z
??0CLocation@@QAE@XZ
??1CFIFOString@@QAE@XZ
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z

mfcsubs

?Release@CString@@IAEXXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??H@YG?AVCString@@DABV0@@Z
?FormatMessageW@CString@@QAAXPBGZZ
??H@YG?AVCString@@ABV0@0@Z
??1CSyncObject@@UAE@XZ
?Find@CString@@QBEHPBG@Z
?GetSize@CStringArray@@QBEHXZ
??1CMapStringToPtr@@UAE@XZ
??9@YG_NABVCString@@PBG@Z
??_7CStringArray@@6B@
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??BCSyncObject@@QBEPAXXZ
?Find@CString@@QBEHG@Z
?TrimRight@CString@@QAEXXZ
??_FCMapStringToPtr@@QAEXXZ
?FormatMessageW@CString@@QAAXIZZ
?RemoveAll@CMapStringToPtr@@QAEXXZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?GetData@CStringArray@@QBEPBVCString@@XZ
?MakeReverse@CString@@QAEXXZ
?GetCount@CMapStringToPtr@@QBEHXZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??0CString@@QAE@GH@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ

msdmo

MoDeleteMediaType
DMORegister
DMOUnregister
MoCopyMediaType
DMOGetTypes
DMOGuidToStrW
MoCreateMediaType
MoInitMediaType
DMOEnum
MoDuplicateMediaType
DMOStrToGuidW
DMOStrToGuidA
DMOGetName
MoFreeMediaType
DMOGuidToStrA

imm32

ImmUnlockImeDpi
ImmIMPSetIMEA
ImmSetOpenStatus
ImmGetVirtualKey
ImmWINNLSEnableIME
ImmUnregisterWordW
ImmConfigureIMEA
ImmReSizeIMCC
ImmWINNLSGetIMEHotkey
ImmReleaseContext
ImmSetActiveContextConsoleIME
ImmGetProperty
ImmSendIMEMessageExA
ImmGetConversionStatus
ImmUnlockIMC
ImmProcessKey
ImmGetStatusWindowPos
ImmDisableIME
ImmLoadLayout
ImmEscapeA
ImmSetHotKey
ImmSetCompositionFontW
ImmInstallIMEA
ImmGetRegisterWordStyleW
ImmSetCompositionStringA
ImmGetCompositionWindow

userenv

RefreshPolicyEx
GetGPOListA
GetUserProfileDirectoryA
GetPreviousFgPolicyRefreshInfo
ExpandEnvironmentStringsForUserW
DllUnregisterServer
GetNextFgPolicyRefreshInfo
DestroyEnvironmentBlock
FreeGPOListA
LeaveCriticalPolicySection
EnterCriticalPolicySection
ForceSyncFgPolicy

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245b652192c9a1f6409c257070b590be

Headers

DLL Characteristics

File Characteristics

Imports

ole32

netapi32

kernel32

hhsetup

mfcsubs

msdmo

imm32

userenv

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 308B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 308B

.rsrc
Size: 6KB - Virtual size: 5KB