dd3a29adf3d50a40c6c23c42564251da03ae3b2339d0a2c06bf40f53610e99c9

Sharing

Copy URL

Twitter E-mail

General

Target

dd3a29adf3d50a40c6c23c42564251da03ae3b2339d0a2c06bf40f53610e99c9
Size

313KB
MD5

8f220cbd728ca2bc14c351299c32d66a
SHA1

d01afd8ec0fde5085a2dc11d9b1291555f1aa2b2
SHA256

dd3a29adf3d50a40c6c23c42564251da03ae3b2339d0a2c06bf40f53610e99c9
SHA512

cebdbe3ba4b6c248d5750285dc2451b3bc01d0cd1d50633f70f18a4a2e0d241ec842fc31235fe229bb867bff062b7b90e73a1be8bb1b486ec27f4bcf28462e27
SSDEEP

6144:Ys8xRrZaWIMlujBqH9LV+Zx2yR/ZYKnGqbInfAARzlsedWIMSMJUeXV:Yp5luy5ox2yRhi5p7WI9nY

Score

N/A

Malware Config

Signatures

Files

dd3a29adf3d50a40c6c23c42564251da03ae3b2339d0a2c06bf40f53610e99c9
.exe windows x86

97b408f1819a5072fcfed27deb03a62c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
_except_handler3
realloc

atl

ord30
ord16
ord21
ord23
ord15
ord32
ord58
ord26
ord27
ord45
ord44
ord43
ord31

kernel32

DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
TlsFree
TlsAlloc
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
FlushInstructionCache
GetCurrentProcess
SetLastError
TlsSetValue
TlsGetValue
GetCurrentThreadId
lstrcatW
lstrcpyW
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetLastError
LocalFree
LocalAlloc
ExpandEnvironmentStringsW
CreateProcessW
CloseHandle
DelayLoadFailureHook
lstrlenW
lstrcpynW
GetWindowsDirectoryW
EnterCriticalSection
GetModuleHandleW

user32

GetClassInfoExW
LoadAcceleratorsW
GetKeyState
DestroyAcceleratorTable
IsWindow
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
RegisterClassExW
GetWindowLongW
SetWindowLongW
UnionRect
PtInRect
DestroyWindow
CreateWindowExW
DefWindowProcW
WaitForInputIdle
MapWindowPoints
SetWindowsHookExW
GetWindowRect
PostMessageW
SendMessageW
CallNextHookEx
UnhookWindowsHookEx
FindWindowW
BeginPaint
GetClientRect
EndPaint
GetParent
ShowWindow
GetFocus
IsChild
SetFocus
LoadStringW
CallWindowProcW
SetWindowPos
InvalidateRect

advapi32

RegCloseKey
RegOpenKeyExW

credui

CredUIReadSSOCredW

gdi32

RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteDC

ole32

OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
OleRegEnumVerbs
IsAccelerator

oleaut32

OleCreatePropertyFrame
SysAllocStringLen
SysAllocString
SysStringLen
RegisterTypeLi
LoadTypeLi
VariantChangeType
SysStringByteLen
SysFreeString
VariantClear
LoadRegTypeLi

shlwapi

SHDeleteKeyW
SHGetValueW
ord437
ord193
StrCatBuffW
ord24

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mpack
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97b408f1819a5072fcfed27deb03a62c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

kernel32

user32

advapi32

credui

gdi32

ole32

oleaut32

shlwapi

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 94KB - Virtual size: 94KB

.xdata Size: 94KB - Virtual size: 94KB

.tls Size: 94KB - Virtual size: 94KB

.pdata Size: 512B - Virtual size: 274B

.vdata Size: 512B - Virtual size: 97B

.kpack Size: 512B - Virtual size: 78B

.mpack Size: 512B - Virtual size: 54B

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 94KB - Virtual size: 94KB

.xdata
Size: 94KB - Virtual size: 94KB

.tls
Size: 94KB - Virtual size: 94KB

.pdata
Size: 512B - Virtual size: 274B

.vdata
Size: 512B - Virtual size: 97B

.kpack
Size: 512B - Virtual size: 78B

.mpack
Size: 512B - Virtual size: 54B

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 224B