961facdc017270c37fb1e19403ccc63404ecb67072059f5168fd5e2b5451f0a9

Sharing

Copy URL Twitter E-mail

General

Target

961facdc017270c37fb1e19403ccc63404ecb67072059f5168fd5e2b5451f0a9
Size

186KB
MD5

b90525af3c18a7a80e0e3e3da73ff4f4
SHA1

28de2e23516a089f436960d2f4d353cd2ecf1dda
SHA256

961facdc017270c37fb1e19403ccc63404ecb67072059f5168fd5e2b5451f0a9
SHA512

6ab64d15fc2f2bde9b5f6bac4c4c25119c8f76c8fdac8984088fc5268b453c6c33bb1504fe8e4d175b54a2d80838be4324a24362ea8a64a36955d693e09e86b7
SSDEEP

3072:tSN3MCVAuh3Ou9fIuR4anrukWcR/3v82JD8bFHYetCwehPs/+HmVDcAwqFKNiZ1k:tivVAu5OYZrupacUDg5CddsTVDc/qFOJ

Score

N/A

Malware Config

Signatures

Files

961facdc017270c37fb1e19403ccc63404ecb67072059f5168fd5e2b5451f0a9
.exe windows x86

e64a3f13c180067ae19dbb7b38b1ee16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindSuffixArrayW
PathSearchAndQualifyW
ColorAdjustLuma
PathAddBackslashA
SHEnumValueA
PathRemoveBackslashA
PathRemoveFileSpecW
StrCSpnIW
SHRegCreateUSKeyA
StrStrNIW
PathCommonPrefixA
SHGetThreadRef
SHQueryValueExW
PathIsLFNFileSpecW
SHAutoComplete
ChrCmpIA
SHEnumValueW
PathCombineW
SHRegEnumUSValueW
PathMatchSpecA
StrDupW
SHDeleteOrphanKeyA
UrlCombineA
PathRemoveArgsA
UrlHashW
UrlIsNoHistoryA
PathCreateFromUrlA
StrCmpNIA
PathQuoteSpacesA
SHRegisterValidateTemplate
StrCSpnA
PathAddExtensionA
StrCSpnW

msvcirt

??4iostream@@IAEAAV0@AAV0@@Z
??_8ostream@@7B@
??_7filebuf@@6B@
?eof@ios@@QBEHXZ
?gbump@streambuf@@IAEXH@Z
??0istream@@IAE@ABV0@@Z
?attach@fstream@@QAEXH@Z
??0filebuf@@QAE@ABV0@@Z
??_Estreambuf@@UAEPAXI@Z
??_7istream_withassign@@6B@
__dummy_export
??0streambuf@@IAE@PADH@Z
??0logic_error@@QAE@ABV0@@Z
?base@streambuf@@IBEPADXZ
??0strstreambuf@@QAE@PADH0@Z
?init@ios@@IAEXPAVstreambuf@@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?overflow@strstreambuf@@UAEHH@Z
?str@ostrstream@@QAEPADXZ
?is_open@ifstream@@QBEHXZ
?flags@ios@@QAEJJ@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??0ostream@@IAE@XZ
??_7iostream@@6B@
??_7exception@@6B@
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??5istream@@QAEAAV0@AAK@Z
?pcount@strstream@@QBEHXZ
??1ostrstream@@UAE@XZ
?unlockbuf@ios@@QAAXXZ
?underflow@strstreambuf@@UAEHXZ

kernel32

UpdateResourceW
SetProcessShutdownParameters
WriteConsoleOutputCharacterA
GetStartupInfoW
PeekConsoleInputW
SetCurrentDirectoryW
ScrollConsoleScreenBufferW
SetFileApisToOEM
GlobalAlloc
GetLogicalDriveStringsA
DeleteCriticalSection
GetEnvironmentStrings
SetConsoleActiveScreenBuffer
DeleteVolumeMountPointA
EnumLanguageGroupLocalesW
SetConsoleCursorMode
FoldStringA
_lopen
VirtualAlloc
FillConsoleOutputAttribute
ShowConsoleCursor
GetNumberOfConsoleFonts
lstrcmpA
OpenEventA
GetPriorityClass
GetCompressedFileSizeA
GetTickCount
GetLocalTime
SetFileShortNameW
EnumSystemCodePagesA
ChangeTimerQueueTimer
QueryDosDeviceA
SystemTimeToTzSpecificLocalTime
TerminateThread
GlobalCompact
GetExpandedNameA
LoadLibraryA
SystemTimeToFileTime
OpenProfileUserMapping
lstrcpyA
GetModuleHandleW
DnsHostnameToComputerNameW
VirtualProtectEx

olecli32

GenSetData
OleUpdate
ObjQueryType
LeSetHostNames
GenCopy
MfSaveToStream
DibChangeData
OleQueryProtocol
LeGetData
ErrShow
ErrClose
DibDraw
OleRelease
OleSetColorScheme
LeEnumFormat
OleSetLinkUpdateOptions
BmRelease
GenChangeData
ErrQueryOpen
OleQueryReleaseError
GenEqual
OleCreateFromClip
DibGetData
OleQueryClientVersion
LeSetBounds
OleQueryOpen
OleQueryBounds
PbCreateFromFile
LeCopyFromLink
OleQueryName
OleObjectConvert
OleCreate
LeUpdate
LeReconnect
OleEnumFormats
OleActivate
ErrObjectLong
ErrQueryProtocol
OleEqual
MfEqual
LeQueryOpen
LeQueryProtocol

crtdll

_mbbtype
isupper
_dup2
_copysign
_except_handler2
__threadhandle
_mbsbtype
memchr
strspn
wcslen
ctime
ceil
_cprintf
_execl
wcstoul
mbtowc
_scalb
_strdate
_snwprintf
_mbsnbcat
_ismbckata
rename
wctomb
_wtoi
_flushall
fopen
puts
ispunct
strcspn
_chdrive
strcoll
_CIpow
mblen
_finite
rand
atol
_rmdir
tolower

atl

AtlAdvise
AtlMarshalPtrInProc
AtlComQIPtrAssign
AtlModuleUnRegisterTypeLib
AtlWaitWithMessageLoop
AtlModuleRegisterTypeLib
AtlPixelToHiMetric
AtlGetVersion
AtlSetErrorInfo
AtlModuleRevokeClassObjects
DllGetClassObject
AtlCreateTargetDC
AtlModuleGetClassObject
AtlHiMetricToPixel
AtlAxCreateDialogW
AtlUnmarshalPtr
AtlDevModeW2A
AtlModuleAddCreateWndData
AtlModuleExtractCreateWndData
AtlAxWinInit
AtlAxCreateControl
AtlAxDialogBoxA
AtlAxCreateControlEx
AtlModuleTerm
AtlAxGetControl
AtlRegisterClassCategoriesHelper
AtlIPersistPropertyBag_Save
AtlModuleAddTermFunc
AtlModuleRegisterWndClassInfoW
AtlAxGetHost
AtlModuleUpdateRegistryFromResourceD
AtlGetObjectSourceInterface
AtlComPtrAssign
AtlIPersistStreamInit_Save

wtsapi32

WTSTerminateProcess
WTSOpenServerA
WTSSendMessageW
WTSShutdownSystem
WTSCloseServer
WTSEnumerateSessionsW
WTSVirtualChannelRead
WTSQuerySessionInformationW
WTSSetUserConfigW
WTSOpenServerW
WTSRegisterSessionNotification
WTSEnumerateServersW
WTSSetSessionInformationW
WTSVirtualChannelClose
WTSEnumerateProcessesW
WTSVirtualChannelQuery
WTSVirtualChannelOpen
WTSQueryUserConfigA
WTSEnumerateServersA
WTSEnumerateProcessesA
WTSVirtualChannelPurgeOutput
WTSVirtualChannelWrite
WTSQueryUserToken
WTSUnRegisterSessionNotification
WTSWaitSystemEvent
WTSVirtualChannelPurgeInput
WTSSendMessageA
WTSQuerySessionInformationA
WTSDisconnectSession
WTSFreeMemory
WTSLogoffSession
WTSSetUserConfigA
WTSSetSessionInformationA
WTSQueryUserConfigW
WTSEnumerateSessionsA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e64a3f13c180067ae19dbb7b38b1ee16

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcirt

kernel32

olecli32

crtdll

atl

wtsapi32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 46KB - Virtual size: 235KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 46KB - Virtual size: 235KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B