b65f0147eb09bc1a37491eb651997bc8578c95f5ab437f514dcbcb0d8d1997ed

Sharing

Copy URL

Twitter E-mail

General

Target

b65f0147eb09bc1a37491eb651997bc8578c95f5ab437f514dcbcb0d8d1997ed
Size

55KB
MD5

8bf92beda952ad26fd4452e2e6c79139
SHA1

cb3272f16a73204514155a50e1d580013ec45145
SHA256

b65f0147eb09bc1a37491eb651997bc8578c95f5ab437f514dcbcb0d8d1997ed
SHA512

77dbf385b32db15f2c9939edb89beeb97f0d37e9f60c1a56510af9d73b3f228db39f3d28cd85e38239f299c1eeaa7b9e0e6be8b76c46be108db4bd55363b8746
SSDEEP

1536:2ZmN8CClZSZZD2fP8sIeqHQiN99fSYSh5:QvlZBWeEp91Sh5

Score

N/A

Malware Config

Signatures

Files

b65f0147eb09bc1a37491eb651997bc8578c95f5ab437f514dcbcb0d8d1997ed
.dll windows x86

e8f035a11a30b3d2d03ab697276bd675

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcstoul
isdigit
towupper
wcscspn
NtSetQuotaInformationFile

mnmddmod

CtfImmRestoreToolbarWnd
ImmSetCandidateWindow
ImmGetAppCompatFlags
SdbReadQWORDTag
ImmActivateLayout
PathIsSlowA
ILCreateFromPathA
DAD_AutoScroll
ImmReleaseContext
ImmSimulateHotKey
SdbReadMsiTransformInfo
PathResolve
ImmAssociateContext
ImmSystemHandler
ExtractIconResInfoA
RealShellExecuteExA
ImmGetConversionStatus
ImmSendIMEMessageExA
ImmGetIMEFileNameA
FreeIconList
ImmDestroySoftKeyboard
ExtractAssociatedIconExA
PifMgr_GetProperties
CtfAImmIsIME
SdbGetEntryFlags
SdbGetDatabaseID
ReadCabinetState
DAD_DragLeave
ImmGetIMCCSize
SdbFindNextTagRef
CtfImmCoUninitialize
Control_FillCache_RunDLL
SdbOpenApphelpDetailsDatabaseSP
CtfImmTIMActivate
ILRemoveLastID
DoEnvironmentSubstA
ImmGetVirtualKey
SdbTagIDToTagRef
ILGetSize
ExtractIconExA
CheckEscapesA
ImmConfigureIMEA

user32

ShowWindow
PostQuitMessage
GetCursorPos
BringWindowToTop
GetIconInfo
GetSystemMetrics
SetTimer
InvalidateRgn
GetMenuItemID
ScreenToClient

advapi32

InitializeAcl

kernel32

SetLastError
GetTapeParameters
GetModuleHandleA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetErrorMode
SystemTimeToFileTime
CreateFileMappingA
GetTimeZoneInformation
HeapFree
PrepareTape
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeThread
GetLastError
SetEndOfFile
VirtualQueryEx
GetCurrentThreadId
LocalAlloc

netapi32

NetWkstaGetInfo

shell32

SHGetSpecialFolderLocation

ole32

CoCreateInstance
CLSIDFromString

Exports

Exports

CreateProcessNotify
diskec32

Sections

.text
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8f035a11a30b3d2d03ab697276bd675

Headers

File Characteristics

Imports

ntdll

mnmddmod

user32

advapi32

kernel32

netapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 48KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 46KB - Virtual size: 48KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB