bb34cc1cfe527a4c716479c232e634aad6c821a2756d6660bd7777facbe86365

Sharing

Copy URL Twitter E-mail

General

Target

bb34cc1cfe527a4c716479c232e634aad6c821a2756d6660bd7777facbe86365
Size

128KB
MD5

042db9d1ed4bbe9bbea347cb40ba99ed
SHA1

2ed396385307877695d47f49ac387054d54cc34e
SHA256

bb34cc1cfe527a4c716479c232e634aad6c821a2756d6660bd7777facbe86365
SHA512

203ed628154e99582b2caa28547b9148fab60b8d212b38b7e0b6f77470aff59ee3a6e72e1f9d10317dfe6fd1cac695cf0dd5c9a0182b1f533436313762b8e58c
SSDEEP

3072:Rz6u7JN++Lo4WqCO8OYrGSWFahc88/XV1X9js:97J7ozFQDFay8CnX

Score

N/A

Malware Config

Signatures

Files

bb34cc1cfe527a4c716479c232e634aad6c821a2756d6660bd7777facbe86365
.dll windows x86

ef26d7c9fb03d5bc461adfa79e39d038

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoExA
FreeResource
GetConsoleFontSize
SetCommState
QueueUserWorkItem
SetFileAttributesW
GetCurrentDirectoryA
SetConsoleMenuClose
FatalAppExitA
WaitNamedPipeW
GetModuleHandleA
BuildCommDCBW
ReadConsoleOutputA
CreateDirectoryExA
GetLocaleInfoW
TransmitCommChar
GetModuleFileNameA
GlobalFindAtomW
FileTimeToSystemTime
SetThreadAffinityMask
LocalShrink
TerminateJobObject
GetProcAddress
SetConsoleScreenBufferSize
VerLanguageNameW
lstrcpyA
OpenMutexA
BeginUpdateResourceW
FindNextChangeNotification
EnumResourceLanguagesA
lstrcatA
OpenProcess
MoveFileWithProgressA
GetSystemTime
SetConsoleIcon
ReadConsoleInputExW
GetCommTimeouts
VerLanguageNameA
EnumSystemCodePagesA
CreateThread
EnumSystemLocalesW
LoadLibraryA
CreateProcessW
CommConfigDialogW
GetTempPathW
ExitThread
CancelTimerQueueTimer
GenerateConsoleCtrlEvent
SetConsoleNumberOfCommandsW
GetLargestConsoleWindowSize
IsBadStringPtrA
CreateFileA
InvalidateConsoleDIBits
_lread
WriteConsoleOutputAttribute
GetPriorityClass
Process32FirstW
EnumCalendarInfoExW
SetDefaultCommConfigW
SetCommBreak
_lwrite
WideCharToMultiByte
WritePrivateProfileStructW
GetOEMCP
GlobalUnfix
GetConsoleCommandHistoryW
WriteConsoleInputA
EnumDateFormatsExW
SignalObjectAndWait
GetCommandLineA
IsValidLocale
GetBinaryTypeA
GlobalUnlock
GetCommModemStatus
GetVersion
GetFileInformationByHandle
WaitForMultipleObjectsEx
GetTapePosition
GetConsoleAliasW
FindClose
SetConsoleCtrlHandler
SetVolumeLabelW
ReadConsoleW
GlobalGetAtomNameW
SetTimeZoneInformation
GetExitCodeProcess
PurgeComm
UTRegister
GetConsoleAliasesW
GetConsoleTitleW
UpdateResourceA
GetStartupInfoA
ConnectNamedPipe
GetConsoleCP
TransactNamedPipe
GetDiskFreeSpaceExW
AreFileApisANSI
GetPrivateProfileStructW
VirtualAlloc
GetHandleInformation

user32

GetForegroundWindow
GrayStringW
GetWindowModuleFileNameA
SetScrollRange
DdeEnableCallback
CharUpperW
IsCharUpperW
GrayStringA
AllowSetForegroundWindow
GetWindowThreadProcessId
TranslateAcceleratorW
IsClipboardFormatAvailable
DestroyAcceleratorTable
RegisterDeviceNotificationA
IsWindowVisible
PostQuitMessage
GetClassNameA
OemKeyScan
VkKeyScanExA
PtInRect
IMPGetIMEA
RegisterClipboardFormatA
ScrollWindow
IMPSetIMEA
SetTimer
InSendMessageEx
DefMDIChildProcW
InsertMenuA
DialogBoxIndirectParamA
DdeUnaccessData
LoadCursorFromFileW
SetWindowsHookExW
GetMenuState
ShowCaret
MoveWindow

advapi32

SetFileSecurityW
AllocateAndInitializeSid
RegOpenKeyA
AccessCheckByType
LsaOpenTrustedDomain
CryptDuplicateHash
LsaAddAccountRights
AdjustTokenGroups
SystemFunction030
InitializeSecurityDescriptor
FileEncryptionStatusA
GetOverlappedAccessResults
BuildImpersonateExplicitAccessWithNameA
SystemFunction022
ObjectOpenAuditAlarmA
CryptSetProviderW
RegQueryValueA
RegLoadKeyA
LsaQueryDomainInformationPolicy
LsaOpenAccount
SystemFunction006
GetNamedSecurityInfoExA
RemoveUsersFromEncryptedFile
LookupAccountSidA
GetMultipleTrusteeOperationW
ElfCloseEventLog
SetPrivateObjectSecurityEx
LsaNtStatusToWinError
GetAce
GetServiceDisplayNameW
GetCurrentHwProfileW
LsaSetSystemAccessAccount
AccessCheck
SetNamedSecurityInfoA
ElfClearEventLogFileW
GetSecurityInfoExW
EnumServicesStatusW
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExW
LsaSetTrustedDomainInformation
RegLoadKeyW
SystemFunction009
InitiateSystemShutdownA
AdjustTokenPrivileges
RegFlushKey
ObjectOpenAuditAlarmW
GetSidSubAuthority
DuplicateToken
SetSecurityDescriptorDacl
GetTokenInformation
SetUserFileEncryptionKey
CryptEnumProviderTypesA
RegQueryInfoKeyA
SetSecurityInfoExA
GetSidIdentifierAuthority
GetKernelObjectSecurity
GetExplicitEntriesFromAclA
OpenProcessToken
SetNamedSecurityInfoW
AddAccessAllowedAceEx
SetSecurityInfoExW
RegCreateKeyExA
LsaQueryInformationPolicy
RegCloseKey
GetSecurityDescriptorGroup
LsaSetQuotasForAccount
ConvertSecurityDescriptorToStringSecurityDescriptorW
LsaEnumerateAccountsWithUserRight

comctl32

ImageList_AddMasked
ImageList_DragShowNolock
ord4
ImageList_SetFilter
CreatePropertySheetPageW
ord3
InitializeFlatSB
ImageList_Create
FlatSB_SetScrollProp
ImageList_Merge
ord16
UninitializeFlatSB
ImageList_GetIcon
ord13
ImageList_DrawIndirect
ord7
ImageList_GetImageRect
FlatSB_GetScrollRange
FlatSB_ShowScrollBar
ImageList_AddIcon
ImageList_GetBkColor
ImageList_Add
CreateToolbarEx
ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetDragImage
ord2
FlatSB_SetScrollPos
ImageList_GetIconSize
DestroyPropertySheetPage
ImageList_DrawEx
ImageList_GetImageCount
_TrackMouseEvent
ImageList_SetImageCount
ImageList_Draw
FlatSB_SetScrollInfo
ord14
CreateStatusWindowW
ImageList_DragEnter
PropertySheetW
ImageList_LoadImageA
ord8
ord5
ImageList_EndDrag
PropertySheetA
InitCommonControlsEx
DrawStatusTextW
ImageList_LoadImageW
ImageList_BeginDrag
FlatSB_EnableScrollBar
ImageList_Duplicate
ImageList_SetIconSize
FlatSB_SetScrollRange
ImageList_SetDragCursorImage
ImageList_Replace
ImageList_DragLeave
ImageList_DragMove
FlatSB_GetScrollInfo
ord6
ImageList_Copy
ImageList_Read

opengl32

glTexCoord4d
glMateriali
glGetTexEnvfv
glMaterialfv
glDisable
glTexCoordPointer
glAlphaFunc
glVertex4i
glCallLists
glRasterPos4f
glRectsv

shell32

StrRStrIA
ord179
SHQueryRecycleBinW
SheGetDirA
SHGetDataFromIDListW
CommandLineToArgvW
ShellExecuteA
ExtractIconW
SHGetFileInfoW

shlwapi

PathCombineW
UrlUnescapeW
SHRegQueryInfoUSKeyA
PathIsRelativeW
PathAddBackslashW
PathSkipRootA
PathMatchSpecW
PathUnmakeSystemFolderA
PathQuoteSpacesA
SHRegCreateUSKeyW
PathUnquoteSpacesW
PathSetDlgItemPathW
PathFindNextComponentA
PathCompactPathExA
PathIsSameRootA
UrlUnescapeA
SHDeleteValueA
SHRegDeleteUSValueW
PathMakePrettyA
ChrCmpIW
StrDupA
StrFormatByteSizeA
UrlCreateFromPathA
PathIsUNCServerShareW
StrFromTimeIntervalW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerInstallFileA
VerFindFileA
VerInstallFileW
VerFindFileW
VerQueryValueW

winmm

mmioSetInfo
midiOutMessage
mciGetDeviceIDA
sndPlaySoundA
joyGetNumDevs
midiDisconnect
mixerGetDevCapsA
mmioAscend
mciGetErrorStringW
midiStreamClose
mixerGetControlDetailsA
joyConfigChanged
mmGetCurrentTask
midiInPrepareHeader
midiStreamOut
timeGetDevCaps
midiStreamStop
joyGetPosEx
waveOutUnprepareHeader
midiOutGetVolume
mixerGetLineControlsW
midiStreamPause
mmioOpenA
mciGetDeviceIDFromElementIDW
mixerGetLineInfoW
waveInGetDevCapsW
mciSetYieldProc
midiInMessage
mixerMessage
joyGetDevCapsW
mciDriverNotify
midiInGetErrorTextA
wid32Message
aux32Message
joySetCapture
waveInClose
mmsystemGetVersion
mixerGetLineInfoA
waveOutGetPosition
midiOutReset
waveOutGetDevCapsW
DrvGetModuleHandle
midiInGetNumDevs
sndPlaySoundW
waveOutRestart
mmioDescend
waveInGetErrorTextA
midiStreamRestart
mmioInstallIOProcW
mmTaskYield
waveOutGetErrorTextW
mixerOpen
midiStreamProperty
mixerGetDevCapsW
mciSendCommandW
SendDriverMessage
timeSetEvent
mmioRenameW
midiOutCachePatches
tid32Message
midiOutUnprepareHeader
midiOutPrepareHeader
CloseDriver
mxd32Message
joySetThreshold
mciDriverYield
waveOutSetPlaybackRate
mmioFlush
mmTaskBlock
waveInGetPosition
mmTaskCreate
waveInGetErrorTextW
mmioInstallIOProcA
mmioClose
mci32Message

msvcrt

_chdir
fclose
_wsplitpath
calloc
wcsncmp
_wtol
_creat
_strerror
isgraph
_gcvt
fread
fprintf
difftime
mblen
fwrite
feof
toupper
__CxxLongjmpUnwind
__isascii
ftell
_getch
_ismbcalnum
_wmktemp
fputc
isalpha
_except_handler3
memcpy
_wctime
_pipe
_mbctolower
sprintf
fgetwc
_mbctoupper
_ultow
wcstod
ldexp
memset
_putw
__lc_collate_cp
_splitpath
_wstati64
fsetpos
_wfindnexti64
_winmajor
__dllonexit
_spawnle
_wsopen
_ismbclegal
_Getmonths
_CxxThrowException
_filelength
__unDName
fseek
_wsearchenv
clock
__iscsym
_fpclass
iswpunct
tmpnam
__pioinfo
_findfirst
_mbsdec
fopen
_ctype
_mbsrchr
fwprintf
iswlower
_CIlog
_wfindnext
_wspawnlp
_getdrive
fputs
_safe_fprem
_sleep
wcsspn
_assert
__p__amblksiz
_mbsnset
atoi
_mbscmp
strncmp
sin
_ismbcl2
_mbsicoll
_mbsnbicmp
_mbsncmp
_mbscoll
_mbslen
_mbccpy
_mbsnbset
_futime
_outp
__p__daylight
printf
_unlink
_wgetcwd
_wfopen
ferror

Exports

Exports

Ckkbqqnfok
Eozehdaslw
Gpmfmyk
Izghrz
Oohtittg
Raqwhptnzw
Sldagbcn

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef26d7c9fb03d5bc461adfa79e39d038

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

opengl32

shell32

shlwapi

version

winmm

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 6KB