b9e2d8bcd7fd42ac315212af4054e7046d572ea64a500f316cad3af6da2a7b3a

Sharing

Copy URL

Twitter E-mail

General

Target

b9e2d8bcd7fd42ac315212af4054e7046d572ea64a500f316cad3af6da2a7b3a
Size

116KB
MD5

ecd647390306e6d0c18ea7ab0972ef1b
SHA1

32dc9ccf84a8a563fbec6365c4a413237656b3ae
SHA256

b9e2d8bcd7fd42ac315212af4054e7046d572ea64a500f316cad3af6da2a7b3a
SHA512

8e62ef5d01a82c2d4687d951b3752c60d9c8bfae5ed7d81ca1661457346a9b7c0e6df44feed1ec7e7018b8a177450253b8d7a29999eb34917196e62122fd40f6
SSDEEP

3072:J3RsSbJyK8ue7VDIGiw4EMcj7W4dcCZ6ilX2a:lRlFgZVHWMc86k

Score

N/A

Malware Config

Signatures

Files

b9e2d8bcd7fd42ac315212af4054e7046d572ea64a500f316cad3af6da2a7b3a
.dll windows x86

de89d19048f3a91af01d88bfe0997ce0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleOutputAttribute
GetConsoleWindow
AllocConsole
GetDriveTypeA
CreateSemaphoreA
CreateNamedPipeW
GetProcAddress
GetConsoleFontInfo
GetTimeFormatW
CreateConsoleScreenBuffer
ReleaseMutex
WriteFileEx
ReadConsoleA
Heap32First
CloseProfileUserMapping
GetConsoleCP
QueryPerformanceCounter
SetFilePointerEx
EnumDateFormatsExA
ReadConsoleInputW
ResumeThread
SetTapeParameters
GetModuleHandleA
FindFirstFileW
FillConsoleOutputAttribute
GetConsoleAliasExesW
IsValidCodePage
Heap32ListFirst
ReadConsoleInputA
WritePrivateProfileSectionW
FillConsoleOutputCharacterA
LoadLibraryExA
HeapSummary
GetDiskFreeSpaceW
GetFullPathNameA
CreateSemaphoreW
ExpungeConsoleCommandHistoryA
VirtualAlloc
WaitNamedPipeA
EnumCalendarInfoExW
EnumDateFormatsA
GetModuleHandleW
FreeResource
FoldStringA
WriteFileGather
CreateFileMappingW
PeekConsoleInputW
GetSystemTime
IsBadHugeWritePtr
GetLocalTime
ClearCommError
ExpandEnvironmentStringsA
GetConsoleCommandHistoryW
EnumDateFormatsW
WaitForSingleObject
SwitchToThread
WriteConsoleInputA
MapViewOfFile
FindNextChangeNotification
PeekConsoleInputA
SetConsoleNumberOfCommandsA
FreeLibrary
CreateMailslotW
AddConsoleAliasW
ReadConsoleOutputA
GetThreadTimes
GetFileInformationByHandle
OpenMutexW
LoadLibraryA
IsValidLocale
GetVersion
GetHandleInformation

user32

UnhookWinEvent
CharToOemBuffA
IsCharUpperW
EndDeferWindowPos
CloseWindow
RealChildWindowFromPoint
SetClipboardData
MessageBoxExW
UnionRect
GetMenuDefaultItem
GetCursor
DrawIcon
GetAltTabInfoA
CallNextHookEx
CharUpperBuffA
ChangeDisplaySettingsA
SendNotifyMessageA
GetWindowTextLengthA
CreateWindowStationA
GetWindowLongA
EnumDisplaySettingsExW
GetMenuItemID
ValidateRect
CreateIconFromResourceEx

advapi32

RegEnumValueW
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
LsaEnumerateTrustedDomainsEx
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmA
CloseEventLog
OpenSCManagerW
CryptGetUserKey
ConvertStringSidToSidW
GetFileSecurityA
GetPrivateObjectSecurity
SystemFunction026
SetEntriesInAclW
RegisterEventSourceA
ElfCloseEventLog
StartServiceCtrlDispatcherW
RemoveUsersFromEncryptedFile
GetTrusteeFormA
FindFirstFreeAce
LsaEnumeratePrivilegesOfAccount
SetThreadToken
ObjectPrivilegeAuditAlarmA
LsaLookupSids
LookupSecurityDescriptorPartsA
PrivilegedServiceAuditAlarmW
QueryServiceStatus
SystemFunction001
ConvertStringSidToSidA
CryptDuplicateHash
LsaGetRemoteUserName
SetPrivateObjectSecurity
TrusteeAccessToObjectA
OpenBackupEventLogA
CryptDuplicateKey
CreatePrivateObjectSecurity
PrivilegeCheck
CryptImportKey
LsaOpenSecret
EqualSid
AbortSystemShutdownA
CryptHashSessionKey
DeleteAce
ElfOpenEventLogA
DestroyPrivateObjectSecurity
QueryServiceConfigA
SetServiceBits
ElfReportEventW
SystemFunction005
SystemFunction033
SystemFunction024
GetMultipleTrusteeOperationA
FreeSid
LsaQueryDomainInformationPolicy
RegQueryValueA
CryptSetProviderExW
SetFileSecurityW
LsaCreateTrustedDomain
OpenSCManagerA
GetServiceKeyNameA
QueryServiceLockStatusW
GetAclInformation
RegDeleteKeyA
LsaQueryInfoTrustedDomain
StartServiceCtrlDispatcherA
ConvertSecurityDescriptorToAccessNamedA
CryptCreateHash
AccessCheckByTypeResultListAndAuditAlarmW
LsaOpenTrustedDomain
LsaGetQuotasForAccount
DuplicateToken
QueryServiceConfig2A
LsaSetInformationTrustedDomain
SetFileSecurityA
IsValidSecurityDescriptor
RegEnumValueA
LsaOpenPolicy
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaGetSystemAccessAccount
SystemFunction029
ReadEventLogA
I_ScSetServiceBitsW

shell32

StrChrIW
StrStrW

shlwapi

PathStripPathW
PathIsDirectoryW
StrTrimA
IntlStrEqWorkerW
StrPBrkA
PathIsUNCW
StrSpnA
PathFindExtensionA
IntlStrEqWorkerA
SHRegSetUSValueW
SHRegEnumUSKeyW
SHDeleteOrphanKeyA
UrlIsNoHistoryW
SHCreateShellPalette
SHRegGetUSValueW
PathSetDlgItemPathA
PathUnquoteSpacesA
PathIsFileSpecW
PathGetCharTypeA
PathMakeSystemFolderW
StrTrimW
PathMakeSystemFolderA
UrlApplySchemeW
StrSpnW
SHDeleteEmptyKeyA
PathGetDriveNumberA
PathSearchAndQualifyA
SHEnumKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerInstallFileA
VerQueryValueW

msvcrt

asin
fread
fclose
fwrite
difftime
fwprintf
feof
fprintf
_unlink
fseek
fputs
_ultow
memset
ftell
sprintf
ferror
fputc
__CxxFrameHandler
printf
fopen
fsetpos
_write

Exports

Exports

Fkihgzyc
Jlovk
Kgerivwema
Mfzcrzn
Vhuwlv
Wntvh
Xgpcnpocz
Yhhmtqv
Zjasjvf

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de89d19048f3a91af01d88bfe0997ce0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 6KB