ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b

Sharing

Copy URL

Twitter E-mail

General

Target

ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b
Size

116KB
MD5

1265983f39459b96845ccb01c04b7067
SHA1

1f92e2e6d094ac345ce245f62fff1fe8b8cc87d3
SHA256

ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b
SHA512

a00a6457d98b52ae808353d2bd5aa872c1f976277ac1aa4c7dce16ae674c733e9322c9660e03bebe26b8d21a16b42c1a76d11bf90eda5417b6b6dc3d5850c032
SSDEEP

3072:BxuUD6ZDaBfzfBU9r4fdhbNp7fzNv6Jo6qWTRDpiU:ekQDa1fznbJv6a6qKRj

Score

N/A

Malware Config

Signatures

Files

ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b
.dll windows x86

f2e61faf1fee449f9fb850e464be2125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleOutputAttribute
GetConsoleWindow
AllocConsole
GetDriveTypeA
CreateSemaphoreA
CreateNamedPipeW
GetConsoleFontInfo
GetTimeFormatW
CreateConsoleScreenBuffer
ReleaseMutex
WriteFileEx
ReadConsoleA
Heap32First
CloseProfileUserMapping
GetConsoleCP
QueryPerformanceCounter
SetFilePointerEx
EnumDateFormatsExA
ReadConsoleInputW
GetVersion
ResumeThread
SetTapeParameters
GetModuleHandleA
FindFirstFileW
FillConsoleOutputAttribute
GetConsoleAliasExesW
IsValidCodePage
Heap32ListFirst
ReadConsoleInputA
WritePrivateProfileSectionW
FillConsoleOutputCharacterA
LoadLibraryExA
HeapSummary
GetDiskFreeSpaceW
GetFullPathNameA
CreateSemaphoreW
ExpungeConsoleCommandHistoryA
GetHandleInformation
WaitNamedPipeA
EnumCalendarInfoExW
EnumDateFormatsA
GetModuleHandleW
FreeResource
FoldStringA
WriteFileGather
CreateFileMappingW
PeekConsoleInputW
GetSystemTime
IsBadHugeWritePtr
GetLocalTime
ClearCommError
ExpandEnvironmentStringsA
GetConsoleCommandHistoryW
EnumDateFormatsW
WaitForSingleObject
SwitchToThread
WriteConsoleInputA
MapViewOfFile
FindNextChangeNotification
PeekConsoleInputA
SetConsoleNumberOfCommandsA
FreeLibrary
CreateMailslotW
AddConsoleAliasW
ReadConsoleOutputA
GetThreadTimes
GetFileInformationByHandle
OpenMutexW
GetProcAddress
IsValidLocale
VirtualAlloc
LoadLibraryA

user32

UnhookWinEvent
CharToOemBuffA
IsCharUpperW
EndDeferWindowPos
CloseWindow
RealChildWindowFromPoint
SetClipboardData
MessageBoxExW
UnionRect
GetMenuDefaultItem
GetCursor
DrawIcon
GetAltTabInfoA
CallNextHookEx
CharUpperBuffA
ChangeDisplaySettingsA
SendNotifyMessageA
GetWindowTextLengthA
CreateWindowStationA
GetWindowLongA
EnumDisplaySettingsExW
GetMenuItemID
ValidateRect
CreateIconFromResourceEx

advapi32

RegEnumValueW
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
LsaEnumerateTrustedDomainsEx
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmA
CloseEventLog
OpenSCManagerW
CryptGetUserKey
ConvertStringSidToSidW
GetFileSecurityA
GetPrivateObjectSecurity
SystemFunction026
SetEntriesInAclW
RegisterEventSourceA
ElfCloseEventLog
StartServiceCtrlDispatcherW
RemoveUsersFromEncryptedFile
GetTrusteeFormA
FindFirstFreeAce
LsaEnumeratePrivilegesOfAccount
SetThreadToken
ObjectPrivilegeAuditAlarmA
LsaLookupSids
LookupSecurityDescriptorPartsA
PrivilegedServiceAuditAlarmW
QueryServiceStatus
SystemFunction001
ConvertStringSidToSidA
CryptDuplicateHash
LsaGetRemoteUserName
SetPrivateObjectSecurity
TrusteeAccessToObjectA
OpenBackupEventLogA
CryptDuplicateKey
CreatePrivateObjectSecurity
PrivilegeCheck
CryptImportKey
LsaOpenSecret
EqualSid
AbortSystemShutdownA
CryptHashSessionKey
DeleteAce
ElfOpenEventLogA
DestroyPrivateObjectSecurity
QueryServiceConfigA
SetServiceBits
ElfReportEventW
SystemFunction005
SystemFunction033
SystemFunction024
GetMultipleTrusteeOperationA
FreeSid
LsaQueryDomainInformationPolicy
RegQueryValueA
CryptSetProviderExW
SetFileSecurityW
LsaCreateTrustedDomain
OpenSCManagerA
GetServiceKeyNameA
QueryServiceLockStatusW
GetAclInformation
RegDeleteKeyA
LsaQueryInfoTrustedDomain
StartServiceCtrlDispatcherA
ConvertSecurityDescriptorToAccessNamedA
CryptCreateHash
AccessCheckByTypeResultListAndAuditAlarmW
LsaOpenTrustedDomain
LsaGetQuotasForAccount
DuplicateToken
QueryServiceConfig2A
LsaSetInformationTrustedDomain
SetFileSecurityA
IsValidSecurityDescriptor
RegEnumValueA
LsaOpenPolicy
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaGetSystemAccessAccount
SystemFunction029
ReadEventLogA
I_ScSetServiceBitsW

shell32

StrChrIW
StrStrW

shlwapi

PathStripPathW
PathIsDirectoryW
StrTrimA
IntlStrEqWorkerW
StrPBrkA
PathIsUNCW
StrSpnA
PathFindExtensionA
IntlStrEqWorkerA
SHRegSetUSValueW
SHRegEnumUSKeyW
SHDeleteOrphanKeyA
UrlIsNoHistoryW
SHCreateShellPalette
SHRegGetUSValueW
PathSetDlgItemPathA
PathUnquoteSpacesA
PathIsFileSpecW
PathGetCharTypeA
PathMakeSystemFolderW
StrTrimW
PathMakeSystemFolderA
UrlApplySchemeW
StrSpnW
SHDeleteEmptyKeyA
PathGetDriveNumberA
PathSearchAndQualifyA
SHEnumKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerInstallFileA
VerQueryValueW

msvcrt

asin
fread
fclose
fwrite
difftime
fwprintf
feof
fprintf
_unlink
fseek
fputs
_ultow
memset
ftell
sprintf
ferror
fputc
__CxxFrameHandler
printf
fopen
fsetpos
_write

Exports

Exports

Euanrhbnai
Pfzdxv
Rkucu
Rxrqkioit
Vbveiu

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2e61faf1fee449f9fb850e464be2125

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 5KB