a6e95b5fa155a9758a5ede524a8c869d930b6a3251a2b4363545b528d08b8086

Sharing

Copy URL Twitter E-mail

General

Target

a6e95b5fa155a9758a5ede524a8c869d930b6a3251a2b4363545b528d08b8086
Size

862KB
MD5

c7d2d315103087f233ff82c61e3f41f9
SHA1

c4b70bbdf00c4f83b770e5d1babbcedabcf1b59d
SHA256

a6e95b5fa155a9758a5ede524a8c869d930b6a3251a2b4363545b528d08b8086
SHA512

d42f02d5ee95f5f673b7c05835657332a4dd8b54faf80e0f9704924cc1710e97660264462f15bd92c9bc428a8be8de1cca9618e7d691405b6ec9397af1f08ca9
SSDEEP

24576:olZM0/r9LyiYlPkN+W58WAplyizyORHmrDRF:cMaWl6qWAplyiz7HmrDRF

Score

N/A

Malware Config

Signatures

Files

a6e95b5fa155a9758a5ede524a8c869d930b6a3251a2b4363545b528d08b8086
.exe windows x86

2b03fd142fd1aa4ecc573a2eb0758ec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

FIsSpaceA
FMissingCert
HrStreamToByte
PszAllocW
HrCheckTridentMenu
HrIndexOfMonth
CryptAllocFunc
PVGetCertificateParam
StripCRLF
HrCopyStreamCB
PszSkipWhiteW
PszAllocA
RicheditStreamOut
RicheditStreamIn
_MSG
CreateNotify
PszEscapeMenuStringA
StrToUintA
HrGetStyleSheet
FIsValidFileNameCharW
ReplaceChars
HrGetStreamPos
GetHtmlCharset
StrToUintW
CchFileTimeToDateTimeSz
FIsHTMLFileW
MessageBoxInstW
HrGetCertificateParam
CrackNotificationPackage
PszMonthFromIndex
UpdateRebarBandColors
GetExePath
HrIsStreamUnicode
HrGetCertKeyUsage
HrCreateTridentMenu

dnsapi

Dns_WriteRecordStructureToPacketEx
DnsRecordCopyEx
Dns_ReadPacketNameAllocate
DnsUtf8ToUnicode
DnsNotifyResolverEx
DnsIsStringCountValidForTextType
Dns_SendAndRecvUdp
Query_Main
NetInfo_Free
DnsQueryConfig
DnsFlushResolverCacheEntry_W
DnsIpv6AddressToString
DnsAcquireContextHandle_W
DnsWriteQuestionToBuffer_UTF8
DnsApiHeapReset
DnsIsStatusRcode
Dns_ReadRecordStructureFromPacket
DnsUpdateTest_UTF8
Dns_SkipPacketName
DnsApiRealloc
Dns_WriteDottedNameToPacket
DnsQuery_A
DnsRecordListFree
DnsAsyncRegisterHostAddrs
NetInfo_Clean
DnsUpdate
DnsQueryExW
DnsCopyStringEx
DnsModifyRecordsInSet_UTF8
DnsQuery_W
DnsUpdateTest_W
DnsGetBufferLengthForStringCopy
Dns_CreateMulticastSocket

cryptdlg

CertViewPropertiesW
EncodeRecipientID
CertModifyCertificatesToTrust
GetFriendlyNameOfCertW
DecodeAttrSequence
CertSelectCertificateW
FormatVerisignExtension
CertConfigureTrustA
CertViewPropertiesA
CertTrustInit
CertTrustCleanup
DecodeRecipientID
CertSelectCertificateA
GetFriendlyNameOfCertA
CertConfigureTrustW
EncodeAttrSequence
FormatPKIXEmailProtection
CertTrustFinalPolicy
CertTrustCertPolicy

shlwapi

UrlHashA
StrCatBuffA
UrlApplySchemeA
SHRegQueryUSValueW
PathFindNextComponentA
PathIsFileSpecW
SHOpenRegStreamA
PathCombineW
PathRemoveFileSpecW
PathIsUNCW
UrlEscapeA
UrlIsNoHistoryA
StrChrNW
SHRegDuplicateHKey
PathRemoveBackslashA
SHDeleteEmptyKeyA
StrSpnW
PathIsRelativeW
PathFindOnPathW
PathCommonPrefixA
PathSetDlgItemPathW
StrToInt64ExW
StrChrIA
SHRegCloseUSKey
PathIsSameRootW
PathIsFileSpecA
SHOpenRegStream2A
PathUndecorateW
StrStrA
StrCatChainW
UrlIsNoHistoryW
SHRegQueryUSValueA
AssocCreate
SHRegGetUSValueA
SHDeleteValueW
StrDupA
PathIsContentTypeA
UrlIsOpaqueA
StrRChrIW
SHDeleteValueA
PathIsUNCServerShareA
UrlCreateFromPathA
SHRegWriteUSValueW

kernel32

SetConsoleKeyShortcuts
SetHandleContext
SetConsoleNumberOfCommandsA
GetFileSize
SuspendThread
SetConsoleMaximumWindowSize
LZCopy
GetOEMCP
GetWindowsDirectoryW
GetConsoleCommandHistoryLengthA
GetLocaleInfoW
IsBadStringPtrW
SetLocaleInfoW
BindIoCompletionCallback
DeviceIoControl
EnumCalendarInfoW
LocalAlloc
CreateFileA
GetFileAttributesExW
DosPathToSessionPathA
DeleteFileA
ReadConsoleA
LocalSize
ReadConsoleInputExW
EnumDateFormatsW
SetFileShortNameA
VirtualAlloc
GetCurrentProcessId
CancelIo
RemoveDirectoryA
GetProcessAffinityMask
GlobalAddAtomA
LZCloseFile
lstrcat
GetGeoInfoA
LocalLock
_lwrite
GlobalAlloc
GetFileInformationByHandle
QueryInformationJobObject
SetFileAttributesA
FreeEnvironmentStringsA
GlobalGetAtomNameW
ExitProcess
LoadLibraryA
AllocateUserPhysicalPages
CompareFileTime
HeapAlloc

msls31

LsFetchAppendToCurrentSublineResume
LsQueryFLineEmpty
LsdnQueryPenNode
LsCreateSubline
LsEnumLine
LsGetHihLsimethods
LsdnFinishByPen
LsCreateLine
LsMatchPresSubline
LssbGetObjDimSubline
LsExpandSubline
LsEnumSubline
LssbGetNumberDnodesInSubline
LsdnResetPenNode
LsResetRMInCurrentSubline
LsdnResolvePrevTab
LsdnFinishByOneChar
LsSqueezeSubline
LsCompressSubline
LssbFDonePresSubline
LsQueryPointPcpSubline
LsQueryLineDup
LsGetTatenakayokoLsimethods
LsdnSkipCurTab
LssbGetVisibleDcpInSubline
LsSetExpansion
LsdnDistribute
LsSetDoc
LsForceBreakSubline
LsFinishCurrentSubline
LsdnQueryObjDimRange
LsGetLineDur
LsSetBreakSubline
LssbGetDurTrailInSubline

sqlunirl

_SetWindowsHookEx_@16
_NDdeSetTrustedShare_@12
_GetBinaryType_@8
_WritePrivateProfileSection_@12
_ReportEvent_@36
_BroadcastSystemMessage_@20
_CreateScalableFontResource_@16
_ReadEventLog_@28
_TabbedTextOut_@32
_CreateDirectoryEx_@12
_CreateWindowStation_@16
_OpenWaitableTimer_@12
_GetUserName@8
_RegisterClassEx_@4
_NDdeShareSetInfo_@24
_CreateWaitableTimer_@12
_GetTempFileName_@16
_IsCharLower_@4
_RegQueryInfoKey_@48
_CreateMutex_@12
_CharToOemBuff_@12
_GetProcAddress_@8
_InitiateSystemShutdown_@20
_EnumWindowStations_@8
_SetUserObjectInformation_@16
_GetCharWidthFloat_@16
_GetTextFace_@12
_RegisterClass_@4
_MoveFileEx_@12
_VerQueryValue_@16
_NDdeIsValidAppTopicList_@4
_CreateNamedPipe_@32
_RegisterServiceCtrlHandler_@8
_GetOpenFileName@4
_EnumServicesStatus_@32

Sections

.text
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b03fd142fd1aa4ecc573a2eb0758ec4

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

dnsapi

cryptdlg

shlwapi

kernel32

msls31

sqlunirl

Sections

.text Size: 357KB - Virtual size: 357KB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 156KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 357KB - Virtual size: 357KB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 156KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B