af56b895f4012bb1e820fa1d837a809bbe4c722b5f8ded7f112e2989252bc5f5

Sharing

Copy URL

Twitter E-mail

General

Target

af56b895f4012bb1e820fa1d837a809bbe4c722b5f8ded7f112e2989252bc5f5
Size

110KB
MD5

32480662e9c68fa7b6e1e19f1fe8ca3a
SHA1

b799bb7c8aad5600921bc9d623d55a8e406ef3e5
SHA256

af56b895f4012bb1e820fa1d837a809bbe4c722b5f8ded7f112e2989252bc5f5
SHA512

2743bfa0346d6149bde7abe9b3d92b99640ca8e897aa344005b5fb4779ad65faacce96c2825f6d1b4c9ff4681d98fa90a380f585281e09520cc611d587eb2393
SSDEEP

1536:xmeBaoexITOnd0v2JgyU1sOhqHt9kfm5Qbil3+RYBu3c1yrgJ2fk9aFzbQ5mPUm7:xmekJetBaeWdL4k6a9Dol20EGh

Score

N/A

Malware Config

Signatures

Files

af56b895f4012bb1e820fa1d837a809bbe4c722b5f8ded7f112e2989252bc5f5
.exe windows x86

52a0cef3d65a520fb2d6c947a2ce94fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
GetThreadDesktop
wsprintfA
wsprintfW
LoadStringW
CharNextA
CharPrevA
CharNextW
GetProcessWindowStation
CloseDesktop
CloseWindowStation
SetDlgItemTextW
EndDialog
DialogBoxParamW
SetWindowPos
CharPrevW
IsCharAlphaW
IsCharAlphaNumericW

kernel32

MultiByteToWideChar
VirtualQueryEx
GetModuleFileNameA
lstrcpyA
MoveFileExW
OpenEventW
SetEvent
GetWindowsDirectoryA
GetLastError
lstrcatA
CreateFileA
GetModuleFileNameW
lstrcmpiW
CreateFileW
GetFileSize
CloseHandle
SetFilePointer
GetLocalTime
lstrcatW
WriteFile
lstrlenW
lstrlenA
GetVersionExA
CreateMutexW
LoadLibraryExW
IsDebuggerPresent
GetCurrentProcess
GetThreadContext
GetCurrentThreadId
DebugBreak
TerminateProcess
CreateDirectoryW
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
SetFileAttributesW
DeleteFileW
ReleaseMutex
WaitForSingleObject
GetModuleHandleW
FindResourceW
LoadResource
LockResource
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
lstrcmpW
lstrcpynW
FindFirstFileW
lstrcpyW
FindClose
FindNextFileW
DeleteCriticalSection
ExpandEnvironmentStringsW
GetWindowsDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetComputerNameW
LocalFree
LocalAlloc
LocalSize
LocalReAlloc
GetCurrentThread
CompareStringW

ole32

CoCreateInstance
CoTaskMemRealloc
CLSIDFromString
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoGetObjectContext

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

advapi32

RegNotifyChangeKeyValue
RegOpenKeyExW
RegFlushKey
RegConnectRegistryW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegGetKeySecurity
RegSetKeySecurity
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
LookupAccountNameW
LookupAccountSidW
AllocateAndInitializeSid
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
InitializeAcl
BuildSecurityDescriptorW
BuildTrusteeWithNameW
FreeSid
AddAccessAllowedAce
GetLengthSid
AddAce
GetSecurityDescriptorDacl
GetSidSubAuthority
CopySid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LsaRetrievePrivateData
GetSidLengthRequired
GetSidSubAuthorityCount
LsaLookupNames
BuildTrusteeWithSidW
DestroyPrivateObjectSecurity
RegCloseKey
RegSetValueExW
RegCreateKeyExW
LsaStorePrivateData
LsaRemoveAccountRights
LsaEnumerateAccountRights
LsaAddAccountRights
LogonUserW
IsValidSecurityDescriptor
GetSecurityDescriptorLength
ImpersonateSelf
OpenThreadToken
RevertToSelf
CreatePrivateObjectSecurityEx

msvcrt

_waccess
_purecall
_wstrdate
realloc
free
__CxxFrameHandler
malloc
_wstrtime
_XcptFilter
wcslen
_wcsicmp
wcschr
wcstombs
vswprintf
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_exit
_c_exit
_strtime
_stricmp
clock
wcsstr
wcscpy

comres

COMResModuleInstance

ntdll

wcsrchr
wcscat
_alloca_probe
RtlUnwind
RtlInitializeCriticalSection
_chkstk
_vsnwprintf
wcscmp
_wcsnicmp

netapi32

DsGetDcNameW
NetApiBufferFree

version

VerQueryValueW

Exports

Exports

?GetRegNodeDispenser@@YGJPAPAUIRegNodeDispenser@@@Z

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52a0cef3d65a520fb2d6c947a2ce94fc

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

oleaut32

advapi32

msvcrt

comres

ntdll

netapi32

version

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 1024B - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

XOR
Size: 2KB - Virtual size: 2KB