0ecd927cd7e476ca039fbfa568ccaa0073638cb3674504de4e24c0417f2d2c0d

Sharing

Copy URL Twitter E-mail

General

Target

0ecd927cd7e476ca039fbfa568ccaa0073638cb3674504de4e24c0417f2d2c0d
Size

115KB
MD5

229fe5c0da782e66d0a5a9d4edba06a0
SHA1

ab5184c4c83b8926b3b316039f48b825f34dee02
SHA256

0ecd927cd7e476ca039fbfa568ccaa0073638cb3674504de4e24c0417f2d2c0d
SHA512

ee7d44311a07fc784646bea2e579c31aa0e1ada50c6162520f024a705782fde788314e885f50527dad75f83a6ab27e4bd5700401525a41aa013a485f37cf8d9d
SSDEEP

1536:qOIBCDR01Aj7TG/ZbJYXtMgoh6TCGniiBIJJWH26z4NG4Z+7BU9NG4Z+7BU2NG4Z:xvYJ+tMgoh6T3iTXWH2bKgKzK

Score

N/A

Malware Config

Signatures

Files

0ecd927cd7e476ca039fbfa568ccaa0073638cb3674504de4e24c0417f2d2c0d
.exe windows x86

71ed969fd11eba58d1a8fe7b70f79d6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluNurbsSurface
gluProject
gluNurbsCurve
gluNurbsCallback
gluNewNurbsRenderer
gluTessEndPolygon
gluBeginSurface
gluTessCallback
gluQuadricDrawStyle
gluQuadricNormals

user32

ChildWindowFromPointEx
IsChild
DestroyWindow
GetDesktopWindow
DialogBoxParamA
GetLastActivePopup
GetNextDlgGroupItem
EndDeferWindowPos
BeginDeferWindowPos
ShowWindowAsync
MessageBoxA

comctl32

ord17
FlatSB_GetScrollProp
DestroyPropertySheetPage
CreatePropertySheetPageA
PropertySheetA
ord6
FlatSB_SetScrollRange
FlatSB_SetScrollProp
CreatePropertySheetPageW
FlatSB_SetScrollInfo
ord5

advapi32

RegSaveKeyA
ClearEventLogW
ReportEventA
RegQueryValueA
GetTokenInformation
RegCreateKeyExA
RegisterEventSourceA

kernel32

WritePrivateProfileStringA
GetProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStructA
GetModuleHandleA
GetProcAddress
VirtualAlloc
GetLastError
GetFullPathNameA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetCurrentDirectoryA
GetDriveTypeA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetFilePointer
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetStdHandle
CloseHandle
CreateFileA
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetEndOfFile
LCMapStringA
LCMapStringW

secur32

ApplyControlToken
DecryptMessage
CompleteAuthToken
VerifySignature
DeleteSecurityContext
ExportSecurityContext
EncryptMessage
AcceptSecurityContext
FreeCredentialsHandle
MakeSignature

ws2_32

listen
bind
setsockopt
accept
getprotobyname
getsockname
getprotobynumber
gethostname
shutdown
sendto
ioctlsocket
select
socket
inet_addr

activeds

ord5
ord17
ord15
ord18
ord3
ord7
ord4
ord14
ord19

dciman32

DCIBeginAccess

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71ed969fd11eba58d1a8fe7b70f79d6d

Headers

File Characteristics

Imports

glu32

user32

comctl32

advapi32

kernel32

secur32

ws2_32

activeds

dciman32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 73KB - Virtual size: 73KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 73KB - Virtual size: 73KB