0d4847dabacb2ec0c0b4e39e97e32d17dc332c2a1bf966f456a0773303ea60e6

Sharing

Copy URL Twitter E-mail

General

Target

0d4847dabacb2ec0c0b4e39e97e32d17dc332c2a1bf966f456a0773303ea60e6
Size

824KB
MD5

137881243442b2890536fbacd72eaaac
SHA1

552404099d8171bb97ef5504a1533566b167d5a9
SHA256

0d4847dabacb2ec0c0b4e39e97e32d17dc332c2a1bf966f456a0773303ea60e6
SHA512

49d8dada96a6948a49701ec0adbb4d2f3f74e061d23616a6d20c9367793eeb3a698f4b03ad5d458a58c615c3a025dd3e9ac5b327e7cbe9f67efaf77e3e0bac85
SSDEEP

12288:HG3Y3P50WYefeulsm7LAHslNEKRXG6vxujF4tFPUVw3T+Pfxwjf:H5/50WY4LH7LAe9YGLcV3kf

Score

N/A

Malware Config

Signatures

Files

0d4847dabacb2ec0c0b4e39e97e32d17dc332c2a1bf966f456a0773303ea60e6
.exe windows x86

71534d9b51423d668476036706f0943a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hlink

HlinkPreprocessMoniker
HlinkResolveMonikerForData
HlinkCreateFromString
HlinkCreateShortcutFromString
HlinkNavigateToStringReference
HlinkSetSpecialReference
HlinkParseDisplayName
HlinkGetValueFromParams
HlinkOnRenameDocument
HlinkGetSpecialReference
HlinkClone
HlinkCreateBrowseContext
HlinkResolveShortcut
HlinkResolveShortcutToMoniker
HlinkNavigate
HlinkCreateExtensionServices
HlinkQueryCreateFromData
HlinkOnNavigate
HlinkTranslateURL
HlinkUpdateStackItem
HlinkCreateShortcut
HlinkCreateShortcutFromMoniker
HlinkCreateFromData
HlinkCreateFromMoniker
HlinkResolveStringForData
HlinkIsShortcut
OleSaveToStreamEx
HlinkResolveShortcutToString

ntlanman

NPAddConnection3
NPGetConnection3
NPCloseEnum
NPGetConnectionPerformance
DllMain
NPGetResourceParent
NPOpenEnum
NPAddConnection
NPGetUser
I_SystemFocusDialog
NPGetCaps
NPGetConnection
NPFormatNetworkName
NPGetReconnectFlags
NPGetUniversalName
NPCancelConnection
NPGetResourceInformation
NPEnumResource

ole32

CoRegisterPSClsid
StringFromGUID2
PropStgNameToFmtId
IsValidPtrIn
CoFileTimeToDosDateTime
DllGetClassObjectWOW
CLSIDFromString
CoEnableCallCancellation
OpenOrCreateStream
PropSysAllocString
OleCreateLinkFromData
CoGetInterceptorFromTypeInfo
CoDisableCallCancellation
CoInvalidateRemoteMachineBindings
CoReactivateObject
STGMEDIUM_UserSize
ReadClassStg
CoQueryReleaseObject
OleCreate
CoUnmarshalHresult
PropVariantChangeType
CoRegisterChannelHook
StgPropertyLengthAsVariant
OleCreateLinkToFileEx
OleCreateLinkFromDataEx
CoAddRefServerProcess
OleRegEnumFormatEtc
SNB_UserFree
HBRUSH_UserSize
HDC_UserSize
CoTestCancel
StringFromIID

kernel32

GetVolumePathNameA
FindResourceW
GetHandleInformation
OutputDebugStringW
GetProcessTimes
EraseTape
TransactNamedPipe
UnregisterWaitEx
GetConsoleProcessList
ExpandEnvironmentStringsA
RemoveDirectoryW
GetModuleHandleA
GetNumberFormatA
VerifyVersionInfoW
ReadDirectoryChangesW
GetFileAttributesW
GetBinaryTypeA
HeapAlloc
GetConsoleAliasesW
LZStart
VirtualLock
GetCommState
ExitProcess
CopyFileExA
SetCommTimeouts
VirtualAlloc
CreateToolhelp32Snapshot
VerifyVersionInfoA
LoadLibraryExW
SetMailslotInfo
GetACP
LoadLibraryA
CreateDirectoryA
CreateThread
MulDiv

advapi32

GetServiceKeyNameA
QueryAllTracesA
AccessCheckAndAuditAlarmW
BuildTrusteeWithObjectsAndNameW
RegLoadKeyA
RegQueryMultipleValuesA
WmiFileHandleToInstanceNameW
ReportEventA
RegQueryInfoKeyA
CreateServiceW
EnumDependentServicesW
GetSecurityInfo
GetSecurityDescriptorOwner
ConvertStringSDToSDDomainA
WmiMofEnumerateResourcesA
AddAce
IsValidSid
LookupPrivilegeDisplayNameW
ConvertStringSidToSidW
MakeAbsoluteSD2
RegReplaceKeyW
ObjectCloseAuditAlarmA
CredIsMarshaledCredentialW
AccessCheckByTypeAndAuditAlarmA
MakeAbsoluteSD
RegOpenKeyA
LsaCreateTrustedDomain

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71534d9b51423d668476036706f0943a

Headers

DLL Characteristics

File Characteristics

Imports

hlink

ntlanman

ole32

kernel32

advapi32

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 156KB - Virtual size: 1.5MB

.rsrc Size: 122KB - Virtual size: 122KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 156KB - Virtual size: 1.5MB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 1024B - Virtual size: 904B