cb9a5fcf3ceca80fb73aa6c8c40930336378e67f6348d5e88108795e8d08676a

Sharing

Copy URL Twitter E-mail

General

Target

cb9a5fcf3ceca80fb73aa6c8c40930336378e67f6348d5e88108795e8d08676a
Size

143KB
MD5

24864b0c9bae5b8af57349af7e910d5a
SHA1

2fbb69c63f19f58dbec710f9a4851679bf1e988a
SHA256

cb9a5fcf3ceca80fb73aa6c8c40930336378e67f6348d5e88108795e8d08676a
SHA512

e43cee0fab8ad9f140d5cf18fb4e4a836c48db4392cbd90489626fa81b9ffacd0cf7ed5d11ab5a017778ebea2ce4fc3efb814ec3c7db8eea05c9bd51c91b4ec5
SSDEEP

3072:QsjHRyBLnAgfH9RZn8pMzZJXNQV1KcbuOiOSbuNtmeRBtDbvFUROUYM6hD8fUaf0:QsjHRyBAUdH8pMpo1Kcq8/BRBtbvFURS

Score

N/A

Malware Config

Signatures

Files

cb9a5fcf3ceca80fb73aa6c8c40930336378e67f6348d5e88108795e8d08676a
.exe windows x86

1a4a46ead97de9848756514ca05ea4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHQueryValueExW
PathCompactPathExA
PathCommonPrefixW
SHSetThreadRef
PathFindOnPathA
PathGetDriveNumberA
PathIsPrefixW
UrlApplySchemeW
PathRemoveArgsW
SHOpenRegStreamA
PathIsDirectoryEmptyW
SHDeleteKeyW
UrlGetLocationW
HashData
PathRemoveBackslashW
PathFindExtensionA
StrSpnA
PathUnquoteSpacesW
StrNCatW
SHGetInverseCMAP
PathIsRootW
StrStrIA
PathFindExtensionW
StrRChrA
SHDeleteValueA
SHEnumKeyExA
SHRegCreateUSKeyA
PathSkipRootW
PathSetDlgItemPathW
StrDupW
StrRetToStrA
PathIsRelativeW
SHDeleteEmptyKeyA
SHEnumValueA
PathIsSystemFolderW
PathBuildRootW
SHRegDeleteEmptyUSKeyW
PathIsNetworkPathW
StrSpnW
PathRemoveArgsA
PathIsLFNFileSpecW
StrRetToBufA
StrDupA
StrTrimW
PathRemoveFileSpecA
StrCatBuffA
PathParseIconLocationW
UrlIsW
StrFormatKBSizeW
SHStrDupA
IntlStrEqWorkerA
StrRChrIW
GetMenuPosFromID
PathCombineW
UrlCanonicalizeA
SHRegEnumUSValueA
PathMakePrettyW
SHRegDeleteEmptyUSKeyA
SHCopyKeyW
AssocQueryStringByKeyA
PathIsRootA
PathSearchAndQualifyW
UrlHashW
PathAppendW
SHRegCloseUSKey
PathIsLFNFileSpecA
SHSkipJunction
PathCanonicalizeW
PathFileExistsA
SHOpenRegStream2A
PathRemoveBlanksA
SHRegGetUSValueW
SHRegWriteUSValueW
PathGetArgsA
SHGetValueA

kernel32

IsBadWritePtr
GetFileAttributesExW
CompareStringA
CreateFileA
FindResourceA
GetTimeZoneInformation
GetNumberOfConsoleMouseButtons
GetUserDefaultLCID
PeekConsoleInputW
GetSystemDefaultLangID
IsBadHugeWritePtr
SetCurrentDirectoryA
GetVersionExW
lstrlenW
FreeLibrary
SetCalendarInfoW
HeapCompact
SetErrorMode
VirtualProtect
PostQueuedCompletionStatus
ScrollConsoleScreenBufferW
HeapDestroy
CopyFileExW
GetFullPathNameW
OpenEventW
BeginUpdateResourceW
ReadFile
HeapUnlock
VirtualAlloc
Module32First
OpenFileMappingA
GetCommMask
ReadConsoleA
WritePrivateProfileStructW
CommConfigDialogW
CancelDeviceWakeupRequest
GetLogicalDriveStringsA
FreeConsole
ConnectNamedPipe
GenerateConsoleCtrlEvent
WriteConsoleInputW
ClearCommBreak
GetProcessHeap
WriteFile
SetConsoleCP
GetStringTypeExA
GetCurrentThreadId
EnumResourceNamesA
BuildCommDCBAndTimeoutsA
SetCommBreak
ReleaseSemaphore
WriteProfileSectionA
SetFileAttributesA
LocalFileTimeToFileTime
EscapeCommFunction
SetEnvironmentVariableA
GetPrivateProfileIntW
GetSystemTimeAsFileTime
CreateConsoleScreenBuffer
FindFirstFileExA
CancelIo
CreatePipe
GetLocalTime
EnumDateFormatsW
FormatMessageW
GetEnvironmentStrings
EnumDateFormatsExA
GetCommModemStatus
SetProcessWorkingSetSize
SearchPathA
WaitNamedPipeA
SystemTimeToFileTime
PrepareTape
EnumResourceNamesW
CreateMailslotA
GetCompressedFileSizeA
GetFileAttributesExA
GetTempFileNameA
GetSystemTime
IsProcessorFeaturePresent
FlushViewOfFile

ole32

StgGetIFillLockBytesOnILockBytes
ReadOleStg
ReadStringStream
WriteClassStg
OleCreateFromDataEx
CoSwitchCallContext
CoMarshalInterThreadInterfaceInStream
PropVariantCopy
CoMarshalInterface
GetConvertStg
CoGetCallerTID
OleCreateLinkFromDataEx
OleCreateDefaultHandler
CoRegisterPSClsid
ReadClassStg
OleRegEnumFormatEtc
OleRun
OleCreateLinkFromData
CoDosDateTimeToFileTime
OleCreateEx
OleDoAutoConvert
OleCreateEmbeddingHelper
CoCreateInstance
OleCreateMenuDescriptor
CoImpersonateClient
OleNoteObjectVisible
StgOpenAsyncDocfileOnIFillLockBytes
CreateBindCtx
CoTaskMemRealloc
GetRunningObjectTable
OleCreateLinkToFile
GetHookInterface
CreateDataAdviseHolder
CoInitializeEx
OleLockRunning
CoDisconnectObject
CoResumeClassObjects
CoAddRefServerProcess
OleCreate
CreateFileMoniker
FreePropVariantArray
StgOpenStorage
OleDraw
OleFlushClipboard
OleCreateFromFileEx
PropVariantClear
CreateObjrefMoniker
CoRevokeMallocSpy
CoFileTimeToDosDateTime
CoRegisterSurrogate
OleSaveToStream
CoFileTimeNow
CreateClassMoniker
OleLoadFromStream
CoGetCurrentProcess
UpdateDCOMSettings
StgCreateDocfileOnILockBytes
UtConvertDvtd32toDvtd16
IsAccelerator
StringFromIID
IsEqualGUID
CoRegisterMallocSpy
WriteOleStg
GetHGlobalFromILockBytes
CoFreeUnusedLibraries
OleConvertOLESTREAMToIStorage
CreateOleAdviseHolder
CoUnmarshalInterface
DoDragDrop
CoQueryReleaseObject
CoInitializeSecurity
CoLockObjectExternal
UtGetDvtd32Info
EnableHookObject

advapi32

RegSaveKeyA
MakeAbsoluteSD
RegCreateKeyExW
EnumServicesStatusW
CreateProcessAsUserA
CryptSetKeyParam
CryptVerifySignatureW
LookupAccountNameW
ObjectCloseAuditAlarmA
QueryServiceConfigA
RegCloseKey
RegNotifyChangeKeyValue
GetUserNameW
SetSecurityDescriptorOwner
GetSecurityInfoExW
CreateProcessAsUserW
SetSecurityInfo
BuildTrusteeWithNameW
RegUnLoadKeyW
AllocateAndInitializeSid
QueryServiceConfigW
QueryServiceStatus
OpenThreadToken
RegDeleteValueA
BuildSecurityDescriptorW
SetNamedSecurityInfoA
DuplicateToken
LogonUserA
CopySid
LookupPrivilegeDisplayNameW
AllocateLocallyUniqueId
RegRestoreKeyW
GetSidSubAuthorityCount
NotifyChangeEventLog
CryptGetHashParam
CryptDeriveKey
BuildExplicitAccessWithNameA
SetServiceBits
RegEnumValueA
AddAccessAllowedAce
LookupPrivilegeNameW
GetFileSecurityW
LookupSecurityDescriptorPartsW
QueryServiceLockStatusW
OpenProcessToken
TrusteeAccessToObjectW
AdjustTokenGroups
BackupEventLogA
GetFileSecurityA
GetTokenInformation
RegCreateKeyA
SetEntriesInAuditListA
RegCreateKeyW
RegGetKeySecurity
ClearEventLogA
SetTokenInformation
RegConnectRegistryW
GetAccessPermissionsForObjectA
PrivilegeCheck
DeregisterEventSource
ReportEventA
RegQueryMultipleValuesA
ObjectCloseAuditAlarmW
RegSetValueW
CryptGenKey
OpenBackupEventLogW
AddAccessDeniedAce
BuildSecurityDescriptorA
RegOpenKeyExW
SetSecurityDescriptorDacl
AbortSystemShutdownA
CryptEnumProvidersW
GetSecurityDescriptorControl
PrivilegedServiceAuditAlarmA
EnumServicesStatusA
ObjectOpenAuditAlarmA
RegEnumKeyExA
SetSecurityInfoExW

user32

CreateWindowExA
UnhookWindowsHook
GetKeyboardLayoutNameA
DdeFreeDataHandle
SetUserObjectSecurity
DdeUnaccessData
HideCaret
IsZoomed
SetScrollPos
GetShellWindow
GetMenuCheckMarkDimensions
CallWindowProcW
ClientToScreen
GetKeyState
SetScrollInfo
EnumDisplaySettingsW
UnregisterDeviceNotification
GetMenuItemInfoW
SetWindowWord
SwitchDesktop
SetScrollRange
DdeKeepStringHandle
CreateDialogParamW
InSendMessage
GetWindowLongA
DestroyIcon
CheckDlgButton
CharToOemW
DrawTextExW
EndPaint
DefWindowProcA
MenuItemFromPoint
MsgWaitForMultipleObjectsEx
DdePostAdvise
GetDlgItemInt
GetWindowModuleFileNameW
CloseWindow
RegisterClipboardFormatW
DrawStateW
SetMenuDefaultItem
OemToCharBuffA
PostQuitMessage
MessageBoxA
LoadCursorFromFileA
WindowFromPoint
FindWindowExA
GetWindowRect
DispatchMessageW
DdeGetLastError
OemKeyScan
OpenInputDesktop
EnumDisplaySettingsExW
LoadAcceleratorsA
GetScrollRange
DefWindowProcW
WinHelpW
CreateDialogParamA
GetClipboardFormatNameA
BeginDeferWindowPos
ChildWindowFromPoint
DdeDisconnect
GetMessageW
DestroyWindow
SetWinEventHook
DrawAnimatedRects
SetWindowsHookA
GetMenuItemRect
SendMessageTimeoutW
SendMessageTimeoutA
MapVirtualKeyExA
AdjustWindowRect
GetMenuBarInfo
RegisterClassExW
PostMessageA
ChangeDisplaySettingsW
DrawIconEx

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a4a46ead97de9848756514ca05ea4b6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

ole32

advapi32

user32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 8KB