cbbc8e433fb4b277dae77dc832d60b3ad4630caa96137d363640a2ffbfa0d335

Sharing

Copy URL

Twitter E-mail

General

Target

cbbc8e433fb4b277dae77dc832d60b3ad4630caa96137d363640a2ffbfa0d335
Size

304KB
MD5

e568a8f3b69374d4d36f76f4ab8552d8
SHA1

4d0463abd606b5ee447542689d5a1e77dd94f3c9
SHA256

cbbc8e433fb4b277dae77dc832d60b3ad4630caa96137d363640a2ffbfa0d335
SHA512

2070a978d72e95bedf85a6d524887aa94f4b5eda9c076015921ce9576aad3a336acfdd10a2555d021efd461b6726d3ae3df4f0df357bea8d20bac98d53844225
SSDEEP

6144:U3przaxxbUejJly24pB3lDYpBdx+TBxY9Dg0gAIqK3:U3BGb42aBMxKBiVgQ

Score

N/A

Malware Config

Signatures

Files

cbbc8e433fb4b277dae77dc832d60b3ad4630caa96137d363640a2ffbfa0d335
.exe windows x86

6e3858be536763ec60b658cacd00b80d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CloseDesktop
FindWindowW
EnumWindows
RealGetWindowClassW
ShowWindow
DialogBoxParamW
GetDlgItemTextW
EndDialog
LoadImageW
GetDlgItem
SetThreadDesktop
LockWindowStation
UnlockWindowStation
SetWindowStationUser
UpdatePerUserSystemParameters
GetUserObjectInformationW
OpenInputDesktop
MessageBoxW
GetSystemMetrics
ExitWindowsEx
GetAsyncKeyState
CancelShutdown
CreateDesktopW
SystemParametersInfoW
GetKeyState
GetLastInputInfo
SetForegroundWindow
SetWindowPos
GetDesktopWindow
GetParent
GetWindowLongW
SwitchDesktopWithFade
LoadLocalFonts
RegisterLogonProcess
GetWindowRect
LoadStringW
SendMessageW
CreateWindowStationW
SetProcessWindowStation
CloseWindowStation
SetUserObjectSecurity
SwitchDesktop

msvcrt

wcschr
wcsstr
__isascii
isupper
_tolower
??2@YAPAXI@Z
memcpy
memset
_vsnwprintf
memmove
_wcsicmp
wcsrchr
iswspace
wcstok
??3@YAXPAX@Z
_ultow
_wtoi
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_controlfp

ntdll

RtlEnterCriticalSection
EtwTraceMessage
NtShutdownSystem
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenProcessToken
WinSqmStartSession
WinSqmEndSession
EtwEventWrite
EtwEventEnabled
RtlGetNtProductType
NtQuerySystemInformation
NtSystemDebugControl
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlRemovePrivileges
EtwEventRegister
EtwEventUnregister
RtlDeleteCriticalSection
WinSqmSetDWORD
RtlpVerifyAndCommitUILanguageSettings
EtwEventWriteEndScenario
EtwEventWriteStartScenario
EtwEventActivityIdControl
NtOpenThreadToken
RtlCompareUnicodeString
RtlInitUnicodeStringEx
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlLengthSid
RtlInitString
NtAllocateLocallyUniqueId
WinSqmAddToStream
RtlDestroyEnvironment
TpSimpleTryPost
TpReleaseWork
TpWaitForWork
TpReleaseWait
TpWaitForWait
TpSetWait
TpPostWork
TpAllocWork
TpAllocWait
RtlExpandEnvironmentStrings_U
RtlCreateEnvironment
NtSetInformationToken
NtCreateToken
RtlAdjustPrivilege
TpWaitForTimer
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
NtAdjustPrivilegesToken
NtDuplicateToken
RtlUnhandledExceptionFilter
NtQueryInformationProcess
TpReleaseTimer
NtReplyPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtAcceptConnectPort
NtCreatePort
NtCreateEvent
RtlNtStatusToDosErrorNoTeb
RtlCopySid
RtlOpenCurrentUser
RtlFreeSid
NtSetSecurityObject
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlTimeToSecondsSince1980
TpSetTimer
TpAllocTimer
NtOpenDirectoryObject
NtInitiatePowerAction
RtlFreeUnicodeString
RtlDuplicateUnicodeString
NtFilterToken
RtlEqualSid
RtlLeaveCriticalSection

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegSetKeySecurity
RegDeleteKeyExW
RegQueryValueExW

api-ms-win-security-base-l1-1-0

GetLengthSid
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
DuplicateTokenEx
AllocateLocallyUniqueId
EqualSid
CreateWellKnownSid
GetTokenInformation

winsta

WinStationGetUserCredentials
WinStationDisconnect
WinStationIsSessionRemoteable
_WinStationWaitForConnect
WinStationIsSessionPermitted
WinStationQueryInformationW
WinStationFreeMemory
WinStationNegotiateSession
WinStationFreeUserCredentials
WinStationReportUIResult

rpcrt4

RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcMgmtIsServerListening
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
UuidFromStringW
NdrAsyncClientCall
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
I_RpcBindingIsClientLocal
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcServerListen
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
NdrServerCall2
NdrAsyncServerCall
RpcRaiseException
RpcServerInqCallAttributesW
RpcServerTestCancel
I_RpcMapWin32Status
NdrClientCall2
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcBindingFree
I_RpcExceptionFilter
RpcAsyncAbortCall
RpcAsyncCompleteCall
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcRevertToSelf

kernel32

RegDeleteTreeW
RegEnumKeyExW
CreateProcessInternalW
BaseInitAppcompatCacheSupport
SleepEx
GetFileAttributesW
SetTimerQueueTimer
CreateRemoteThread
GetThreadUILanguage
GetVersionExW
GetTickCount64
WideCharToMultiByte
DebugBreak
UnhandledExceptionFilter
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
LoadLibraryExA
DelayLoadFailureHook
GetSystemDirectoryW
SetInformationJobObject
WaitForMultipleObjects
CreateThread
SetErrorMode
CreateFileW
ReadFile
GetModuleHandleW
GetProcessId
OpenEventW
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateProcessW
SearchPathW
AssignProcessToJobObject
TerminateProcess
GetTickCount
CompareFileTime
ResumeThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
VirtualLock
GetProcessWorkingSetSize
SetProcessWorkingSetSize
VirtualUnlock
VirtualFree
CreateJobObjectW
GetCommandLineW
TerminateJobObject
ResetEvent
InterlockedCompareExchange
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
DuplicateHandle
QueryInformationJobObject
RegisterWaitForSingleObject
OpenProcess
UnregisterWait
QueryFullProcessImageNameW
GetExitCodeProcess
GetProcessHeap
SetEnvironmentVariableW
CompareStringW
GetShortPathNameW
lstrlenW
ExpandEnvironmentStringsW
VirtualAlloc
GetCurrentProcessId
HeapSetInformation
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObjectEx
InterlockedExchange
UnregisterWaitEx
Sleep
GetSystemTimeAsFileTime
MoveFileExW
LocalSize
LocalReAlloc
CreateEventW
SetEvent
CloseHandle
WaitForSingleObject
GetModuleFileNameW
LocalAlloc
LocalFree
SetLastError
FormatMessageW
FindResourceExW
LoadResource
LockResource
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
HeapSize
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetLastError
RegGetValueA
GetDateFormatW

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e3858be536763ec60b658cacd00b80d

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

winsta

rpcrt4

kernel32

Sections

.text Size: 232KB - Virtual size: 232KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 232KB - Virtual size: 232KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 15KB - Virtual size: 14KB