e8e0fdf992e0ab86fe3300e91d0f2ab4636a961a5fcddd5f4b0825595fe16923

Sharing

Copy URL Twitter E-mail

General

Target

e8e0fdf992e0ab86fe3300e91d0f2ab4636a961a5fcddd5f4b0825595fe16923
Size

354KB
MD5

c7cd2193efffc2c026a8973891f65186
SHA1

087115cfa40cfc64dae4c41586b740253df76f0c
SHA256

e8e0fdf992e0ab86fe3300e91d0f2ab4636a961a5fcddd5f4b0825595fe16923
SHA512

6eb357dfa2acc9e4f9bd29f4272029be285bcea25ba07087330ccbe1823e710b0b87f5f77f4b57347217f49508da024a56e8e9aa32328532798b41659e31e517
SSDEEP

6144:fa7mrgQoP1LMNoke+U+Hl1GTz/uQa1l3pVfLJ4N0Q/ZMDADt7OUv7AGYjfB497cy:3auNoHiQRa1PNLy5/cAD5zANjiSPK

Score

N/A

Malware Config

Signatures

Files

e8e0fdf992e0ab86fe3300e91d0f2ab4636a961a5fcddd5f4b0825595fe16923
.exe windows x86

378674fddd20963f9a45783edc4aa663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

GenRelease
ObjQuerySize
MfCallbackFunc
OleLoadFromStream
OleRevokeClientDoc
GetTaskVisibleWindow
OleRegisterClientDoc
PbEnumFormats
OleSetTargetDevice
OleQueryReleaseStatus
OleClone
LeShow
LeSaveToStream
OleQueryName
OleObjectConvert
LeObjectConvert
OleSavedClientDoc
LeCopyFromLink
PbCreateLinkFromClip
PbQueryBounds
LeQueryOpen

msdart

??1CCritSec@@QAE@XZ
?ReadUnlock@CSpinLock@@QAEXXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
??0CFakeLock@@QAE@XZ
MpHeapDestroy
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
MPInitializeCriticalSection
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?ReadUnlock@CCritSec@@QAEXXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?Size@CLKRHashTable@@QBEKXZ

kernel32

InterlockedPushEntrySList
TlsSetValue
lstrcmpW
lstrcpyA
HeapDestroy
GetCurrentProcessId
InterlockedDecrement
CompareStringA
OpenEventA
CompareFileTime
CloseProfileUserMapping
LocalUnlock
FindAtomW
GetProfileStringW
GetComputerNameExA
GetStringTypeW
LoadLibraryA
MulDiv
DeleteVolumeMountPointW
HeapQueryInformation
lstrcpyW
GlobalAddAtomW
CreateMailslotA
GetCommState
SetEnvironmentVariableW
VirtualAlloc
GetStartupInfoA
SetLocaleInfoA
SetVDMCurrentDirectories
FlushViewOfFile

oleaut32

VarR4FromR8
VarR4FromUI1
VarUI8FromI8
VarDecAdd
VarI4FromUI8
VarCyFromUI2
SafeArrayCreateVector
LHashValOfNameSysA
VarBoolFromCy
SysAllocStringLen
VariantClear
VarIdiv
SafeArrayGetRecordInfo
VarBoolFromI2
VarUI8FromR8
LPSAFEARRAY_UserUnmarshal
VarR8FromDisp
BSTR_UserMarshal
VarCat
VarR4FromDec
OleCreatePropertyFrame
VarI4FromUI1
VarUI1FromUI4
VarUI4FromUI1
VarCyMulI4
VarR8FromDate
SetVarConversionLocaleSetting
VarBoolFromI4
LoadTypeLib

unimdmat

UmMonitorModem
UmAbortCurrentModemCommand
UmWaveAction
UmDialModem
UmAnswerModem
UmSetPassthroughMode
UmCloseModem
UmOpenModem
UmSetSpeakerPhoneState
UmLogDiagnostics
UmInitializeModemDriver
UmLogStringA
UmGetDiagnostics
UmDeinitializeModemDriver
UmDuplicateDeviceHandle
UmIssueCommand
UmInitModem
UmGenerateDigit
UmHangupModem

hlink

HlinkCreateShortcut
HlinkResolveShortcutToMoniker
HlinkQueryCreateFromData
OleSaveToStreamEx
HlinkCreateBrowseContext
HlinkOnRenameDocument
DllUnregisterServer
HlinkResolveShortcut
DllRegisterServer
HlinkCreateShortcutFromString
HlinkUpdateStackItem
HlinkOnNavigate
HlinkTranslateURL
HlinkCreateFromData
HlinkCreateFromMoniker
HlinkCreateExtensionServices
HlinkClone
HlinkResolveMonikerForData
DllGetClassObject
HlinkPreprocessMoniker
HlinkResolveShortcutToString
HlinkGetValueFromParams
HlinkCreateFromString
HlinkParseDisplayName
HlinkGetSpecialReference
HlinkResolveStringForData
HlinkNavigate
DllCanUnloadNow

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

378674fddd20963f9a45783edc4aa663

Headers

DLL Characteristics

File Characteristics

Imports

olecli32

msdart

kernel32

oleaut32

unimdmat

hlink

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 250KB - Virtual size: 706KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 250KB - Virtual size: 706KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 288B