d831513899c6d6e91c10b2d60a5a4b52741403bc69d9ce34ab651468cfeb7267

Sharing

Copy URL

Twitter E-mail

General

Target

d831513899c6d6e91c10b2d60a5a4b52741403bc69d9ce34ab651468cfeb7267
Size

86KB
MD5

aae3444f56e0714cae0c14bbf47da433
SHA1

9275586e72e56411e2573fae43a2ba483f2f1b94
SHA256

d831513899c6d6e91c10b2d60a5a4b52741403bc69d9ce34ab651468cfeb7267
SHA512

5c75ddabf5a074003c79007bb3bfcad4ffc9ab4b4279990d2001403a043e83a37de2b78a3bf8702af5b88bd4c7bf7562ea475928f96d3d835df617ee11a9a16f
SSDEEP

1536:WGthxAIT0oIDA9ZON/55NHDdmb9oQhP1qHxVLYLtAmtiQDQ3GjVzI20dUmdaqq:DJ0FA9ZON3NHDU+Qh9sVML/qGy20dUmL

Score

N/A

Malware Config

Signatures

Files

d831513899c6d6e91c10b2d60a5a4b52741403bc69d9ce34ab651468cfeb7267
.exe windows x86

8df96785b4f5bc3799c1cc6b76639323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriorityBoost
CancelIo
CreateFiber
CallNamedPipeW
SetLastError
WriteConsoleInputA
GetDiskFreeSpaceW
SetDefaultCommConfigW
LocalReAlloc
FindCloseChangeNotification
SetCommMask
GetVolumeInformationA
GetHandleInformation
LoadLibraryA
PrepareTape
OpenMutexW
lstrcat
IsBadCodePtr
GetLongPathNameW
FindClose
GetFileAttributesExW
IsBadHugeReadPtr
SwitchToFiber
MulDiv
EnumSystemCodePagesW
GetExitCodeThread
GetWindowsDirectoryW
EnumCalendarInfoW
CancelWaitableTimer
GetVersionExW
BuildCommDCBAndTimeoutsA
GetAtomNameW
SetThreadContext
GetLocaleInfoW
IsDBCSLeadByte
CreateFileW
FindAtomA
SuspendThread
ResetEvent
InitAtomTable
DebugActiveProcess
SetConsoleTextAttribute
SearchPathW
GetConsoleScreenBufferInfo
GetCommTimeouts
GetConsoleCursorInfo
SetStdHandle
MoveFileExA
GetFileAttributesA
WriteConsoleOutputA
GetBinaryTypeA
GetModuleHandleW
GetThreadPriorityBoost
CreateNamedPipeW
GetUserDefaultLCID
LoadResource
WriteConsoleOutputAttribute
FindNextFileW
GetDiskFreeSpaceExA
VirtualAllocEx
SetCommState
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
VirtualFreeEx
GlobalSize
WriteConsoleOutputCharacterW
GetDefaultCommConfigW
GetProcessHeaps
FileTimeToDosDateTime
ClearCommBreak
SetConsoleScreenBufferSize
OpenMutexA
SetupComm
ExpandEnvironmentStringsA
GetStartupInfoA
SetUnhandledExceptionFilter
lstrcmpiA
CreateDirectoryExW
CreateFileMappingW
WriteProfileSectionW
SetConsoleCtrlHandler
SetFilePointer
PulseEvent
GetAtomNameA
PeekConsoleInputW
OpenFile
RaiseException
GetOEMCP
GetSystemDirectoryA
SetNamedPipeHandleState
WriteConsoleA
Heap32Next
GetTempFileNameA
UnlockFile
GetCPInfoExA
GetThreadLocale
ContinueDebugEvent
GetNamedPipeHandleStateW
CreateWaitableTimerW
GlobalAlloc
VirtualAlloc
Thread32First
GetProfileSectionA
GetProcessAffinityMask
GetLocalTime
VerLanguageNameA
GetFileInformationByHandle
GlobalDeleteAtom
DeleteAtom
GetSystemTimeAdjustment
SleepEx
GetThreadContext
VirtualProtectEx
BackupSeek
ReadConsoleInputA
WriteFile
SetComputerNameW
SetConsoleMode
FillConsoleOutputAttribute
PeekConsoleInputA
GetFileAttributesW
lstrcmp
MoveFileW
GetProcAddress
LocalUnlock
UnmapViewOfFile
EnumCalendarInfoA
VirtualProtect
FindResourceW
EndUpdateResourceA
CallNamedPipeA
CompareStringA
GetProcessHeap
BuildCommDCBW
GetFileAttributesExA
lstrcpyn
GetVolumeInformationW
SetConsoleCursorInfo
GetPrivateProfileIntW

user32

SetWindowRgn
SetDebugErrorLevel
UnpackDDElParam
ChangeDisplaySettingsExW
ToUnicode
SwitchDesktop
CharUpperBuffW
EnumDisplayDevicesA
DeleteMenu
GetGuiResources
GetDesktopWindow
SetForegroundWindow
LoadKeyboardLayoutA
GetTabbedTextExtentW
EqualRect
PackDDElParam
IsWindow
SendMessageTimeoutW
GrayStringW
GetPropW
DdeQueryConvInfo
DlgDirListComboBoxW
WinHelpA
AttachThreadInput
SetDlgItemInt
DialogBoxParamA
GetCaretBlinkTime
EnumChildWindows
SetMenu
FindWindowExA
DrawIcon
GetMenuInfo
MapDialogRect
OpenWindowStationW
TranslateAccelerator
BroadcastSystemMessageW
ToAsciiEx
InSendMessage
DefMDIChildProcW
GetParent
CharNextExA
DrawTextExA
DdeConnectList
SwapMouseButton
GetSystemMenu
SetUserObjectInformationW
CharToOemW
GetTopWindow
SystemParametersInfoA
InsertMenuItemW
DdeUnaccessData
PostMessageA
GetDialogBaseUnits
SetProcessDefaultLayout
SetWindowTextW
RegisterClipboardFormatW
IsCharUpperW
FindWindowA
MoveWindow
HideCaret
GetClipboardViewer
GetClipCursor
GetWindowModuleFileNameW
IsCharUpperA
ToAscii
TranslateAcceleratorW
GetClipboardFormatNameW
UnhookWindowsHook
DrawMenuBar
MessageBoxIndirectW
LoadKeyboardLayoutW
GetWindowTextLengthA
CreateDesktopA
DdeUninitialize
DrawEdge
CloseWindow
ChildWindowFromPoint
GetCaretPos
GetClassInfoW
GetClipboardData
ChildWindowFromPointEx
SendIMEMessageExA
MapVirtualKeyExW
GetTitleBarInfo
LoadImageW
IsClipboardFormatAvailable
InternalGetWindowText
GetKeyboardLayoutNameA
DdeClientTransaction
DdeNameService
SetTimer
GetClassInfoExW
GetSysColor
DispatchMessageW
ValidateRect
CopyAcceleratorTableA
RealChildWindowFromPoint
CharToOemBuffW
IsCharAlphaW
SetScrollRange
GetScrollInfo
RegisterDeviceNotificationW
DdeAddData
CreateDialogParamW
DdeReconnect
SetWindowWord
DefDlgProcW
ScrollWindow
GetAltTabInfo
ReleaseDC
GetClassNameA
SendMessageTimeoutA
EnumClipboardFormats
GetScrollBarInfo
OpenInputDesktop
CreateWindowExW
GetProcessDefaultLayout
SendNotifyMessageA
SetWindowTextA
GetMenuItemID

advapi32

SetSecurityDescriptorOwner
GetTrusteeTypeA
RegEnumValueW
AreAllAccessesGranted
OpenProcessToken
RegSetValueExW
UnlockServiceDatabase
RegEnumKeyExA
EqualPrefixSid
RegCreateKeyW
InitiateSystemShutdownA
RegQueryValueA
RevertToSelf
LookupPrivilegeDisplayNameW
RegCreateKeyA
GetSecurityInfoExA
CryptSignHashA
GetCurrentHwProfileA
GetSidIdentifierAuthority
ConvertAccessToSecurityDescriptorA
QueryServiceObjectSecurity
ReportEventW
CreateProcessAsUserA
EnumDependentServicesA
GetNamedSecurityInfoExA
CryptGenKey
GetEffectiveRightsFromAclW
RegSetValueA
RegSetValueW
RegEnumKeyExW
CryptAcquireContextW
SetServiceStatus
GetAclInformation
GetServiceKeyNameW
SetKernelObjectSecurity
RegCloseKey
ObjectPrivilegeAuditAlarmA
CryptDestroyKey
CryptDecrypt
InitiateSystemShutdownW
GetSecurityDescriptorLength
IsValidSid
GetExplicitEntriesFromAclW
BuildTrusteeWithSidW
BuildTrusteeWithNameA
CopySid
StartServiceW
LogonUserA
CryptAcquireContextA
SetServiceObjectSecurity
CryptImportKey
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
RegSetValueExA
EnumDependentServicesW
RegEnumKeyA
RegUnLoadKeyA
RegDeleteValueA
GetOldestEventLogRecord
ReadEventLogW
ChangeServiceConfigA
GetMultipleTrusteeOperationW
GetSidLengthRequired
ObjectOpenAuditAlarmA
GetTokenInformation
SetAclInformation
SetEntriesInAuditListW
ConvertSecurityDescriptorToAccessNamedW
EqualSid
PrivilegedServiceAuditAlarmW
ConvertSecurityDescriptorToAccessW
CryptEnumProvidersA
RegGetKeySecurity
CryptHashSessionKey
AllocateLocallyUniqueId
SetNamedSecurityInfoExA
LookupPrivilegeValueW
CryptEnumProvidersW
ClearEventLogW
CreatePrivateObjectSecurity
ObjectDeleteAuditAlarmW
RegOpenKeyA
CreateServiceA
CryptSetHashParam
SetSecurityInfo
QueryServiceStatus
RegLoadKeyW
GetNumberOfEventLogRecords
RegReplaceKeyW
GetTrusteeNameW
ImpersonateSelf
IsTextUnicode
GetKernelObjectSecurity
GetSidSubAuthority
RegRestoreKeyW
BuildSecurityDescriptorW
SetTokenInformation
BuildTrusteeWithNameW
RegisterServiceCtrlHandlerW
ConvertSecurityDescriptorToAccessNamedA
RegCreateKeyExA
SetNamedSecurityInfoW
RegLoadKeyA
CryptVerifySignatureA
RegQueryValueExA
GetSecurityDescriptorSacl
AddAuditAccessAce
GetServiceKeyNameA
RegDeleteKeyA
QueryServiceLockStatusA
SetFileSecurityW
CancelOverlappedAccess
IsValidAcl
StartServiceCtrlDispatcherA
SetPrivateObjectSecurity
CryptSetKeyParam
RegConnectRegistryA
ClearEventLogA
CreateServiceW
LookupPrivilegeDisplayNameA
AddAccessDeniedAce
CryptEncrypt
InitializeSecurityDescriptor
ReadEventLogA
PrivilegedServiceAuditAlarmA

shlwapi

SHRegDeleteEmptyUSKeyW
PathSetDlgItemPathW
StrRetToBufW
PathIsContentTypeA
PathSetDlgItemPathA
SHCreateStreamOnFileA
PathIsURLA
PathIsFileSpecW
SHOpenRegStreamW
SHRegDuplicateHKey
StrFromTimeIntervalA
ColorRGBToHLS
UrlGetPartA
StrFormatKBSizeW
PathIsUNCServerW
PathFindOnPathW
SHStrDupA
SHGetValueA
SHRegDeleteEmptyUSKeyA
PathGetDriveNumberA
SHRegOpenUSKeyW
PathRelativePathToA
StrRStrIA
PathRenameExtensionA
SHGetInverseCMAP
StrNCatW
HashData
PathIsDirectoryEmptyA
SHDeleteValueA
PathRemoveArgsW
UrlCreateFromPathW
SHRegQueryUSValueW
PathIsUNCServerA
PathFindFileNameW
PathParseIconLocationA
PathGetArgsA
PathRemoveFileSpecW
PathGetCharTypeA
PathRemoveBlanksA
AssocQueryStringW
PathRelativePathToW
SHSkipJunction
SHStrDupW
UrlCompareA
UrlIsNoHistoryW
StrCatBuffW
SHRegEnumUSKeyA
StrFormatKBSizeA
IntlStrEqWorkerW
StrCatBuffA
UrlCreateFromPathA
StrToIntA
SHRegWriteUSValueW
PathStripToRootA
PathBuildRootA
SHDeleteEmptyKeyA
SHSetValueW
PathAddExtensionW
StrStrIA
PathFindFileNameA
StrCmpNA
PathIsPrefixA
PathFindSuffixArrayW
StrRChrIW
UrlCombineA
PathAddExtensionA
PathFileExistsW
PathQuoteSpacesW
SHDeleteKeyA
SHRegCreateUSKeyA
PathCombineW
StrRetToBufA
StrCmpIW
StrStrW
PathIsDirectoryEmptyW
PathRemoveBackslashA
PathMatchSpecA
StrPBrkA
SHEnumKeyExW
wvnsprintfW
StrCSpnIA
SHGetValueW
wnsprintfW
PathIsUNCW
PathUnquoteSpacesW
PathFindExtensionA
PathStripPathA
PathIsFileSpecA
PathUnquoteSpacesA
StrCmpNIA
PathRemoveBlanksW
SHIsLowMemoryMachine
ChrCmpIW
wnsprintfA
SHRegQueryUSValueA
StrCmpNW
SHRegSetUSValueW
PathCombineA
UrlCompareW
SHCopyKeyA
PathUndecorateA
StrCmpW
StrCpyW
PathMakeSystemFolderW
ColorHLSToRGB

ole32

ReleaseStgMedium
OleDestroyMenuDescriptor
CoRevertToSelf
OleCreateFromDataEx
CoFileTimeToDosDateTime
StgGetIFillLockBytesOnILockBytes
OleUninitialize
CreateFileMoniker
CoGetPSClsid
UtConvertDvtd32toDvtd16
OleCreateLinkFromData
OleNoteObjectVisible
CoFreeAllLibraries
StringFromGUID2
CreateAntiMoniker
OleCreateLinkToFile
WriteFmtUserTypeStg
CoUnmarshalInterface
OleCreateLinkToFileEx
OleSave
CoGetCurrentProcess
DllDebugObjectRPCHook
CoIsOle1Class
OleRegGetUserType
OleRun
StgOpenStorage
CoInitializeEx
CoFileTimeNow
EnableHookObject
CoQueryClientBlanket
IIDFromString
StgCreateDocfile
CoLockObjectExternal
StgCreateDocfileOnILockBytes
ReadOleStg
CoMarshalInterThreadInterfaceInStream
FreePropVariantArray
GetHGlobalFromILockBytes
CoTreatAsClass
CoCreateFreeThreadedMarshaler
ReadClassStg
PropVariantCopy
ReadFmtUserTypeStg
CoRegisterClassObject
WriteStringStream
OleDoAutoConvert
CoLoadLibrary
CoQueryProxyBlanket
OleCreateStaticFromData
StgGetIFillLockBytesOnFile
CoFreeLibrary
ReadClassStm
OleConvertIStorageToOLESTREAMEx
IsEqualGUID
OleConvertOLESTREAMToIStorage
CreatePointerMoniker
CreateOleAdviseHolder
WriteClassStm
OleFlushClipboard
StgCreateStorageEx
OleLoad
CoRegisterPSClsid
GetRunningObjectTable
OleTranslateAccelerator
SetDocumentBitStg
CoRegisterMessageFilter
OleSetMenuDescriptor
CoResumeClassObjects
OleQueryCreateFromData
CreateDataCache
StgSetTimes
CoGetStandardMarshal
CoSetProxyBlanket
OleIsCurrentClipboard
CoGetClassObject
OleCreateMenuDescriptor
CoMarshalHresult
UtConvertDvtd16toDvtd32
StgIsStorageFile
MkParseDisplayName
CoUnmarshalHresult
OleCreate
CoInitializeSecurity
CoCreateInstanceEx
CoRevokeClassObject
CoRegisterSurrogate
IsAccelerator
CreateDataAdviseHolder
GetConvertStg
OleRegEnumVerbs
SetConvertStg
CoBuildVersion
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
WriteOleStg
OleSetAutoConvert

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8df96785b4f5bc3799c1cc6b76639323

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ole32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 163B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 163B