f1d9caf9ca75428bd791a54e6d5ebb4506bbd685b10cf069892237845b53d4d2

Sharing

Copy URL Twitter E-mail

General

Target

f1d9caf9ca75428bd791a54e6d5ebb4506bbd685b10cf069892237845b53d4d2
Size

59KB
MD5

1c1650d912281e8817817311c66e43f9
SHA1

3cb26aefa5c5909ef858a6d6ae1956b46fb13518
SHA256

f1d9caf9ca75428bd791a54e6d5ebb4506bbd685b10cf069892237845b53d4d2
SHA512

15ecac63b9dcd71b26a827b5efc5cea70890f80431a248189309bdfa56a1515175a1238c934bd2e5fa79d8428cc52493c6a24611597745830ca437971719e525
SSDEEP

1536:bMOp9HUB6t//16gZGkeLls4HoRwKxkLgEK7KCu:bMy86V1JZGkeGvRwC+i7KCu

Score

N/A

Malware Config

Signatures

Files

f1d9caf9ca75428bd791a54e6d5ebb4506bbd685b10cf069892237845b53d4d2
.dll windows x86

16e2dcf4ad9d7f25159d604a451c1ab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
DisableThreadLibraryCalls
SetConsoleInputExeNameW
EnumTimeFormatsW
CallNamedPipeA
LocalFileTimeToFileTime
LCMapStringA
FindNextVolumeMountPointA
GetLastError
EraseTape
GetConsoleKeyboardLayoutNameA
FreeResource
SetMailslotInfo
EnumUILanguagesW
SetFilePointer
SwitchToFiber
ReadConsoleOutputA
UnregisterWaitEx
FindFirstVolumeW
lstrcmpi
GetDefaultCommConfigW
RemoveDirectoryA
GetLongPathNameW
GetModuleFileNameW
MoveFileW
FindFirstChangeNotificationA
GetSystemDefaultLCID
FindNextVolumeMountPointW
GetProfileStringW

msvcrt

__wargv
_unloaddll
_statusfp
?name@type_info@@QBEPBDXZ
_strncoll
__p__winver
_CItanh
_CIatan2
_fgetchar
fgetc
_read
_wstrtime
_ismbbgraph
_open
memmove
_lrotr
_y0
__p__wenviron
_lrotl
_flushall
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
ldiv

gdi32

EnumFontFamiliesExA
PolyBezierTo
GetWinMetaFileBits
BRUSHOBJ_hGetColorTransform
EnumEnhMetaFile
GdiConvertToDevmodeW
CreateDIBPatternBrushPt
GdiInitializeLanguagePack
CreateDCW
SetPixel
EngWideCharToMultiByte
GdiQueryFonts
GdiIsMetaPrintDC
GetFontData
GdiConvertDC
EngGradientFill
GdiIsPlayMetafileDC
GetWindowOrgEx
STROBJ_bGetAdvanceWidths
DeleteColorSpace
STROBJ_bEnum
GetTextExtentPointI

user32

FillRect
FindWindowW
GetKeyboardLayoutNameA
IsZoomed
GetClipboardSequenceNumber
CharPrevW
GetAsyncKeyState
GetDlgItemTextW
GetAltTabInfo
FlashWindowEx
GetGuiResources
SetRect
SetCursor
GetClassInfoExA
SoftModalMessageBox
DeregisterShellHookWindow
LoadBitmapA
GetClassInfoA
DlgDirSelectExA
EnumDesktopsA
GetMessageA
GetMessageW

shlwapi

UrlEscapeW
PathUnExpandEnvStringsW
PathIsPrefixW
PathRemoveBackslashA
SHRegCloseUSKey
StrRetToStrW
StrToIntA
wnsprintfA
PathFindFileNameA
PathIsSystemFolderA
SHRegEnumUSKeyW
StrRStrIA
IntlStrEqWorkerA
SHStrDupW
PathIsRootW
SHRegDeleteUSValueW
StrTrimW
SHRegGetUSValueA
SHEnumKeyExA
PathQuoteSpacesA
StrCmpNA
PathIsUNCServerShareA
StrCSpnA
SHCopyKeyA
StrToIntExW
StrSpnA
SHRegGetPathW

Exports

Exports

NysxtbKdufgDecf
AtpWmsyzjNdtavu
NdnmanSkap
EdrFaytypcVdeoqpqQy
ZyuUskirtMpkpz
AtmkqSko
SprRksdvxPdgaDfad
WmcIojqj
SkiNzryuoqJyygo
GhqtHn
OkngdoPnpdsguPo
Gdsx
OmnPwghxqpCcwgKwc
FaxebsFxebj
ZfnNklianAnkqikg
CfBjbfzqVkvpgnkRrxzfIkt

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16e2dcf4ad9d7f25159d604a451c1ab9

Headers

File Characteristics

Imports

kernel32

msvcrt

gdi32

user32

shlwapi

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 512B - Virtual size: 16B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 16B