bfc165e4e827258b6590b8c719d205367ce0f934cbc22a5cf65b9f7f3d84033d

Sharing

Copy URL Twitter E-mail

General

Target

bfc165e4e827258b6590b8c719d205367ce0f934cbc22a5cf65b9f7f3d84033d
Size

865KB
MD5

32a793ebfcbac310e04b07fb314c46f8
SHA1

7b9376dba2b1af8092479320fefdf76fa52a6c58
SHA256

bfc165e4e827258b6590b8c719d205367ce0f934cbc22a5cf65b9f7f3d84033d
SHA512

cb6125d40d7d50f2c315281d24ea8b9c4bb64bfe85f3d43aac4d860cb9798e802440bcc765205471e48ad8a8347992c08359ab95a987e4b445e126d755e4f819
SSDEEP

24576:YlUyEw7MSsxEQcNr26Ndce9i443PfJhb:YlnnM1PYr2Cee9XUp

Score

N/A

Malware Config

Signatures

Files

bfc165e4e827258b6590b8c719d205367ce0f934cbc22a5cf65b9f7f3d84033d
.exe windows x86

ee729e840e19f82729e6c6beac11eac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
StrRetToStrW
StrCmpNW
StrChrIW
SHEnumKeyExW
SHDeleteOrphanKeyW
SHDeleteKeyW
SHGetThreadRef
PathIsNetworkPathA
SHAutoComplete
StrRChrA
UrlGetLocationA
UrlHashW
SHRegQueryInfoUSKeyA
PathFindFileNameA
UrlUnescapeA
StrToInt64ExW
PathFileExistsA
AssocCreate
AssocQueryStringW
PathCompactPathA
SHRegGetBoolUSValueW
IntlStrEqWorkerA
PathFindNextComponentW
PathIsPrefixA
PathCombineW
PathIsRootA
StrFormatKBSizeA
PathUndecorateW
PathRemoveBlanksW
AssocQueryKeyW
SHQueryValueExA
PathCombineA
UrlHashA

msvcrt

_ismbbkana
__CxxLongjmpUnwind
_unlink
wprintf
_fstat64
_atoi64
iswdigit
_isnan
_ismbchira
_snprintf
??_Gexception@@UAEPAXI@Z
_heapset
_waccess
_chdrive
__CxxExceptionFilter
_ismbbkalnum
_winmajor
_ctype
_fstati64
_getmaxstdio
_wcsrev
_adj_fptan
ldexp
_fgetwchar
isprint
_CIsinh
_getch
_wstrdate
_commit
??4bad_typeid@@QAEAAV0@ABV0@@Z
wcsstr
_ungetch
_atodbl
iswprint
_mbsspn
_wspawnle
__unDName
ldiv
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_strdup
_local_unwind2
_winver

clusapi

GetClusterGroupKey
OpenClusterNetwork
ClusterResourceOpenEnum
EvictClusterNode
ClusterNodeCloseEnum
ClusterNetworkCloseEnum
ClusterRegCreateKey
CloseClusterGroup
GetClusterInformation
CreateClusterNotifyPort
CreateClusterResourceType
ClusterNodeGetEnumCount
SetClusterName
CloseCluster
GetClusterResourceTypeKey
ClusterRegDeleteValue
ClusterRegQueryInfoKey
GetClusterNetworkId
CreateClusterResource
GetClusterNodeId
ClusterResourceCloseEnum
CloseClusterResource
ClusterGroupGetEnumCount
CloseClusterNotifyPort
ClusterRegSetValue
GetClusterKey
SetClusterQuorumResource
ChangeClusterResourceGroup
ClusterRegEnumKey
SetClusterGroupNodeList
CreateClusterGroup
ClusterRegCloseKey
RemoveClusterResourceNode

esent

JetIndexRecordCount
JetPrepareUpdate@12
JetRetrieveColumn
JetCloseTable@8
JetComputeStats
JetUpdate
JetAttachDatabase
JetSetLS
JetCloseDatabase
JetRollback
JetFreeBuffer
JetGetSecondaryIndexBookmark
JetOpenDatabase
JetResetTableSequential
JetGotoPosition
JetSetIndexRange
JetBeginTransaction2
JetRetrieveKey
JetCloseFileInstance
JetDeleteColumn2
JetBeginExternalBackup
JetDetachDatabase
JetOpenTempTable3
JetPrepareToCommitTransaction
JetSetCurrentIndex3
JetOSSnapshotPrepare
JetCreateDatabaseWithStreaming
JetOpenFile
JetGrowDatabase
JetInit2
JetGetAttachInfoInstance
JetRetrieveColumn@32
JetUpdate@20
JetCompact
JetSetSystemParameter
ese
JetRenameColumn

kernel32

QueryPerformanceCounter
GetLastError
OpenMutexA
RegisterConsoleOS2
GetVolumeNameForVolumeMountPointW
GetCurrentThread
SetFileApisToANSI
lstrcmpW
WaitForDebugEvent
SetConsoleCursorInfo
GetExitCodeThread
ExpandEnvironmentStringsW
EnumSystemCodePagesA
GetEnvironmentStringsW
EnumResourceTypesA
GetDefaultCommConfigW
VirtualAlloc
ReadConsoleInputExA
LoadLibraryA
LoadLibraryExA
BuildCommDCBW
SetConsoleMenuClose
GetVersionExW
InterlockedPushEntrySList
LocalAlloc
Thread32Next
GetNextVDMCommand
GetThreadTimes
SetPriorityClass
SuspendThread
FileTimeToLocalFileTime
GlobalUnlock
PurgeComm
UnlockFile
BindIoCompletionCallback

htui

HTUI_ColorAdjustmentA
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_ColorAdjustmentW
HTUI_ColorAdjustment
HTUI_DeviceColorAdjustmentW

schannel

SslGetMaximumKeySize
QuerySecurityPackageInfoW
QuerySecurityPackageInfoA
DeleteSecurityContext
SslGenerateRandomBits
FreeCredentialsHandle
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
SpUserModeInitialize
CompleteAuthToken
VerifySignature
SslEmptyCacheW
SealMessage
AcceptSecurityContext
UnsealMessage
QueryContextAttributesW
FreeContextBuffer
SslLoadCertificate
AcquireCredentialsHandleA
InitSecurityInterfaceA
InitSecurityInterfaceW
MakeSignature
InitializeSecurityContextA
RevertSecurityContext
ImpersonateSecurityContext
QueryContextAttributesA
SslEmptyCacheA
InitializeSecurityContextW
SslCrackCertificate
ApplyControlToken
SpLsaModeInitialize
EnumerateSecurityPackagesA

user32

EndDialog

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee729e840e19f82729e6c6beac11eac9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

msvcrt

clusapi

esent

kernel32

htui

schannel

user32

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 1KB - Virtual size: 1.7MB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 1KB - Virtual size: 1.7MB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 1024B - Virtual size: 1024B