be6f7f0d36bf9766422084d05abbaf2fb6af7a9df2a0222725b6938ef6d29422

Sharing

Copy URL Twitter E-mail

General

Target

be6f7f0d36bf9766422084d05abbaf2fb6af7a9df2a0222725b6938ef6d29422
Size

369KB
MD5

db2a3c4546ad0fe5a61da406311c9eed
SHA1

07f5138028e156688157c45f6c8836c85c521896
SHA256

be6f7f0d36bf9766422084d05abbaf2fb6af7a9df2a0222725b6938ef6d29422
SHA512

861d161e9784be12cfc9f45fcff55a5aaba523f817020de2c5e65d8cdf05f42e5dab91becd29c3a87f19663d110daeb3603d19fe7e3f79ad8928e3f853ee1e4c
SSDEEP

6144:CXXa6RRtkS/Xq3x5/osW+V2tH3oiGpor1yjCcPvJd0xUzJ/WwHo:yaKtf/XqBdjstHHGarsCIJd0glW4

Score

N/A

Malware Config

Signatures

Files

be6f7f0d36bf9766422084d05abbaf2fb6af7a9df2a0222725b6938ef6d29422
.exe windows x86

3a67053a11e56ce7c043c7467cda4d6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

PathGetDriveNumberA
UrlCanonicalizeA
SHRegEnumUSKeyW
PathIsFileSpecA
ColorAdjustLuma
SHRegSetPathW
IntlStrEqWorkerA
PathIsSystemFolderW
SHAutoComplete
SHRegGetBoolUSValueA
UrlHashW
StrCmpW
PathUnExpandEnvStringsA
StrSpnA
PathRemoveArgsW
SHRegGetPathA
StrChrIA
wvnsprintfA
StrCSpnIA
PathCombineW
StrFormatByteSizeW
StrRetToStrW
PathRemoveBlanksA
UrlUnescapeW
PathRenameExtensionA
PathUnmakeSystemFolderW
PathStripPathW
SHRegSetUSValueA
StrFormatKBSizeA
PathRemoveFileSpecW
StrStrW
UrlGetPartA
StrFormatByteSizeA
SHRegEnumUSValueW
PathIsLFNFileSpecA
UrlCombineA
PathAppendA
PathIsLFNFileSpecW
PathMakePrettyA

crtdll

_putw
div
_onexit
fgetc
_mbsnbset
strncat
_vsnprintf
_mbsnbcat
_ismbbkana
ceil
wcscspn
_CIasin
fputwc
atexit
printf
_ismbclower
_spawnle
_strerror
_strncnt
_wcsrev
strcoll
_lsearch
_mbscat
_fpieee_flt
_stricmp
getenv
_controlfp
_ismbcdigit
_stat
strtod
_fgetwchar
_spawnlpe

sqlunirl

_CreateColorSpace_@4
_SetDlgItemText@12
_LoadIcon@8
_DialogBoxParam_@20
_OpenWaitableTimer_@12
_RegSaveKey_@12
_FindAtom_@4
_NDdeShareAdd_@20
_ExtractIcon_@12
_ClearEventLog_@8
_GetClassLong_@8
_GetToolsFilePath@16
_SetProp@12
_CreateDirectoryEx_@12
_SendDlgItemMessage@20
_GetFileAttributes_@4
_ChangeDisplaySettings_@8
_GrayString_@36
_OpenBackupEventLog_@8
_GetCharWidth_@16
_GetModuleHandle_@4
_SetClassLong_@12
_FormatMessage@28
_CallMsgFilter_@8
_ReadEventLog_@28
_CreateProcess_@40
_PrivilegedServiceAuditAlarm_@20
_SHBrowseForFolder_@4
_GetFileVersionInfo_@16
_GetWindowsDirectory_@8
_GetOpenFileName@4
_RegOpenKeyEx_@20
_GetMenuItemInfo_@16
_DlgDirSelectEx_@16
_CallWindowProc@20
_GetCurrentHwProfile_@4

olecli32

DefCreateLinkFromFile
MfRelease
MfQueryBounds
OleCreateFromFile
ErrActivate
LeExecute
OleCreateLinkFromClip
OleSetBounds
DibDraw
ErrObjectConvert
DibEnumFormat
SetNetName
MfEqual
GenGetData
ErrGetUpdateOptions
LeReconnect
ErrCopyFromLink
OleCreateLinkFromFile
LeClone
OleQueryClientVersion
OleEnumFormats
SrvrWndProc
PbCreateFromClip
BmQueryBounds
DefCreateFromFile
OleGetLinkUpdateOptions
ObjQueryName
SetNextNetDrive
OleRegisterClientDoc
ErrSetData
BmCopy
BmEnumFormat
OleCreate
LeCopyFromLink
MfSaveToStream
ObjQuerySize
LeShow
LeActivate
PbCreateLinkFromFile
LeCopy
ErrSetHostNames

kernel32

EnumSystemLocalesA
GetTimeZoneInformation
VirtualFree
CreateActCtxW
CommConfigDialogA
FindNextVolumeW
GetNumberFormatW
GetStringTypeA
CreateMutexW
TransmitCommChar
OpenJobObjectW
FormatMessageA
EnumerateLocalComputerNamesA
GetLastError
LoadLibraryA
AddAtomA
SetCalendarInfoA
SetConsoleCursor
GetSystemTimeAsFileTime
GetCurrentConsoleFont
FindCloseChangeNotification
GetCompressedFileSizeA
ReplaceFile
GetModuleFileNameA
GlobalUnWire
SetFilePointerEx
VirtualAlloc
UpdateResourceA
EnumCalendarInfoExW
FindResourceExA
_lwrite
ExitVDM
SetConsoleTitleA
GetMailslotInfo
OpenMutexW
GlobalHandle
RemoveLocalAlternateComputerNameW
WriteFileGather

advapi32

BuildTrusteeWithObjectsAndNameW
SystemFunction015
RegEnumValueW
QueryRecoveryAgentsOnEncryptedFile
SetFileSecurityA
FileEncryptionStatusA
CryptDuplicateHash
RegSetValueExA
LookupSecurityDescriptorPartsA
SystemFunction041
InitializeSid
AllocateLocallyUniqueId
AddAuditAccessObjectAce
AddAccessAllowedAceEx
RegDeleteValueA
CheckTokenMembership
OpenEncryptedFileRawW
EncryptionDisable
CredWriteW
ReportEventA
CreateServiceA
SetEntriesInAccessListA
SystemFunction001
GetUserNameA
SystemFunction026
QueryServiceStatusEx
GetAuditedPermissionsFromAclA
CreatePrivateObjectSecurityEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction022
CredReadDomainCredentialsW
FindFirstFreeAce
RegSetValueW
CloseCodeAuthzLevel
RegisterServiceCtrlHandlerExW
LsaOpenTrustedDomainByName
GetNumberOfEventLogRecords
ReadEventLogA
LogonUserExA
EnumDependentServicesA
GetSidSubAuthority

msvcrt40

iswpunct
_wexecle
_mbstok
??1exception@@UAE@XZ
??_Giostream@@UAEPAXI@Z
_mbsncat
??4ifstream@@QAEAAV0@ABV0@@Z
fabs
_ismbbtrail
_ismbbalpha
??5istream@@QAEAAV0@AAF@Z
_mbsbtype
?is_open@filebuf@@QBEHXZ
_fstati64
_finite
_wstrtime
??_7exception@@6B@
_snwprintf
??_Dostrstream@@QAEXXZ
atexit
free
?binary@filebuf@@2HB
_wcsset
_wcslwr
?sync@streambuf@@UAEHXZ
_loaddll
_strlwr
??5istream@@QAEAAV0@AAG@Z
__iscsymf
_CItanh
strcspn
remove
_mbsrchr

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a67053a11e56ce7c043c7467cda4d6e

Headers

File Characteristics

Imports

shlwapi

crtdll

sqlunirl

olecli32

kernel32

advapi32

msvcrt40

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 84KB - Virtual size: 433KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 84KB - Virtual size: 433KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B