08dbe3a316d4efbb2737976dbde5ad64

Sharing

Copy URL Twitter E-mail

General

Target

08dbe3a316d4efbb2737976dbde5ad64
Size

112KB
MD5

08dbe3a316d4efbb2737976dbde5ad64
SHA1

27f2e25eefe7efbc9272f58e06457337d883d72f
SHA256

dcda756eba3601d3ea76b692374c2f690c92ad32ae1c71ffc7bd07a607eef6ef
SHA512

b394a12d43eb9ebbe603c5794ccaf8ae87a40da4d8955b37442cdce7ef34e322cc88495049d5deadee2702c08ee9b640c7d6f123ea16bc8f628bb1b4adac829f
SSDEEP

1536:T7awW+M3aLoXJalQ6tJew/KRohELJ47kNenTzL6ufIr8kENly/VdtD:/awVCaOhx0vhgJ0k8L6uE0q/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08dbe3a316d4efbb2737976dbde5ad64

Files

08dbe3a316d4efbb2737976dbde5ad64
.exe windows:4 windows x86 arch:x86

7c2055a28cca259d9cdb9647fffb7e81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

�ka

GetProcAddress
VirtualAlloc
SetCurrentDirectoryW
GetLogicalDriveStringsW
LoadLibraryA
AllocConsole
GlobalUnWire
LocalCompact
GetStringTypeW
CreateEventW
HeapWalk
SetConsoleCursorPosition
SetLastError
GetSystemPowerStatus
SetConsoleCP
SetConsoleCursorInfo
Beep
GetTapePosition
FindFirstChangeNotificationW
VirtualAllocEx
TransactNamedPipe
FreeEnvironmentStringsA
GetFileAttributesExA
QueryDosDeviceA
WriteProfileSectionW
LocalReAlloc
IsBadReadPtr
WriteConsoleOutputCharacterA
IsBadCodePtr
SetNamedPipeHandleState
SetConsoleTitleA
BuildCommDCBAndTimeoutsW
CreateFileMappingA
LoadLibraryExA
WideCharToMultiByte
lstrlenA
GetPrivateProfileIntW
BackupRe,A@
6
@
�<@
@
@
�;@
<;@
;@
�:@
@
@
�9@
@
@
@
P8@
�7@
@
�6@
@
�lA
>
@
[
7
@
z@
@
H
A
A
�@
l@
A
A
0@
s�@
�kA

�w^�wƒ�wz�wd7�w��w��w.��w��w��w��wu��w��w��w°�wq��wˌ�w��w}��w��w��w��w3��we��w��w/��w:��w��w`��w��w�z�wґ�w��w-��w��w��w��w��w� �wfb�wa��w��w��w��wk��w�

�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�
�wo��w��w9#�w��w��wi��wv��wd��w'�w��w�.�

shlwapi

D7�w��w��w.��w��w��w��wu��w��w��w°�wQ��wˌ�w��w}��w��w��w��w3��we��w��w/��w:��w��w`��w��w�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
��wu��w��w��w°�wQ��wˌ�w��w}��w��w��w��w3��we��w��w/��w:��w��w`��w��w�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
�wˌ�w��w}��w��w��w��w3��we��w��w/��w:��w��w`��w��w�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
��w��w3��we��w��w/��w:��w��w`��w��w�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
�w:��w��w`��w��w�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
�Z�wҐ�w��w-��w��w��w��w��w� �wfb�wA��w��w��w��wK��w�
��w��w� �wfb�wA��w��w��w��wK��w�
��w��w��wK��w�
�w�
��w9#�w��w��wi��wv��wD��w'�w��w�.�
v��wD��w'�w��w�.�
�
��
w�IwACw8�w��w� wʠ
ʠ
�"wu�w �w��wR)w�)w�(w�wF~w{_#w�_#wthw�w��
w�(w�wF~w{_#w�_#wthw�w��
�w��
�|��|�N�| um
�B�qi,�q9��q
�w��w4��wSw�wv{�wˇ�w�o�w5u�w��wxj�w�k�w��w��w��w�y�w�w�w�w�wuw�w��w��w��w"��w<��wT��wF��w
ˇ�w�o�w5u�w��wxj�w�k�w��w��w��w�y�w�w�w�w�wuw�w��w��w��w"��w<��wT��wF��w
xj�w�k�w��w��w��w�y�w�w�w�w�wuw�w��w��w��w"��w<��wT��wF��w
�w�w�wuw�w��w��w��w"��w<��wT��wF��w
�w"��w<��wT��wF��w
�|��|�א|�֐|��|^ߐ|�a�|�e�|��|B?�|
�a�|�e�|��|B?�|
�wI��w��w��w��w@��wV¨w��wH��w
�w@��wV¨w��wH��w
�w
��Pw
�w��w��w��w<��w�y�w7p�wMn�w�R�wt�w��wI}�w|�w�'�wф�w�
��w<��w�y�w7p�wMn�w�R�wt�w��wI}�w|�w�'�wф�w�
7p�wMn�w�R�wt�w��wI}�w|�w�'�wф�w�
�w|�w�'�wф�w�
�B�q9��q3b�q� �qi,�qP�q�;�q
�;�q
(�qMf�q(D�q��qo*�q+�q��q-�qZa�q�D�q�-�q^*�qj@�qܔ�qw�|erve
�q+�q��q-�qZa�q�D�q�-�q^*�qj@�qܔ�qw�|erve
�qZa�q�D�q�-�q^*�qj@�qܔ�qw�|erve
�qܔ�qw�|erve
�|/��|��|��|��|]��|m�|f��|]�|}�| ��|�*�|w�|��|�(�|
�|]��|m�|f��|]�|}�| ��|�*�|w�|��|�(�|
�|}�| ��|�*�|w�|��|�(�|
w�|��|�(�|
�|u�|L��|��|/�|�|в�| �|��|��|t��|;��|�P�|e��|p0�|��|B$�|s��|ճ�|ϴ�|W�|1�|��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|в�| �|��|��|t��|;��|�P�|e��|p0�|��|B$�|s��|ճ�|ϴ�|W�|1�|��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|��|t��|;��|�P�|e��|p0�|��|B$�|s��|ճ�|ϴ�|W�|1�|��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�P�|e��|p0�|��|B$�|s��|ճ�|ϴ�|W�|1�|��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
s��|ճ�|ϴ�|W�|1�|��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
��|��|�$�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|��|��|d��|﹀|�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|��|2�|AM�|G��|1�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|��| %�|��|`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
`�|��|��|�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�+�|��|��|�y�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|=�|[�|dƂ|��|��|��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
��|� �|�|D �|w �|A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
A&�|ԧ�|�&�|"�|7�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|,�|GK�|d=�|�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�>�|�A�|LC�|b@�|A�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|��|X��|�́|� �|��|r��|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|]�|��| ��|��|��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
��|똀|(��|2#�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�|�R�|��|Ԡ�|[V�|�#�|��|��|y��|@�|�
�#�|��|��|y��|@�|�
�|��|�|��|k�|�|�Y�|��|:��|��|��|��|E�|��|��|��|
�|k�|�|�Y�|��|:��|��|��|��|E�|��|��|��|
�|��|��|��|E�|��|��|��|
��|��|
�w�o�wCp�w
�w�n�w-l�w�Y�w�Z�w��wI��w�[�w��w6��w�
�wI��w�[�w��w6��w�
SHRegDeleteEmptyUSKeyW
SHOpenRegStreamW
ChrCmpIW
PathFindFileNameW
StrRetToStrW
PathBuildRootA
SHRegCloseUSKey

advapi32

BuildExplicitAccessWithNameA
BuildTrusteeWithSidA
ImpersonateSelf
BuildTrusteeWithNameW
AllocateAndInitializeSid
CryptVerifySignatureA
EnumServicesStatusW
AreAnyAccessesGranted
DestroyPrivateObjectSecurity
GetTrusteeNameA
ReadEventLogA
GetSecurityDescriptorSacl
SetServiceStatus
ObjectOpenAuditAlarmW
RegSaveKeyW
IsValidSecurityDescriptor
GetAccessPermissionsForObjectW
MapGenericMask
MakeAbsoluteSD
CryptReleaseContext
GetNamedSecurityInfoW
GetAuditedPermissionsFromAclA
ConvertSecurityDescriptorToAccessNamedA
ChangeServiceConfigW
GetSecurityDescriptorLength
RegConnectRegistryW
RegQueryValueExA
UnlockServiceDatabase
GetMultipleTrusteeW
CryptSetKeyParam
MakeSelfRelativeSD
PrivilegeCheck
LookupPrivilegeValueA
CryptGetDefaultProviderW
CryptImportKey
RegEnumKeyExA
CreateServiceA
RegSetValueA
SetThreadToken
CryptEnumProvidersA
SetEntriesInAclA
GetServiceKeyNameW
CloseServiceHandle
CryptVerifySignatureW
SetEntriesInAuditListA
ClearEventLogA
DeregisterEventSource
GetCurrentHwProfileW
LookupAccountNameW
SetEntriesInAccessListA
OpenThreadToken
CreatePrivateObjectSecurity
CryptEncrypt
GetAce
LookupAccountNameA
QueryServiceLockStatusW
GetEffectiveRightsFromAclW
BackupEventLogA
RegisterServiceCtrlHandlerW
ObjectPrivilegeAuditAlarmW
CryptGetDefaultProviderA
RegFlushKey

ole32

StgIsStorageFile
OleDuplicateData
Co
CreateDataCache
CoInitializeSecurity
OleTranslateAccelerator
OleCreateStaticFromData
OleLoad
CoRevertToSelf
OleGetClipboard
OleRegGetUserType
WriteFmtUserTypeStg
CoBuildVersion
OleCreateFromData
EnableHookObject
CoGetMarshalSizeMax
CoTreatAsClass
OleInitialize
UpdateDCOMSettings
CoCreateInstance
CreateItemMoniker
CoGetInterfaceAndReleaseStream
CoGetCallContext
OleConvertIStorageToOLESTREAMEx
OleCreateFromFile
StringFromGUID2
CreateOleAdviseHolder
CoRevokeClassObject
CoTaskMemFree
GetDocumentBitStg
CreateDataAdviseHolder
CoGetInstanceFromFile
ReleaseStgMedium
CoGetInstanceFromIStorage
CoRegisterMessageFilter
UtGetDvtd16Info
OleNoteObjectVisible
CoUnmarshalHresult
OleIsCurrentClipboard
ReadStringStream
CoFreeLibrary
CoGetPSClsid
CoReleaseMarshalData
CoTaskMemAlloc
CoTaskMemRealloc
CoMarshalHresult
CoCreateFreeThreadedMarshaler
CoLockObjectExternal
CoInitializeEx
CLSIDFromProgID
SetDocumentBitStg
CoRevokeMallocSpy
MonikerRelativePathTo
OpenOrCreateStream
OleCreateLinkToFile
UtGetDvtd32Info
GetHookInterface
CoMarshalInterface

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c2055a28cca259d9cdb9647fffb7e81

Headers

DLL Characteristics

File Characteristics

Imports

�ka

shlwapi

advapi32

ole32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 12KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 12KB