5a9468a87997f2363995e264505105f6a235b66543bb28635fb74f78704e9111

Sharing

Copy URL

Twitter E-mail

General

Target

5a9468a87997f2363995e264505105f6a235b66543bb28635fb74f78704e9111
Size

203KB
MD5

75758f7b5ce71fa918c1c7c68d3bd524
SHA1

4a6ac65f6f8304bacbf176fce156cc0393aae565
SHA256

5a9468a87997f2363995e264505105f6a235b66543bb28635fb74f78704e9111
SHA512

0d6ee5345777439f69fb5b49ef7ba7687bc40467d618f77e1c81ba08ef645e1596f3019496b2df7e229ae1f274edb17cdc81124a7ca0a6478a157ca6865fae7a

Score

N/A

Malware Config

Signatures

Files

5a9468a87997f2363995e264505105f6a235b66543bb28635fb74f78704e9111
.exe windows x86

c9b0729c5000411294ab98e0f2c40744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GetLocalTime
GlobalSize
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
ResetEvent
VirtualProtectEx
CreateThread
lstrcmpA
ExitThread
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
HeapAlloc
GetStringTypeW
GetSystemTimeAsFileTime
HeapCreate
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DecodePointer
EncodePointer
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
QueueUserAPC
HeapSize
GetQueuedCompletionStatus
GetCurrentThread
TerminateThread
CreateIoCompletionPort
LocalReAlloc
PostQueuedCompletionStatus
LocalUnlock
LocalLock
LocalFree
LocalAlloc
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
LoadLibraryW
DisconnectNamedPipe
VirtualFreeEx
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
DeleteFileW
GetFileAttributesW
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
lstrcmpiW
GetCurrentProcessId
CreateProcessW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
lstrcpynA
Sleep

user32

wsprintfA
wsprintfW
GetSystemMetrics
CreateWindowExW
SetClipboardViewer
SetWindowLongW
ShowWindow
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SendMessageW
ChangeClipboardChain
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcW
GetForegroundWindow
PostMessageA
CloseWindowStation
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
keybd_event
mouse_event
SetCapture
WindowFromPoint
GetDesktopWindow
GetDC
LoadCursorW
DestroyIcon
GetIconInfo
MessageBoxW
ExitWindowsEx
GetKeyState
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
SetCursorPos

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RegOpenCurrentUser
RegEnumValueA
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
GetLengthSid
LookupAccountSidW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusExW
RegEnumKeyExW
RegCreateKeyExW
InitiateSystemShutdownA
DeleteService
QueryServiceStatusEx
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegOverridePredefKey
RevertToSelf
RegEnumValueW
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW
SHFileOperationW
ExtractIconExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord2
ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157

ws2_32

WSARecvFrom
closesocket
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9b0729c5000411294ab98e0f2c40744

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 22KB - Virtual size: 50KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 50KB

.reloc
Size: 16KB - Virtual size: 15KB