ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6

Sharing

Copy URL

Twitter E-mail

General

Target

ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
Size

89KB
MD5

96f008e97e84f07d643548ca503d7930
SHA1

7f0d5571b331b681e1689a2fda251329dcfa527f
SHA256

ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
SHA512

55633a88d52c46e286153c94698ec6fad8d7ecfe1d0cd48873117f9dca9f8b6681236e07a1f3d827ed57bbc7b4758060a4482d30b21cc52119680a8e603d3b64
SSDEEP

1536:O/bgoDIz4ijUEGuMFSgWMUw5yvx1Uk/XV083ATFjD0IZANqKR:kIz4ijXrSSgWbKyf3d3ATFqNqK

Score

N/A

Malware Config

Signatures

Files

ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
.exe windows x86

c46c273ad454c5400e7b65b8b50446cf

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterEventSourceW
RegCloseKey
CryptReleaseContext
GetUserNameW
ReportEventW
CryptSetKeyParam
SetTokenInformation
CryptAcquireContextW
CheckTokenMembership
RegDeleteValueW
RegOpenKeyW
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyA
RegQueryValueExW
RegDeleteValueA
CryptHashData
StartServiceCtrlDispatcherA
DeregisterEventSource
RegEnumKeyW
RegSetValueExW
CryptDeriveKey
FreeSid
RegDeleteKeyA
OpenProcessToken
RegOpenKeyExA
CryptDecrypt
StartServiceCtrlDispatcherW
CryptCreateHash
InitializeSecurityDescriptor
CryptDestroyHash
QueryServiceStatus
RegOpenKeyExW
RegSetValueExA
CryptDestroyKey
AllocateAndInitializeSid

comdlg32

GetFileTitleA

ddraw

DirectDrawCreate

gdi32

CreateCompatibleBitmap
RealizePalette
GetStockObject
BitBlt
SelectPalette
CreateDIBSection
CreatePalette
SetViewportExtEx
SetMapMode
SelectObject
SetSystemPaletteUse
GetSystemPaletteEntries
SetWindowExtEx
DeleteDC
DeleteObject
CreateCompatibleDC

imm32

ImmGetContext

kernel32

GetModuleHandleW
VirtualQuery
LoadLibraryW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
lstrcmpA
GetTempFileNameA
SetLastError
IsBadStringPtrW
lstrcmpiW
LCMapStringA
IsDBCSLeadByte
InterlockedExchange
GetWindowsDirectoryW
IsBadCodePtr
GetSystemWindowsDirectoryA
GetModuleHandleA
GetVersionExA
InterlockedDecrement
ReleaseMutex
ExpandEnvironmentStringsA
CreateMutexA
WideCharToMultiByte
DeleteCriticalSection
GetModuleFileNameW
lstrcmpW
GetVersion
MapViewOfFile
GetEnvironmentVariableW
SetStdHandle
HeapAlloc
WriteFile
UnhandledExceptionFilter
GetLocaleInfoW
SetFileAttributesW
EnterCriticalSection
CreateFileW
WinExec
VirtualAlloc
GetFileAttributesW
MultiByteToWideChar
IsBadReadPtr
GetLocalTime
GetLastError
LoadLibraryA
GetCurrentThread
GetStartupInfoA
GetCurrentDirectoryW
GetTickCount
FreeEnvironmentStringsA
FlushViewOfFile
DeleteFileA
lstrlenW
GetSystemWindowsDirectoryW
QueryDosDeviceW
SetHandleCount
Sleep
GetSystemTimeAsFileTime
HeapFree
SetLocaleInfoA
GetSystemInfo
GetSystemDefaultLCID
TlsFree
UnmapViewOfFile
GetStdHandle
HeapDestroy
OpenFileMappingA
DebugBreak
CreateProcessW
LocalFree
CreateDirectoryW
GetShortPathNameW
ExitProcess
GetCPInfo
LeaveCriticalSection
SetCurrentDirectoryW
GetModuleFileNameA
CloseHandle
TlsGetValue
SetEvent
SwitchToThread
GetStringTypeW
CreateProcessA
GetStringTypeA
GetACP
CompareStringA
GetCurrentProcess
QueryPerformanceCounter
WaitForSingleObject
RaiseException
VirtualFree
GetVersionExW
SearchPathW
GetEnvironmentStrings
InitializeCriticalSection
LocalAlloc
GetCurrentProcessId
TlsAlloc
FreeEnvironmentStringsW
HeapSize
GetTempPathA
TlsSetValue
TerminateProcess
IsBadStringPtrA
SetUnhandledExceptionFilter
SetFilePointer
lstrlenA
GetLocaleInfoA
GetCommandLineW
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
InterlockedCompareExchange
CreateFileA
MoveFileW
ResetEvent
LCMapStringW
GetFileType
GetProcessHeap
InterlockedIncrement
MoveFileExW
VirtualProtect
CompareStringW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
FlushFileBuffers
IsBadWritePtr
DeleteFileW
GetOEMCP
CreateFileMappingA
GetProcAddress
GlobalFree
HeapCreate

mpr

WNetConnectionDialog

ntdll

NtQueryInformationThread
NtWriteFile
RtlUnwind
RtlFreeUnicodeString
NtCreateFile
RtlGUIDFromString
RtlCreateSecurityDescriptor
NtClose
NtQueryObject
RtlDosPathNameToNtPathName_U
RtlSetDaclSecurityDescriptor
DbgBreakPoint
RtlInitUnicodeString

ole32

CoInitialize
CoUninitialize
CoCreateInstance

psapi

GetModuleBaseNameW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

user32

EndPaint
CopyIcon
DialogBoxParamW
GetClientRect
ReleaseDC
DefWindowProcW
mouse_event
GetWindowThreadProcessId
ChangeDisplaySettingsA
GetWindowLongW
CreateWindowExA
GetParent
GetWindowRect
GetUpdateRect
BeginPaint
DestroyWindow
DefWindowProcA
CallNextHookEx
DispatchMessageA
UnhookWindowsHookEx
RegisterClassA
GetWindowContextHelpId
EnumChildWindows
SetWindowsHookExW
ValidateRect
InvalidateRect
RegisterWindowMessageW
FindWindowW
SetCursorPos
GetClassLongA
FindWindowA
ShowCursor
FindWindowExA
GetWindowTextW
GetDesktopWindow
GetDC
FillRect
LoadCursorW
GetWindowLongA
GetSystemMetrics
SetForegroundWindow
GetClassNameW
SetWindowLongA
SendMessageTimeoutW
SendMessageW
GetClassNameA

userenv

GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

winmm

timeGetTime
mciSendCommandA

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c46c273ad454c5400e7b65b8b50446cf

Code Sign

Headers

File Characteristics

Imports

advapi32

comdlg32

ddraw

gdi32

imm32

kernel32

mpr

ntdll

ole32

psapi

shell32

user32

userenv

winmm

Sections

.text Size: 81KB - Virtual size: 81KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 81KB - Virtual size: 81KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB