022fd303fe748e12943c578232c28e0fd1efbcad063525e1a6bbc008d6d56d2f

Sharing

Copy URL

Twitter E-mail

General

Target

022fd303fe748e12943c578232c28e0fd1efbcad063525e1a6bbc008d6d56d2f
Size

99KB
MD5

20abc2fc4ae0ddc631322df67c828c17
SHA1

30fc7b84a438df84624e79d5365d4bd959fb5f72
SHA256

022fd303fe748e12943c578232c28e0fd1efbcad063525e1a6bbc008d6d56d2f
SHA512

cf311ade900a87903cfb2ea686494fb3a002f3676ffda9f58f18cb53986eb2a3482e86ed3c6609b523a0880550cf416b918b076197027c775b88e8a29079c4a1
SSDEEP

3072:13gXgmhZMZWhGPm6mFbU5W6dGBUIlnKuqqx2hI2xg6:13gwmh8Pm6AQRGBUIlKlhIF

Score

N/A

Malware Config

Signatures

Files

022fd303fe748e12943c578232c28e0fd1efbcad063525e1a6bbc008d6d56d2f
.exe windows x86

996095652fc051b93c91608143913700

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpSendRequestA
HttpOpenRequestA

shlwapi

PathFindFileNameW
StrSpnA
StrStrIA
StrChrIA
StrCmpIW
StrCpyNW
StrToIntW
PathRemoveExtensionW
StrChrW
StrCmpNW
StrChrA
PathMatchSpecW
StrStrIW
StrToInt64ExA
StrPBrkA
PathSkipRootW
StrCmpNIW
PathCombineW
PathUnquoteSpacesW
StrCmpNIA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

imagehlp

CheckSumMappedFile

ws2_32

inet_ntoa
WSAStartup
htons
sendto
socket
htonl
shutdown
closesocket
gethostbyname
inet_addr

advapi32

CryptDestroyKey
RegOpenKeyExW
RegFlushKey
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
RegEnumValueW
RegDeleteValueW
ConvertSidToStringSidW
GetLengthSid
CryptEncrypt
OpenProcessToken
RegSetValueExW
CryptImportKey
RegCloseKey
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
AdjustTokenPrivileges
CryptGetKeyParam
CryptAcquireContextW
RegQueryValueExW

kernel32

CreateFileW
OpenMutexW
GetLastError
GetVolumeInformationW
SetErrorMode
LockResource
SizeofResource
LoadResource
GetSystemDirectoryW
lstrcatW
lstrlenW
GetProcAddress
GetDateFormatW
SetFilePointer
SetFilePointerEx
WaitForSingleObject
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
FindResourceW
LocalFree
Sleep
IsBadWritePtr
GetCurrentProcessId
ExitProcess
GetTempFileNameW
GetFileSize
FreeResource
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
GetModuleHandleW
SetEvent
LoadLibraryW
CopyFileW
ReadProcessMemory
lstrcpynW
TerminateProcess
FlushInstructionCache
FlushFileBuffers
GetTempPathW
VirtualAllocEx
CreateFileMappingW
CreateEventW
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
lstrcpynA
GetCommandLineW
CreateMutexW
IsBadStringPtrA
GetCurrentProcess
GetTickCount
GetCurrentThread
GetVersionExW
SetThreadPriority
GetCurrentThreadId
SetCurrentDirectoryW
lstrcmpiW
OpenFileMappingW
OutputDebugStringA
SetProcessShutdownParameters
MultiByteToWideChar
SearchPathW
WaitForMultipleObjects
lstrlenA
LoadLibraryExW
lstrcpyA
GetEnvironmentVariableW
OpenProcess
VirtualProtect
lstrcmpiA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetModuleFileNameA
CreateThread
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
IsBadCodePtr
QueryDosDeviceW
FindNextFileW
TlsAlloc
HeapValidate
GetProcessHeaps
HeapSetInformation
HeapCreate
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
GetComputerNameA
GetModuleHandleA
ExpandEnvironmentStringsW
CreateDirectoryW
GetSystemInfo
RtlUnwind
GetExitCodeProcess
GetSystemWindowsDirectoryW
GetHandleInformation
IsBadReadPtr
IsBadStringPtrW
WideCharToMultiByte
GetSystemWow64DirectoryW

user32

wsprintfW
DispatchMessageW
DefWindowProcW
RegisterClassW
MessageBoxW
CreateWindowExW
PeekMessageW
TranslateMessage
wsprintfA
CharLowerBuffA
GetSystemMetrics
GetKeyboardLayoutList
GetLastInputInfo
RegisterClassExW
UnregisterClassW
GetForegroundWindow

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHChangeNotify
CommandLineToArgvW

ntdll

ZwOpenProcess
ZwClose
_chkstk
isspace
ZwOpenSection
RtlFreeUnicodeString
NtDeleteFile
RtlDosPathNameToNtPathName_U
ZwOpenDirectoryObject
NtQueryVirtualMemory
memcpy
memset
ZwQueryInformationProcess
memmove
_allmul
_aulldvrm
_alldiv

oleaut32

SysAllocString
SysFreeString

netapi32

NetUserGetInfo
NetApiBufferFree
NetUserEnum

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

996095652fc051b93c91608143913700

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

advapi32

kernel32

user32

ole32

shell32

ntdll

oleaut32

netapi32

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB