8f5be0af938a91d520c9ad6454e4eb8e562d236c6cdaae9cecfe04b28e37f857

Sharing

Copy URL

Twitter E-mail

General

Target

8f5be0af938a91d520c9ad6454e4eb8e562d236c6cdaae9cecfe04b28e37f857
Size

112KB
MD5

65977152d62265c0f46751874bd45767
SHA1

3b6aaf8ab4eb82062780202248aad45b916376ab
SHA256

8f5be0af938a91d520c9ad6454e4eb8e562d236c6cdaae9cecfe04b28e37f857
SHA512

c36f317b7229139f9abaa1cf17b50699d3cab630b95d2fb9b59960c14d2843484378c60bd28bf841f229d23b889e180c278f007fd088948e2535e38cb2a782bb
SSDEEP

3072:2GdtoUTLVtbfcgYMIAN06WJBmc+sFqxF5QIPxdt:2GdtoUTDbfZRgJBmce+Ift

Score

N/A

Malware Config

Signatures

Files

8f5be0af938a91d520c9ad6454e4eb8e562d236c6cdaae9cecfe04b28e37f857
.exe windows x86

e58257679a7b694b926252a661453ab3

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW

wininet

InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

shlwapi

PathCombineW
StrSpnA
StrPBrkA
StrCmpNIA
PathSkipRootW
StrSpnW
PathFindFileNameW
StrStrIA
StrChrIA
StrCpyNW
StrStrIW
StrCmpIW
PathUnquoteSpacesW
StrToIntW
StrChrA
PathRemoveExtensionW
StrChrW
StrToInt64ExA
StrCmpNIW
StrCmpNW
StrChrIW
StrPBrkW
PathMatchSpecW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

imagehlp

CheckSumMappedFile

ws2_32

gethostbyname
inet_ntoa
closesocket
shutdown
WSAStartup
htons
sendto
socket
inet_addr
htonl

psapi

GetModuleFileNameExW

wtsapi32

WTSQueryUserToken

kernel32

Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
IsBadWritePtr
SearchPathW
TlsAlloc
MultiByteToWideChar
Process32FirstW
WideCharToMultiByte
MoveFileExW
HeapFree
WaitForSingleObject
GetProcessHeap
GetSystemDirectoryW
Sleep
GetSystemWow64DirectoryW
CreateDirectoryW
FormatMessageW
GetVersionExW
TerminateProcess
lstrlenW
GetLastError
MoveFileW
IsBadStringPtrW
IsBadReadPtr
IsBadCodePtr
IsBadStringPtrA
WaitForMultipleObjects
GetWindowsDirectoryW
LocalFree
lstrcpynA
CreateThread
ExpandEnvironmentStringsW
RtlUnwind
GetCurrentThreadId
WTSGetActiveConsoleSessionId
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
CreateFileW
OpenMutexW
GetVolumeInformationW
lstrcatW
GetProcAddress
GetDateFormatW
SetFilePointer
SetFilePointerEx
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
LeaveCriticalSection
GetTimeFormatW
OpenProcess
FileTimeToSystemTime
ReadFile
GetFileSizeEx
EnterCriticalSection
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
lstrcpyW
GetCurrentProcessId
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
ReadProcessMemory
lstrcpynW
FlushInstructionCache
FlushFileBuffers
GetTempPathW
VirtualAllocEx
CreateFileMappingW
WinExec
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
GetCommandLineW
CreateMutexW
VirtualProtect
SetEvent
GetTickCount
GetCurrentThread
GetModuleHandleA
SetThreadPriority
GetSystemInfo
CreateEventW
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
ExitProcess
GetCurrentProcess
SetPriorityClass
lstrcpyA
GetEnvironmentVariableW
LockResource
SizeofResource
lstrcmpiA
LoadResource
GetModuleFileNameA
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
QueryDosDeviceW
FindNextFileW
FindResourceW
HeapValidate
GetProcessHeaps
HeapSetInformation
HeapCreate
SetLastError
HeapAlloc
HeapReAlloc
lstrlenA
GetComputerNameA
FreeResource
GetFileAttributesW
GetHandleInformation
GetExitCodeProcess

advapi32

CreateProcessAsUserW
EnumDependentServicesW
SetKernelObjectSecurity
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
QueryServiceStatusEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
CryptEncrypt
CryptGetKeyParam
CryptAcquireContextW
CryptDestroyKey
RegEnumKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
GetTokenInformation
StartServiceCtrlDispatcherW
RegCloseKey
RegFlushKey
RegDeleteValueW
InitiateSystemShutdownExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
SetEntriesInAclW
SetNamedSecurityInfoW
CreateWellKnownSid
CheckTokenMembership
FreeSid
RegDeleteKeyW
AllocateAndInitializeSid
DuplicateToken
RegQueryValueExW
RegSetValueW
OpenServiceW
GetLengthSid
ConvertSidToStringSidW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

ntdll

_allmul
NtQueryVirtualMemory
_aulldvrm
RtlFreeUnicodeString
ZwOpenProcess
memset
memcpy
ZwClose
NtDeleteFile
isspace
RtlDosPathNameToNtPathName_U
ZwSuspendProcess
ZwQueryInformationProcess
memmove
_chkstk
ZwOpenSection
ZwOpenDirectoryObject
_alldiv

user32

GetProcessWindowStation
ExitWindowsEx
GetForegroundWindow
CloseWindowStation
SetProcessWindowStation
wsprintfW
GetPropW
GetSystemMetrics
SetPropW
FindWindowW
DispatchMessageW
DefWindowProcW
RegisterClassW
MessageBoxW
GetWindowThreadProcessId
EnumWindowStationsW
CreateWindowExW
GetShellWindow
PeekMessageW
TranslateMessage
wsprintfA
CharLowerBuffA
GetKeyboardLayoutList
OpenInputDesktop
OpenWindowStationW
RegisterClassExW
GetLastInputInfo
UnregisterClassW
GetUserObjectInformationW

oleaut32

SysFreeString
SysAllocString
VariantClear

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoInitialize

shell32

SHChangeNotify
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserEnum

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e58257679a7b694b926252a661453ab3

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

psapi

wtsapi32

kernel32

advapi32

ntdll

user32

oleaut32

ole32

shell32

userenv

netapi32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 5KB