e35ffe111c62d9b05048518659b2b462d8124691bf63b8c34513ec4433d21d80

Sharing

Copy URL

Twitter E-mail

General

Target

e35ffe111c62d9b05048518659b2b462d8124691bf63b8c34513ec4433d21d80
Size

359KB
MD5

89e1ddb8cc86c710ee068d6c6bf300f4
SHA1

6b4896a66dbecc1576434f25220cfa54015d1b9f
SHA256

e35ffe111c62d9b05048518659b2b462d8124691bf63b8c34513ec4433d21d80
SHA512

6d55f431d4081af6700c8717cd2529eddde551eae191cb2dbd31c9baec8a5f576b86affa73a305164aa7fdf7b8913d75d35b2a6e6d1ddc9ffede74a47a89a591
SSDEEP

6144:bHNTIdcJMLqrLrLrL0Ijr7EE76kFraGLTEZnxktQp2QkkV50DErhNg/ydlb4fQ6:rlBS+YlkEqDgNg6dNoQl+v2

Score

N/A

Malware Config

Signatures

Files

e35ffe111c62d9b05048518659b2b462d8124691bf63b8c34513ec4433d21d80
.exe windows x86

1c2e3b6cebb3f7c75933ae02730252b8

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
EnumChildWindows
PostQuitMessage
ShutdownBlockReasonCreate
DefWindowProcA
MessageBoxW
wsprintfW
DestroyWindow
ShutdownBlockReasonDestroy
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
DispatchMessageA
ReleaseDC
DeferWindowPos
wsprintfA
AnimateWindow
CloseWindow
AdjustWindowRect

gdi32

DeleteObject
SetPixel
GetDeviceCaps
SetPaletteEntries
SelectPalette

kernel32

LocalAlloc
ReadFile
CloseHandle
WriteFile
DeviceIoControl
OpenMutexW
CreateMutexW
lstrlenA
GetModuleHandleA
LoadLibraryA
GetLastError
lstrcpyA
HeapAlloc
lstrcatA
GetProcAddress
lstrlenW
CreateDirectoryW
VirtualFree
TlsGetValue
TlsSetValue
lstrcpynW
lstrcatW
FindNextFileW
GetFileSize
FindClose
GetTickCount
ExitThread
CreateThread
ExitProcess
VirtualAlloc
WaitForSingleObject
OutputDebugStringW
CreateFileW
CreateToolhelp32Snapshot
CreateFileA
Process32NextW
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
GetShortPathNameW
ExpandEnvironmentStringsW
Sleep
GetCurrentProcessId
VirtualQuery
VirtualProtect
IsBadReadPtr
FreeLibrary
lstrcmpA
UnmapViewOfFile
lstrcmpiW
lstrcpyW
MoveFileExW
FindFirstFileW
WaitForMultipleObjects
GetDriveTypeW
GetTickCount64
SetThreadExecutionState
GetFileSizeEx
IsProcessorFeaturePresent
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
LocalFree
GetUserDefaultUILanguage
InitializeCriticalSection
DeleteCriticalSection
SetLastError
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GlobalAlloc
GlobalFree
Beep
GetWindowsDirectoryA
MoveFileExA
GetVersionExA
Process32FirstW
lstrcmpW
SetFilePointerEx

advapi32

LsaClose
LookupAccountSidW
LsaAddAccountRights
LsaCreateTrustedDomainEx
InitializeSecurityDescriptor
CryptDecrypt
CryptEncrypt
CryptImportKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptGenRandom
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptAcquireContextW
EqualDomainSid
LsaQueryTrustedDomainInfo
EncryptionDisable
AreAllAccessesGranted
LsaFreeMemory

shell32

ShellExecuteExW
SHGetFolderPathW

secur32

LsaConnectUntrusted

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

shlwapi

StrToIntA
StrStrW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W

ws2_32

shutdown
closesocket
connect
htons
inet_addr
WSAGetLastError
WSACleanup
socket
WSAStartup
inet_pton
send
recv
inet_ntoa
gethostbyname

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

crypt32

CryptBinaryToStringW
CryptStringToBinaryA
CryptBinaryToStringA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c2e3b6cebb3f7c75933ae02730252b8

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shell32

secur32

netapi32

shlwapi

mpr

ws2_32

wininet

crypt32

ole32

oleaut32

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 65KB - Virtual size: 64KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 65KB - Virtual size: 64KB

.reloc
Size: 9KB - Virtual size: 8KB