a6ac82fc87e552476a77c8d22e2d1d64fa17cc3dea9f428a53776354c97825b2

Sharing

Copy URL

Twitter E-mail

General

Target

a6ac82fc87e552476a77c8d22e2d1d64fa17cc3dea9f428a53776354c97825b2
Size

364KB
MD5

8540030a0ea3e18e84af7ce026ab9cad
SHA1

4ccfe4cf5839024e768520c63e3a1982eee092f0
SHA256

a6ac82fc87e552476a77c8d22e2d1d64fa17cc3dea9f428a53776354c97825b2
SHA512

8b7f32f3c4409cf3d5f69c32302c908086a4a156200fa3fb197bac957a0942a516349951633d09510b2f1c73bc02186f860467280cd36bbcebbdf1d0a974bb05
SSDEEP

6144:qPpRMZEIfrLrLrLm3IgVDvpXhZ4rfytTPbsGOXvV50DErQNg/ydlb4fQ6wFMv97:FqaioXIDhNg6dNoQl+vF

Score

N/A

Malware Config

Signatures

Files

a6ac82fc87e552476a77c8d22e2d1d64fa17cc3dea9f428a53776354c97825b2
.exe windows x86

246fe7d66829efecc66898d339b9163e

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetForegroundWindow
EnumChildWindows
PostQuitMessage
ShutdownBlockReasonCreate
DefWindowProcA
DestroyWindow
AnimateWindow
CloseWindow
ShutdownBlockReasonDestroy
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
DispatchMessageA
DeferWindowPos
ReleaseDC
MessageBoxW
AdjustWindowRect
wsprintfW
wsprintfA

gdi32

SetPixel
GetDeviceCaps
SetPaletteEntries
SelectPalette
DeleteObject

kernel32

GetFileSize
LocalAlloc
ReadFile
CloseHandle
WriteFile
DeviceIoControl
OpenMutexW
CreateMutexW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcpyA
lstrcatA
HeapAlloc
OutputDebugStringW
GetProcAddress
lstrlenW
CreateDirectoryW
GetLastError
WaitForSingleObject
lstrcpynW
lstrcatW
FindNextFileW
lstrcmpW
FindClose
GetTickCount
CreateFileA
ExitThread
CreateThread
TlsGetValue
TlsSetValue
ExitProcess
VirtualAlloc
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetWindowsDirectoryA
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
GetShortPathNameW
ExpandEnvironmentStringsW
Sleep
GetCurrentProcessId
VirtualQuery
VirtualProtect
IsBadReadPtr
FreeLibrary
lstrcmpA
AllocConsole
GetStdHandle
WriteConsoleW
UnmapViewOfFile
lstrcmpiW
lstrcpyW
SetFileAttributesW
MoveFileExW
FindFirstFileW
WaitForMultipleObjects
GetDriveTypeW
GetTickCount64
IsProcessorFeaturePresent
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
LocalFree
GetUserDefaultUILanguage
InitializeCriticalSection
DeleteCriticalSection
SetLastError
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GlobalAlloc
GlobalFree
Beep
MoveFileExA
GetVersionExA
CreateFileW
VirtualFree
SetThreadExecutionState

advapi32

LsaClose
LsaFreeMemory
EqualDomainSid
InitializeSecurityDescriptor
CryptGenRandom
CryptDecrypt
CryptEncrypt
CryptImportKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptAcquireContextW
LsaQueryTrustedDomainInfo
LsaCreateTrustedDomainEx
LookupAccountSidW
AreAllAccessesGranted
EncryptionDisable
LsaAddAccountRights

shell32

ShellExecuteExW
SHGetFolderPathW

secur32

LsaConnectUntrusted

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

shlwapi

StrStrW
StrToIntA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W

ws2_32

shutdown
closesocket
connect
htons
inet_addr
WSAGetLastError
WSACleanup
socket
WSAStartup
inet_pton
send
gethostbyname
inet_ntoa
recv

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

246fe7d66829efecc66898d339b9163e

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shell32

secur32

netapi32

shlwapi

mpr

ws2_32

wininet

crypt32

ole32

oleaut32

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 65KB - Virtual size: 64KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 65KB - Virtual size: 64KB