65774dcf6d6e9a55be4250a1c95c93a92913bdbfcffce66af4bf7c8f4719489c

Sharing

Copy URL

Twitter E-mail

General

Target

65774dcf6d6e9a55be4250a1c95c93a92913bdbfcffce66af4bf7c8f4719489c
Size

384KB
MD5

a6c6d9747407034817b1b0e739cc07d7
SHA1

545f28e3ac5e91665fc0f36671594c081971db4f
SHA256

65774dcf6d6e9a55be4250a1c95c93a92913bdbfcffce66af4bf7c8f4719489c
SHA512

d64834e13454c7e72707cf249da770abf9cc74f1ad6d55fb7c396d7246aa6bd8c9a7d4a95fec24ab7aa27df9f034d6dc913dd7ae87b72d918935fc9e373eb895
SSDEEP

6144:5cP69MZEIxrLrLrLNaMiAqNoUpEHQ2DfVdaljqAS+p/WB7MefV50DEr6Ng/ydlb:gCaBWj1R434D3Ng6dNoQl+vu

Score

N/A

Malware Config

Signatures

Files

65774dcf6d6e9a55be4250a1c95c93a92913bdbfcffce66af4bf7c8f4719489c
.exe windows x86

2da796aed8e14f34c32ae9966cb97130

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetForegroundWindow
AnimateWindow
PostQuitMessage
ShutdownBlockReasonCreate
DefWindowProcA
MessageBoxW
wsprintfA
wsprintfW
ShutdownBlockReasonDestroy
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRect
ReleaseDC
DeferWindowPos
DestroyWindow
CloseWindow
EnumChildWindows

gdi32

SetPixel
GetDeviceCaps
SelectPalette
SetPaletteEntries
DeleteObject

kernel32

GetFileSize
LocalAlloc
ReadFile
CloseHandle
WriteFile
DeviceIoControl
OpenMutexW
CreateMutexW
lstrlenA
GetModuleHandleA
LoadLibraryA
HeapAlloc
lstrcpyA
lstrcatA
GetProcAddress
lstrlenW
CreateDirectoryW
GetLastError
lstrcatW
lstrcpynW
FindNextFileW
lstrcmpW
FindClose
GetTickCount
VirtualFree
ExitThread
CreateFileA
CreateFileW
TlsSetValue
OutputDebugStringW
VirtualAlloc
TlsGetValue
WaitForSingleObject
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
GetWindowsDirectoryA
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
GetShortPathNameW
ExpandEnvironmentStringsW
Sleep
GetCurrentProcessId
VirtualQuery
VirtualProtect
IsBadReadPtr
FreeLibrary
lstrcmpA
AllocConsole
GetStdHandle
WriteConsoleW
UnmapViewOfFile
lstrcmpiW
lstrcpyW
SetFileAttributesW
MoveFileExW
FindFirstFileW
WaitForMultipleObjects
GetDriveTypeW
GetTickCount64
IsProcessorFeaturePresent
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
LocalFree
GetUserDefaultUILanguage
InitializeCriticalSection
DeleteCriticalSection
SetLastError
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GlobalAlloc
GlobalFree
Beep
MoveFileExA
GetVersionExA
Process32NextW
CreateThread
SetThreadExecutionState

advapi32

LsaFreeMemory
LsaAddAccountRights
LookupAccountSidW
InitializeSecurityDescriptor
LsaClose
CryptDecrypt
CryptEncrypt
CryptImportKey
GetSidSubAuthority
GetSidSubAuthorityCount
AreAllAccessesGranted
CryptGenRandom
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptAcquireContextW
LsaQueryTrustedDomainInfo
LsaCreateTrustedDomainEx
EqualDomainSid
EncryptionDisable

shell32

ShellExecuteExW
SHGetFolderPathW

secur32

LsaConnectUntrusted

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

shlwapi

StrStrW
StrToIntA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W

ws2_32

shutdown
closesocket
connect
htons
inet_addr
WSAGetLastError
WSACleanup
socket
WSAStartup
inet_pton
send
gethostbyname
inet_ntoa
recv

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2da796aed8e14f34c32ae9966cb97130

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shell32

secur32

netapi32

shlwapi

mpr

ws2_32

wininet

crypt32

ole32

oleaut32

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 65KB - Virtual size: 64KB

.data1 Size: 19KB - Virtual size: 18KB

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 65KB - Virtual size: 64KB

.data1
Size: 19KB - Virtual size: 18KB