5acbcc1df967d37bf86e429030c9c8ad43e84c8ec5d74bfe3737816c74994c18

Sharing

Copy URL

Twitter E-mail

General

Target

5acbcc1df967d37bf86e429030c9c8ad43e84c8ec5d74bfe3737816c74994c18
Size

364KB
MD5

d7d5907195cda040a984062294fcdbd5
SHA1

ba52267c305ff9bc6f02fa9c5ebcb690ccb267eb
SHA256

5acbcc1df967d37bf86e429030c9c8ad43e84c8ec5d74bfe3737816c74994c18
SHA512

9871626b5f043583dc1f707386304d372a34734e03938d9f97d1ab3281be720ce3c1fed6b5bb78f5c24949fb6b18b5df8c57a456ac4c39bd7063579f1921b9b4
SSDEEP

6144:qPpRMZEIfrLrLrLm3IgVDvpXhZ4rfytTPbsGOXvV50DErQNg/ydlb4fQ6wFMv97:FqaioXIDhNg6dNoQl+vF

Score

N/A

Malware Config

Signatures

Files

5acbcc1df967d37bf86e429030c9c8ad43e84c8ec5d74bfe3737816c74994c18
.exe windows x86

246fe7d66829efecc66898d339b9163e

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetForegroundWindow
EnumChildWindows
PostQuitMessage
ShutdownBlockReasonCreate
DefWindowProcA
DestroyWindow
AnimateWindow
CloseWindow
ShutdownBlockReasonDestroy
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
DispatchMessageA
DeferWindowPos
ReleaseDC
MessageBoxW
AdjustWindowRect
wsprintfW
wsprintfA

gdi32

SetPixel
GetDeviceCaps
SetPaletteEntries
SelectPalette
DeleteObject

kernel32

GetFileSize
LocalAlloc
ReadFile
CloseHandle
WriteFile
DeviceIoControl
OpenMutexW
CreateMutexW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcpyA
lstrcatA
HeapAlloc
OutputDebugStringW
GetProcAddress
lstrlenW
CreateDirectoryW
GetLastError
WaitForSingleObject
lstrcpynW
lstrcatW
FindNextFileW
lstrcmpW
FindClose
GetTickCount
CreateFileA
ExitThread
CreateThread
TlsGetValue
TlsSetValue
ExitProcess
VirtualAlloc
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetWindowsDirectoryA
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
GetShortPathNameW
ExpandEnvironmentStringsW
Sleep
GetCurrentProcessId
VirtualQuery
VirtualProtect
IsBadReadPtr
FreeLibrary
lstrcmpA
AllocConsole
GetStdHandle
WriteConsoleW
UnmapViewOfFile
lstrcmpiW
lstrcpyW
SetFileAttributesW
MoveFileExW
FindFirstFileW
WaitForMultipleObjects
GetDriveTypeW
GetTickCount64
IsProcessorFeaturePresent
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
LocalFree
GetUserDefaultUILanguage
InitializeCriticalSection
DeleteCriticalSection
SetLastError
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GlobalAlloc
GlobalFree
Beep
MoveFileExA
GetVersionExA
CreateFileW
VirtualFree
SetThreadExecutionState

advapi32

LsaClose
LsaFreeMemory
EqualDomainSid
InitializeSecurityDescriptor
CryptGenRandom
CryptDecrypt
CryptEncrypt
CryptImportKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptAcquireContextW
LsaQueryTrustedDomainInfo
LsaCreateTrustedDomainEx
LookupAccountSidW
AreAllAccessesGranted
EncryptionDisable
LsaAddAccountRights

shell32

ShellExecuteExW
SHGetFolderPathW

secur32

LsaConnectUntrusted

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

shlwapi

StrStrW
StrToIntA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W

ws2_32

shutdown
closesocket
connect
htons
inet_addr
WSAGetLastError
WSACleanup
socket
WSAStartup
inet_pton
send
gethostbyname
inet_ntoa
recv

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

246fe7d66829efecc66898d339b9163e

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shell32

secur32

netapi32

shlwapi

mpr

ws2_32

wininet

crypt32

ole32

oleaut32

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 65KB - Virtual size: 64KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 65KB - Virtual size: 64KB