4feb2e00c0dc0c42f42fd2c93f48e350c37386768e7774f82cdc98c8bc8dbc69

Sharing

Copy URL

Twitter E-mail

General

Target

4feb2e00c0dc0c42f42fd2c93f48e350c37386768e7774f82cdc98c8bc8dbc69
Size

354KB
MD5

09e61348c89279d1f31159cc152a33ac
SHA1

1fc77fba10690bf81fa0b25ff1d74b23ff092d7e
SHA256

4feb2e00c0dc0c42f42fd2c93f48e350c37386768e7774f82cdc98c8bc8dbc69
SHA512

fdcdf8a50118f8cf2f379d755bdfc5c1c9c3ffa3fc333fc98ad9b24f4894763dfdb82c33e7edf6849b8c50c7b403f2a5ce64dd0935724c7cf9b973761ff237c7
SSDEEP

6144:qXb8Tiu28pMdCrLrLrLkna6IaM51PSKuqJ9ZebleCD30V50DErCNg/ydlb4fQ6w:MwThxYnG79ckeDzNg6dNoQl+v

Score

N/A

Malware Config

Signatures

Files

4feb2e00c0dc0c42f42fd2c93f48e350c37386768e7774f82cdc98c8bc8dbc69
.exe windows x86

5249a0087ef6fa75fd1f22862b499033

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
DestroyWindow
PostQuitMessage
ShutdownBlockReasonCreate
DefWindowProcA
wsprintfA
EnumChildWindows
AnimateWindow
ShutdownBlockReasonDestroy
RegisterClassExW
CreateWindowExW
GetMessageA
TranslateMessage
DispatchMessageA
ReleaseDC
CloseWindow
AdjustWindowRect
DeferWindowPos
wsprintfW
MessageBoxW

gdi32

DeleteObject
SetPixel
GetDeviceCaps
SelectPalette
SetPaletteEntries

kernel32

LocalAlloc
ReadFile
CloseHandle
WriteFile
DeviceIoControl
OpenMutexW
CreateMutexW
lstrlenA
GetModuleHandleA
LoadLibraryA
TlsGetValue
lstrcpyA
lstrcatA
GetProcAddress
lstrlenW
CreateDirectoryW
GetLastError
WaitForSingleObject
lstrcpynW
lstrcatW
FindNextFileW
lstrcmpW
FindClose
GetFileSize
VirtualFree
ExitThread
CreateThread
HeapAlloc
TlsSetValue
CreateFileW
VirtualAlloc
ExitProcess
OutputDebugStringW
CreateToolhelp32Snapshot
CreateFileA
Process32NextW
GetModuleHandleW
GetSystemDirectoryW
CreateProcessW
GetShortPathNameW
ExpandEnvironmentStringsW
Sleep
GetCurrentProcessId
VirtualQuery
VirtualProtect
IsBadReadPtr
FreeLibrary
lstrcmpA
UnmapViewOfFile
lstrcmpiW
lstrcpyW
MoveFileExW
FindFirstFileW
WaitForMultipleObjects
GetDriveTypeW
GetTickCount64
SetThreadExecutionState
GetFileSizeEx
IsProcessorFeaturePresent
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
LocalFree
GetUserDefaultUILanguage
InitializeCriticalSection
DeleteCriticalSection
SetLastError
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GlobalAlloc
GlobalFree
Beep
GetWindowsDirectoryA
MoveFileExA
GetVersionExA
Process32FirstW
GetTickCount
SetFilePointerEx

advapi32

CryptGenRandom
LsaClose
LookupAccountSidW
LsaAddAccountRights
InitializeSecurityDescriptor
CryptDecrypt
CryptEncrypt
CryptImportKey
GetSidSubAuthority
GetSidSubAuthorityCount
EncryptionDisable
CryptReleaseContext
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptAcquireContextW
LsaFreeMemory
AreAllAccessesGranted
LsaQueryTrustedDomainInfo
EqualDomainSid
LsaCreateTrustedDomainEx

shell32

ShellExecuteExW
SHGetFolderPathW

secur32

LsaConnectUntrusted

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

shlwapi

StrToIntA
StrStrW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W

ws2_32

shutdown
closesocket
connect
htons
inet_addr
WSAGetLastError
WSACleanup
socket
WSAStartup
inet_pton
send
recv
inet_ntoa
gethostbyname

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

crypt32

CryptBinaryToStringW
CryptStringToBinaryA
CryptBinaryToStringA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5249a0087ef6fa75fd1f22862b499033

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

advapi32

shell32

secur32

netapi32

shlwapi

mpr

ws2_32

wininet

crypt32

ole32

oleaut32

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 66KB - Virtual size: 65KB

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 66KB - Virtual size: 65KB