0df5f4794a0c890c3bef265b6c820baed2aced17fbf194149337a23ff1dc10ca

Sharing

Copy URL

Twitter E-mail

General

Target

0df5f4794a0c890c3bef265b6c820baed2aced17fbf194149337a23ff1dc10ca
Size

425KB
MD5

a204a6598182464aec31426ef3190cf1
SHA1

5af8a417b66cd5a20ae4c01d648ce5f26a1e9ef1
SHA256

0df5f4794a0c890c3bef265b6c820baed2aced17fbf194149337a23ff1dc10ca
SHA512

0e6e05645cc59f21a6671d401b939f5504038f24c78e2f8a6756e962af791a9e7667828716ec8e52016f131d34e8d075a95cef4a803a8b3b023591d8efbc5bb8
SSDEEP

6144:VdByTbS1zwivWUWdPITH3qe+9hoSitRHXqpxWcXLKbnSKMNJhlSRK:7BfNwEWHdPITH3qe+9/aR3qbWMySJ/B

Score

N/A

Malware Config

Signatures

Files

0df5f4794a0c890c3bef265b6c820baed2aced17fbf194149337a23ff1dc10ca
.exe windows x86

3a44d95ac11e8108cfea013e740ed013

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
lstrcmpiA
GetProcAddress
VirtualAlloc
RemoveDirectoryA
GetDiskFreeSpaceA
WaitForMultipleObjects
GetModuleHandleA
GetCurrentDirectoryA
GetDiskFreeSpaceExA
CloseHandle
GetCurrentProcessId
CreateThread
lstrcpyA
CompareStringW
CreateFileW
GetStringTypeW
GetDriveTypeW
GetProcessHeap
SetEndOfFile
GetEnvironmentStringsW
SetConsoleTitleA
GetModuleFileNameA
RaiseException
HeapSize
LCMapStringW
IsProcessorFeaturePresent
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
QueryPerformanceCounter
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
CreateFileA
SetStdHandle
RtlUnwind
LoadLibraryW
GetSystemDirectoryA
GetFileAttributesA
CreateEventA
GlobalAlloc
GetDriveTypeA
GetWindowsDirectoryA
GetConsoleTitleA
ExpandEnvironmentStringsA
GetTickCount
WaitForSingleObject
GlobalLock
QueryDosDeviceA
lstrlenA
GetComputerNameA
GetVolumeNameForVolumeMountPointA
FreeEnvironmentStringsW
QueryPerformanceFrequency
GetTempPathA
FindNextFileA
FindClose
GetTempFileNameA
GetLastError
FindFirstFileA
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
GetModuleHandleW
SetEnvironmentVariableA
HeapCreate
GetTimeZoneInformation
WideCharToMultiByte
DecodePointer
EncodePointer
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
MultiByteToWideChar
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsGetValue
GlobalMemoryStatus
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
HeapReAlloc
SystemTimeToFileTime
ReadFile
HeapFree
HeapAlloc
DeleteFileA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
SetFileTime
LocalFileTimeToFileTime

user32

SetWindowTextA
BeginDeferWindowPos
OpenClipboard
LoadCursorA
MoveWindow
LoadImageA
SetClipboardData
GetSysColorBrush
GetCursorPos
SetWindowPos
GetSysColor
DefWindowProcA
EndDialog
GetDlgItem
EmptyClipboard
ReleaseDC
CreateWindowExA
GetClipboardData
GetWindowLongA
EndPaint
SetCursor
CloseClipboard
GetWindowRect
PostQuitMessage
GetWindowDC
GetKeyState
CopyImage
GetFocus
GetParent
WaitForInputIdle
IsWindowEnabled
wsprintfA
SetFocus
GetMenuCheckMarkDimensions
SendMessageA
BeginPaint
GetScrollRange
GetDC
ChildWindowFromPoint
RegisterClipboardFormatA
MessageBoxA
InvalidateRect

gdi32

SetTextColor
DeleteDC
CreateFontIndirectA
GetTextCharsetInfo
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
CreateICA
GetObjectA
GetStockObject
TextOutA
PatBlt

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
GetUserNameA
CredReadA
CredReadDomainCredentialsA

ole32

CoInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleGetClipboard
OleInitialize
OleSetContainedObject
CoUninitialize
CoLockObjectExternal
RevokeDragDrop
RegisterDragDrop
OleCreateStaticFromData
ReleaseStgMedium

oleaut32

VariantChangeType
VariantClear

wininet

FtpSetCurrentDirectoryA

ws2_32

WSAStartup

netapi32

NetAuditClear

psapi

GetModuleFileNameExA

crypt32

CertEnumSystemStore

shlwapi

AssocCreate
PathFindFileNameA

setupapi

SetupDiGetClassDevsA

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

ntdsapi

DsClientMakeSpnForTargetServerW
DsBindWithSpnW

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a44d95ac11e8108cfea013e740ed013

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

wininet

ws2_32

netapi32

psapi

crypt32

shlwapi

setupapi

wtsapi32

ntdsapi

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 216KB - Virtual size: 215KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 216KB - Virtual size: 215KB