1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0

Sharing

Copy URL

Twitter E-mail

General

Target

1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
Size

4.7MB
MD5

f5479f77d2bee7461763a19bdeffac80
SHA1

4d98de66484a9f1461d22bd51ddec7d0883022a4
SHA256

1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
SHA512

3b9fa6393d32f793980e223c4351a3ea256cf93ad6aec43bdb90fed13a518e5cde54da507efac4b81c1e912cc8eb8cf666e1768c602dd069c71bff4f132675ef
SSDEEP

98304:LFaTu3+GjVEcyt+nf/mNHKFPGZ9UqhYQxC9+em304:BasXR4+nf/ELh+Q++em30

Score

N/A

Malware Config

Signatures

Files

1eb4eaaac11a804bdbf36009b6a4fcca8331f4adbefd495c3afd2c1536eb13c0
.exe windows x64

cca64d18ebfe887a56e509817b82d48a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
sprintf
strcmp
strncmp
fabs
ceil
malloc
floor
free
fclose
memmove
strncpy
strstr
_strnicmp
_strdup
strlen
strcpy
strcat
memcpy
_stricmp
tolower

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetComputerNameA
OpenProcess
TerminateProcess
CreateMutexA
GetLastError
GetCurrentProcess
GetCommandLineA
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
WideCharToMultiByte
RtlZeroMemory
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
GetCurrentThreadId
OpenFileMappingA
UnmapViewOfFile
HeapFree
HeapAlloc
SetLastError
InitializeCriticalSection
TlsAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetModuleFileNameA
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetTickCount
TlsGetValue
CopyFileA
SetFileAttributesA
DeleteFileA
WriteFile
CreateFileA
SetFilePointer
GetFileSize
ReadFile
HeapReAlloc
DeleteCriticalSection
TlsFree
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
CreateThread
ReleaseSemaphore

user32

GetClassNameA
FindWindowExA
GetWindowTextLengthA
GetWindowTextA
GetWindowLongPtrA
FindWindowA
EnumWindows
GetWindowThreadProcessId
SendMessageA
GetPropA
GetWindow
SetActiveWindow
RemovePropA
DestroyWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
CreateWindowExA
ShowWindow
CreateAcceleratorTableA
SetPropA
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetParent
EnumChildWindows
GetClientRect
FillRect
SetFocus
GetFocus
PostMessageA
DefFrameProcA
DefWindowProcA
GetWindowRect
GetSystemMetrics
SetWindowPos
IsWindowEnabled
IsWindowVisible
IsChild
GetKeyState
CallWindowProcA
SetWindowLongPtrA
DestroyIcon
CharLowerA
RegisterWindowMessageA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

RevokeDragDrop

shell32

ShellExecuteExA

winmm

timeBeginPeriod

shlwapi

PathFileExistsA

ntdll

NtQueryInformationProcess

gdi32

DeleteObject
GetStockObject
GetObjectType
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateBitmap
SetPixel

comctl32

InitCommonControlsEx

Sections

.code
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca64d18ebfe887a56e509817b82d48a

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

shell32

winmm

shlwapi

ntdll

gdi32

comctl32

Sections

.code Size: 22KB - Virtual size: 21KB

.text Size: 38KB - Virtual size: 38KB

.pdata Size: 3KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.code
Size: 22KB - Virtual size: 21KB

.text
Size: 38KB - Virtual size: 38KB

.pdata
Size: 3KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 1KB - Virtual size: 1KB