44d18a5d79c430787fd8021c4915e29ec41059f12f80559820d73e232b86cca5

Sharing

Copy URL

Twitter E-mail

General

Target

44d18a5d79c430787fd8021c4915e29ec41059f12f80559820d73e232b86cca5
Size

326KB
MD5

941fbf1d6026f44f8838e08d1095bdee
SHA1

565e92c3563def12743e19ea370330d29ec1bcfd
SHA256

44d18a5d79c430787fd8021c4915e29ec41059f12f80559820d73e232b86cca5
SHA512

ee0c85158c347c950606b102659b4c7f55514c506e1b7cd7da4c12c78ca8803ff3983fc97065eee46f67f105eaf13da27d780a56d53ee62d7452c35b38197661
SSDEEP

6144:q5aMy3eKyHuKAitIWF+aQrxBxXYs7yLTiSKTdbIqB+wG:qxy3e96sbKDes2yVJIqU

Score

N/A

Malware Config

Signatures

Files

44d18a5d79c430787fd8021c4915e29ec41059f12f80559820d73e232b86cca5
.exe windows x86

424eb5e4246d140b2b5ed334122fe438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDesktopWindow

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW

shell32

DragQueryFileW
DragQueryPoint
ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetMalloc
DragFinish
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoUninitialize
CoInitialize

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
IsTextUnicode
RegQueryInfoKeyW
RegOpenKeyExW

gdi32

SetBkMode
DeleteObject
Rectangle
CreatePen
GetStockObject
DeleteDC
GetROP2
GetTextExtentPoint32W
CreateSolidBrush
SetTextColor
GetPixel
CreateFontIndirectW
GetTextExtentPointW
GetDeviceCaps
DPtoLP
StartDocW
StartPage
SetTextAlign
SelectObject
EndPage
EndDoc
EnumFontFamiliesExW
CreateBitmap
CreatePatternBrush
SetBrushOrgEx
PatBlt
OffsetWindowOrgEx
SetWindowOrgEx
SetBkColor
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
BitBlt
CreateFontW
SaveDC
RestoreDC
MoveToEx
LineTo
CreateHatchBrush
GetTextMetricsW
ExtTextOutW
SetROP2

comctl32

ImageList_EndDrag
InitCommonControlsEx
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_Draw
ImageList_Add
ImageList_SetIconSize

netapi32

NetConnectionEnum

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathFindExtensionW
PathStripPathW
PathIsRelativeW
PathFindFileNameW
PathCompactPathExW
PathIsDirectoryW
PathMatchSpecW
PathRemoveFileSpecW
PathAppendW
PathAddExtensionW

kernel32

LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
CompareStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
CompareStringW
GetDriveTypeA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
lstrcmpW
lstrcatW
GetModuleFileNameW
lstrlenW
lstrcpyW
DeleteFileW
lstrcmpiW
GetLongPathNameW
GetFullPathNameW
MoveFileW
SetFileAttributesW
GetFileAttributesW
GlobalUnlock
GlobalLock
GetLastError
GetCurrentThreadId
GetModuleHandleW
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeLibrary
GlobalFree
CloseHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileW
GetProcAddress
LoadLibraryW
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadFile
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

424eb5e4246d140b2b5ed334122fe438

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

shell32

ole32

advapi32

gdi32

comctl32

netapi32

shlwapi

kernel32

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 13KB - Virtual size: 340KB

.CODE Size: 512B - Virtual size: 448B

.rsrc Size: 212KB - Virtual size: 211KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 13KB - Virtual size: 340KB

.CODE
Size: 512B - Virtual size: 448B

.rsrc
Size: 212KB - Virtual size: 211KB