4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0

Sharing

Copy URL

Twitter E-mail

General

Target

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
Size

757KB
MD5

6c7215b113d0d0fad9835cb98113bc1f
SHA1

ed921a96f3360f5b1fe67b957818b67a5cbaff62
SHA256

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
SHA512

2e2f1f090365c54085136fdc6e844f6b81249cf2b3505e25fa711a689e567e8eec6f5e60cf95875623cc175b88b49d62cc17019cb53246e10ea2f5702d54e787
SSDEEP

12288:kVwJ/IZIv8dv3QyEcxIDptvWRzfw2+GlVTNCoVkhA6T:kVwJ/IZIv8aGspIRzw2+ONCoVkhtT

Score

N/A

Malware Config

Signatures

Files

4bf86347bfc2a4afd27b058828613f5bce1a09d369ab8b650b4f71534a7d75f0
.exe windows x86

97e4846527f73d001f1d6696f9a5443d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
DecodePointer
GetFileType
LCMapStringW
HeapAlloc
GetProcessHeap
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
HeapSize
WriteConsoleW
WTSGetActiveConsoleSessionId
GetCurrentDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetStringTypeW
CreateEventA
lstrlenA
lstrcpyA
lstrcmpA
FormatMessageA
FileTimeToLocalFileTime
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetLocalTime
CloseHandle
WaitForSingleObject
GetLastError
GetCurrentThread
GetCurrentProcess
GetProcessWorkingSetSize
HeapReAlloc
HeapFree
GetConsoleCP
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateSemaphoreW
ReleaseSemaphore
FlushFileBuffers
SetFilePointerEx
SetStdHandle
GlobalAlloc
GetProcAddress
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
GetFileSizeEx
SetLastError
FindNextFileW
GetStdHandle
WriteFile
GetModuleFileNameW
FindClose
CreateFileW

user32

PostQuitMessage
CreateWindowExA
IsWindow
SendMessageA
DefWindowProcA
ExitWindowsEx
GetDC
GetDlgItem
DdeCreateStringHandleW
SystemParametersInfoA
DefMDIChildProcA
CopyImage
GetWindow
GetClassNameA
EnumWindows
GetParent
SetWindowLongA
GetWindowLongA
OffsetRect
IntersectRect
SetRect
MapWindowPoints
GetCursorPos
MessageBoxA
GetWindowRect
GetClientRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
DrawTextA
DrawIcon
GetSubMenu
GetMenu
GetSystemMetrics
GetFocus
SetFocus
IsDlgButtonChecked
SetWindowPos
ShowWindow
IsCharAlphaW
ReleaseDC
GetSysColor

gdi32

StartDocA
GetObjectA
MoveToEx
SetTextColor
GetDeviceCaps
SetBkMode
SetBkColor
SelectObject
LineTo
GetStockObject
DeleteObject
DeleteDC
CreateEllipticRgn
CreateCompatibleDC
BitBlt

comdlg32

PrintDlgW

advapi32

OpenThreadToken
RevertToSelf
OpenProcessToken
CreateProcessWithLogonW
ImpersonateLoggedOnUser
LogonUserA
GetUserNameW
GetUserNameA
LookupPrivilegeValueA
AllocateAndInitializeSid
AdjustTokenPrivileges
GetTokenInformation

shell32

ShellExecuteA

ole32

OleCreate
CoCreateInstance
CoGetClassObject
OleSetContainedObject
CoInitialize
PropVariantClear

ws2_32

WSAStartup

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserA
LoadUserProfileA
LoadUserProfileW
UnloadUserProfile
GetUserProfileDirectoryW
DestroyEnvironmentBlock

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CryptDecodeObject

shlwapi

StrChrA
StrCmpIW

pdh

PdhSetDefaultRealTimeDataSource
PdhSetLogSetRunID
PdhCollectQueryData

wtsapi32

WTSQuerySessionInformationA

wsnmp32

ord903
ord902
ord107
ord120

urlmon

CoInternetGetSession

dwmapi

DwmGetColorizationColor

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97e4846527f73d001f1d6696f9a5443d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

userenv

version

crypt32

shlwapi

pdh

wtsapi32

wsnmp32

urlmon

dwmapi

d2d1

dwrite

Sections

.text Size: 411KB - Virtual size: 410KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 201KB - Virtual size: 200KB

.text
Size: 411KB - Virtual size: 410KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 201KB - Virtual size: 200KB