4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6

Sharing

Copy URL

Twitter E-mail

General

Target

4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
Size

829KB
MD5

2cfe62a4b6477f49bcb39489ac799406
SHA1

ad1ea2f9cc41d380508bf9d7a53ad69096133a32
SHA256

4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
SHA512

0d186ab978618c0ac5ef4e561d3b4964e23b6fd3868cf67380e866a100a6fb948f6e40975d192cb9cac542ca830fc2defa72b10168230967bf1adae46d9afea1
SSDEEP

24576:gG8oqbA+xuwI191YVhS5XX7s08O6uZZqyhE7W:gb//xSJVBIuZ/+i

Score

N/A

Malware Config

Signatures

Files

4fb80be69d6e2792c363a2e9a0083b786a90b90995aa14c091c6658edb188de6
.exe windows x86

a201a5e2bc9ddbf0a7a9eec4c78bf0f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
FormatMessageA
lstrlenA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
GetEnvironmentVariableA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetCurrentProcessId
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
UnlockFileEx
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
QueryPerformanceCounter
SystemTimeToFileTime
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetStdHandle
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetFileType
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableW
SetEnvironmentVariableA
GetModuleFileNameW
GetStdHandle
CreateThread
TerminateProcess
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
LocalFree
GlobalUnlock
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
GlobalLock
GetTickCount
GetProcAddress
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
LoadLibraryExW
ExitThread
GetCommandLineA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW

user32

TranslateMessage
GetAsyncKeyState
GetClipboardData
CloseClipboard
OpenClipboard
GetMessageA
GetKeyState
CallNextHookEx
DispatchMessageA
UnhookWindowsHookEx
SetWindowsHookExA
MessageBoxA
GetWindowTextA
GetForegroundWindow

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteA
SHGetFolderPathA

crypt32

CryptUnprotectData
CryptStringToBinaryA

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
FtpPutFileA
InternetOpenA

Sections

.text
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a201a5e2bc9ddbf0a7a9eec4c78bf0f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

crypt32

wininet

Sections

.text Size: 710KB - Virtual size: 710KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 33KB - Virtual size: 45KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 710KB - Virtual size: 710KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 33KB - Virtual size: 45KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 18KB - Virtual size: 17KB