4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13

Sharing

Copy URL

Twitter E-mail

General

Target

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
Size

1.7MB
MD5

eac50aecd140f50a9b05bd1d7ead0895
SHA1

605890b47e3f232196ff9e21ca983a91278f8c1e
SHA256

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
SHA512

eedb9a7ac6465476ba6d62bb2bb5ef5c97fd733bd83a6956d36d087239a8de5d11e020caa14b88723b91979bc39eeac0398c0180f32f452e598465bf5ab82e49
SSDEEP

12288:edbvvQAHzWptxjhkYQqLW7d5mnXVWRfo8zc0qpb0qD0xcWi:edbv1UxjhkYJLZIRfocq2qDF

Score

N/A

Malware Config

Signatures

Files

4ef520b5bbc4521edc2b600918eac72d04608600a8ec295df06db5c9ed3a5e13
.exe windows x86

5a810d19e37c4dda43fdcd1c590b0dd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventWrite
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
EventUnregister
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
EventRegister
RegEnumKeyExW
RegCloseKey
RegSetValueExW
LookupAccountNameW
ConvertSidToStringSidW
TraceMessage
GetLengthSid
AddAce
SetSecurityInfo
InitializeAcl
GetSecurityInfo
LookupAccountSidW
GetAce
GetAclInformation
RegEnumKeyW
AddAccessAllowedAceEx
QueryServiceConfigW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
EnumDependentServicesW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
RegOpenKeyExA
LookupPrivilegeValueW
SetNamedSecurityInfoW
ConvertStringSidToSidW
EqualSid
GetTokenInformation
OpenProcessToken
InitiateShutdownW
RegQueryValueExA

kernel32

DebugBreak
lstrlenW
GetUserDefaultLangID
DeleteFileA
OpenEventW
GetLongPathNameW
WritePrivateProfileStringW
GlobalUnlock
ReadFile
GlobalAlloc
GlobalLock
CompareStringW
GetComputerNameW
GetUserGeoID
GetUserDefaultLCID
MultiByteToWideChar
SetFileAttributesW
GetDiskFreeSpaceExW
GetVersionExA
GetShortPathNameW
GetFileTime
FindNextFileW
WaitForMultipleObjects
RemoveDirectoryW
SetCurrentDirectoryW
GetNumberFormatW
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
GetFileAttributesW
GetExitCodeProcess
FindResourceW
GetVersionExW
CopyFileW
GetLocaleInfoW
WideCharToMultiByte
GetModuleHandleW
CreateDirectoryW
MoveFileExW
CreateProcessW
GetTempPathA
GetLocalTime
WriteFile
GetWindowsDirectoryA
SetFilePointer
GetFileSize
CreateFileA
GetSystemDefaultLangID
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
LoadResource
Sleep
CreateMutexW
FindFirstFileW
GetSystemWindowsDirectoryW
RegisterApplicationRestart
GetSystemDirectoryW
MulDiv
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
GetCurrentDirectoryW
MoveFileW
GlobalFree
FindClose
GetSystemInfo
HeapSetInformation
LockResource
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
CreateThread
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetProcAddress
LocalAlloc
LocalFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateEventW
DeleteCriticalSection
lstrlenA
GetCommandLineW
GetFileAttributesA

gdi32

ExtTextOutW
GetTextFaceA
CreateFontA
GetTextMetricsW
SetBkMode
PatBlt
DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
GetObjectW
CreatePen
GetStockObject
CreateSolidBrush
SetTextColor
DeleteDC
CreateFontIndirectW
GetDeviceCaps
SetBkColor

user32

CharNextW
LoadStringA
EnableWindow
DispatchMessageW
GetDesktopWindow
DefWindowProcW
UpdateWindow
MapWindowPoints
SendMessageW
GetSystemMetrics
MoveWindow
SetWindowTextW
SetWindowPos
PeekMessageW
PostThreadMessageW
SetCursor
LoadCursorW
DestroyCursor
CallWindowProcW
GetScrollInfo
ScrollWindow
GetActiveWindow
SetScrollInfo
EndPaint
DestroyWindow
GetSystemMenu
SetTimer
GetWindowRect
LockSetForegroundWindow
GetMessageW
PostQuitMessage
LoadImageW
PostMessageW
DrawTextW
KillTimer
SetForegroundWindow
GetParent
FindWindowW
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
DrawFocusRect
TranslateMessage
IsDialogMessageW
LoadIconW
InvalidateRect
GetWindowLongW
SystemParametersInfoW
ReleaseDC
EnableMenuItem
GetDlgItem
SetWindowLongW
SendDlgItemMessageW
GetSysColor
MessageBoxW
LoadStringW
ShowWindow
IsDlgButtonChecked
CreateDialogParamW
IsWindow
FindWindowExW
CreateWindowExW
CheckRadioButton

msvcrt

ceil
_wtoi
free
malloc
_itow
strrchr
time
strstr
_purecall
calloc
wcstol
wcstok
iswalnum
_wcsupr
_stricmp
_strlwr
wcspbrk
memcpy_s
??2@YAPAXI@Z
memcpy
_ftol2_sse
_ftol2
_wtol
??3@YAXPAX@Z
_vsnwprintf
??_V@YAXPAX@Z
wcsstr
wcsrchr
_beginthreadex
_wcslwr
_endthread
_vsnprintf
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
_ismbblead
__setusermatherr
_initterm
_acmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
_wcsnicmp
??_U@YAPAXI@Z
swscanf
_wcsicmp
wcschr
memset

atl

ord32

pdh

PdhGetFormattedCounterValue
PdhAddCounterW
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW

ole32

CoUninitialize
CLSIDFromString
CoInitialize
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
SysAllocString
SysFreeString
VariantTimeToSystemTime
VariantClear
SystemTimeToVariantTime

comctl32

ord345
InitCommonControlsEx

shell32

SHGetFolderPathW
SHChangeNotify
ord102
SHGetPathFromIDListW
CommandLineToArgvW
SHGetFolderLocation
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SetCurrentProcessExplicitAppUserModelID

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdiplusShutdown
GdipCloneImage
GdipImageRotateFlip
GdiplusStartup
GdipFree

wininet

InternetCrackUrlW

setupapi

SetupGetBinaryField
SetupGetStringFieldW
SetupFindFirstLineW
SetupGetLineCountW
SetupGetLineTextW
SetupIterateCabinetA
SetupFindNextLine
SetupCloseInfFile

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

shlwapi

PathFindExtensionW
PathAddBackslashA
PathAddBackslashW
PathFindFileNameW
SHDeleteKeyW

crypt32

CertVerifyCertificateChainPolicy

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile
LoadUserProfileW

secur32

GetUserNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a810d19e37c4dda43fdcd1c590b0dd7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

atl

pdh

ole32

oleaut32

comctl32

shell32

gdiplus

wininet

setupapi

wintrust

urlmon

shlwapi

crypt32

userenv

secur32

version

Sections

.text Size: 264KB - Virtual size: 264KB

.data Size: 2KB - Virtual size: 7KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 264KB - Virtual size: 264KB

.data
Size: 2KB - Virtual size: 7KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 17KB - Virtual size: 16KB