1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3

Sharing

Copy URL

Twitter E-mail

General

Target

1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3
Size

257KB
MD5

d061f484b3b1c626e2bc98bcb19ef0d2
SHA1

bdea41d601397969d1069dd24b9d888403cd4e16
SHA256

1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3
SHA512

fba73676273481afe511fb0f30d689acf98d9c442ab066ef014163bc75b85f4aea46ca67a2f592bdbe987925addeae03f98af997c0dc665e7c82000c036bb503
SSDEEP

3072:n0kkQWN700M5teI29+kgBNyBNZY02XQNPwroohl8GMGanZyI0cGjDHpAyUT:nOH0E74UXQYoE0lHVhcGjDJTU

Score

N/A

Malware Config

Signatures

Files

1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3
.exe windows x86

decd523be4b5fb72dbbc9cf8856ab398

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
CloseHandle
GetSystemTimes
FormatMessageW
CreateMailslotA
lstrcpynW
lstrlenW
WritePrivateProfileStructW
TryEnterCriticalSection
GetVolumeNameForVolumeMountPointW
GetNumberFormatW
PeekConsoleInputW
ReadConsoleW
ReadFile
CreateFileW
GetStringTypeW
VirtualProtect
GlobalMemoryStatus
GetCurrentDirectoryW
GlobalAlloc
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
GetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
LoadLibraryExW
SetEndOfFile

user32

SetCursor
DefFrameProcA
GetCaretPos

gdi32

UpdateColors
SetMapperFlags
GetEnhMetaFileHeader

ole32

CoIsOle1Class

winhttp

WinHttpQueryDataAvailable
WinHttpOpen
WinHttpQueryOption
WinHttpSendRequest
WinHttpDetectAutoProxyConfigUrl

msimg32

TransparentBlt

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

decd523be4b5fb72dbbc9cf8856ab398

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

winhttp

msimg32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 82KB - Virtual size: 8.1MB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 82KB - Virtual size: 8.1MB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 5KB - Virtual size: 5KB