e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5

Sharing

Copy URL

Twitter E-mail

General

Target

e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5
Size

571KB
MD5

8bdf38045433548a4b35d5b61a42a965
SHA1

a32fff2685d3c4ec12799e28873d48187b8c100d
SHA256

e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5
SHA512

8c3fa2cc39788889f30f7f25d47f3ccf423b6e2a1fd67350d1f6151e8cf29715a8bc05817e8b31f40504b965e9bf370ea267be4aa3db6405ad2c3852b005fe52
SSDEEP

12288:3BwLbXYmZJB7BhEm8B4XI2qmsyUKjWkZQDcsNmwLLt9dwdjF:RwL5PE30pNsyU+WkZycsAeLt9dwdj

Score

N/A

Malware Config

Signatures

Files

e806dd8fe344e38a00a76b52b28476b7e3e25147b5fc7eed01b8f0ab86bd7bf5
.exe windows x86

57e2572043b758e0716f620142fc017b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
GetSystemInfo
CreateToolhelp32Snapshot
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
VirtualQuery
VirtualProtect
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
ExpandEnvironmentStringsA
LocalAlloc
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32Next
GlobalFree
CreateNamedPipeA
EnumSystemLanguageGroupsA
DeactivateActCtx
CreateEventA
LoadLibraryW
OpenProcess
GetEnvironmentStrings
GetCurrentThread
ConnectNamedPipe
WaitForSingleObject
Process32First
DebugActiveProcessStop
GetVersionExA
GetFileAttributesA
CloseHandle
FindNextFileA
LockResource
FindClose
FindFirstFileExA
FindFirstFileA
GlobalUnlock
lstrlenW
lstrcatA
Sleep
GlobalAlloc
WriteFile
HeapReAlloc
GlobalLock
FindResourceW
FindResourceExW
lstrlenA
lstrcmpA
CreateFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
MulDiv
GetCurrentDirectoryA
SetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
EnterCriticalSection
GetProcAddress
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
LoadResource
FreeLibrary
FindResourceA
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
IsValidCodePage
CreateFileW

user32

SetForegroundWindow
LoadCursorA
GetDialogBaseUnits
GetActiveWindow
DestroyWindow
SetKeyboardState
DefWindowProcA
UnregisterClassA
SetWindowTextA
PostMessageA
GetDlgItem
ReleaseDC
LoadIconA
WaitForInputIdle
GetDC
RegisterWindowMessageA
SendMessageA
GetWindowTextLengthA
IsIconic
GetWindowDC
SetWindowRgn
CharNextA
EndPaint
GetParent
SetCursor
CallWindowProcA
EnableWindow
IsWindowEnabled
CreateMenu
BeginPaint
GetClassInfoW
GetKeyboardState
GetMenu
OffsetRect
CheckMenuRadioItem
AppendMenuW
GetCursorPos
GetMenuItemInfoA
SetMenu
CreatePopupMenu
RegisterClassW
IsWindowVisible
DestroyIcon
MonitorFromRect
MoveWindow
GetMonitorInfoA
MonitorFromWindow
GetDlgCtrlID
GetWindow
GetWindowRect
SetWindowPos
SetDlgItemTextA
SetFocus
GetWindowTextA
CloseClipboard
MessageBoxA
EmptyClipboard
OpenClipboard
SetClipboardData
FillRect
GetClientRect
SetWindowLongA
InvalidateRect
GetWindowLongA
GetDesktopWindow
GetSysColor
GetSysColorBrush
LoadImageA
MapWindowPoints

gdi32

SetTextJustification
TextOutW
GetStockObject
CreateSolidBrush
TextOutA
GetObjectA
Polygon
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
DeleteDC
CreateRectRgn
CreateFontIndirectA
SelectObject
GetTextMetricsA
DeleteObject
CombineRgn
SelectClipRgn
LineTo
MoveToEx
BeginPath
GetDeviceCaps
SetDCPenColor
AngleArc

comdlg32

GetOpenFileNameA
PrintDlgExA
GetSaveFileNameA

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
MakeSelfRelativeSD
ImpersonateAnonymousToken
GetSecurityDescriptorSacl
RegOpenKeyExW
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
ImpersonateNamedPipeClient
SetSecurityDescriptorOwner
DuplicateTokenEx
GetSecurityDescriptorLength
GetAce
SetSecurityDescriptorDacl
SetTokenInformation
InitializeSecurityDescriptor
RegQueryValueExW
EqualSid
GetAclInformation
MapGenericMask
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken
CreateProcessAsUserA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize

oleaut32

OleCreatePropertyFrameIndirect
VarUI4FromStr
VarDateFromStr
VarI4FromStr
VarR8FromStr
VarDecCmp
VarDecFromStr

shlwapi

PathRemoveFileSpecA
PathRenameExtensionA
StrFormatByteSize64A
SHAutoComplete
PathCombineA

comctl32

InitCommonControlsEx
PropertySheetA
DestroyPropertySheetPage
ImageList_ReplaceIcon
CreatePropertySheetPageA

netapi32

NetShareGetInfo
NetSessionEnum
NetApiBufferFree
NetShareSetInfo
NetFileEnum
NetAlertRaise
NetApiBufferAllocate

userenv

CreateEnvironmentBlock

winmm

SendDriverMessage

imm32

ImmGetVirtualKey

wtsapi32

WTSQueryUserToken

uxtheme

GetThemeBackgroundRegion

rasapi32

RasConnectionNotificationW
RasDeleteEntryA

rasdlg

RasEntryDlgA

snmpapi

SnmpUtilMemAlloc
SnmpUtilMemFree

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e2572043b758e0716f620142fc017b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

netapi32

userenv

winmm

imm32

wtsapi32

uxtheme

rasapi32

rasdlg

snmpapi

d2d1

dwrite

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 368KB - Virtual size: 367KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 368KB - Virtual size: 367KB

.reloc
Size: 10KB - Virtual size: 9KB