45dd8bcaca29da07aa925abfb78e80c5718851345815c9b240fa0dff5e0eccbc

Sharing

Copy URL

Twitter E-mail

General

Target

45dd8bcaca29da07aa925abfb78e80c5718851345815c9b240fa0dff5e0eccbc
Size

4.4MB
MD5

ee07b8707fb1e8ff9ea7bd838c12c282
SHA1

7af697d11d13e51ff20f256e685e31c492912127
SHA256

45dd8bcaca29da07aa925abfb78e80c5718851345815c9b240fa0dff5e0eccbc
SHA512

800d2c7af3eaf000db2b72788144ed8a9e04950c3c35742c3307d4a9224e2806cade75144008f7404503972f27e8db78928fffd94a92372a7d53965f5722f131
SSDEEP

98304:IGTG23XivZygP85dexK1JQydn13V/2hgwMqOMe3V13jO1Vqd:IGQ8gE5EK/lzsM/Vh6qd

Score

N/A

Malware Config

Signatures

Files

45dd8bcaca29da07aa925abfb78e80c5718851345815c9b240fa0dff5e0eccbc
.7z
MSIStart.exe
.exe windows x86

4766e72c51a09e2003a8439727f42ad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
WaitForSingleObject
GetLastError
GetProcAddress
HeapFree
GetProcessHeap
GetCommandLineA
lstrlenA
CreateProcessA
CloseHandle
GetModuleHandleW
HeapAlloc

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SpywareRemover.msi
.msi
SpywareRemover/DataBase.ref
SpywareRemover/SpywareRemover.exe
.exe windows x86

a3093eee10b21f5d7b310d1ddbde4503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

kernel32

WriteFile
ReadFile
GetOverlappedResult
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetModuleFileNameW
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
SleepEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsFree
HeapReAlloc
VirtualProtect
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
ExitProcess
RaiseException
HeapSize
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
MoveFileExA
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
VirtualFree
VirtualAlloc
DisconnectNamedPipe
FlushFileBuffers
SetCurrentDirectoryA
GetFileSize
LocalAlloc
TerminateThread
CreateFileA
GetSystemTime
SystemTimeToFileTime
InterlockedDecrement
WinExec
lstrcpynA
FileTimeToLocalFileTime
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetTempPathA
WritePrivateProfileStringA
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
LoadLibraryA
FormatMessageA
FileTimeToSystemTime
GetFileTime
TerminateProcess
ExpandEnvironmentStringsA
MoveFileA
DeleteFileA
LocalFree
CopyFileA
SetFileAttributesA
GetFileAttributesA
CreateNamedPipeA
GetCurrentProcess
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
SetLastError
GetVersionExA
GetSystemInfo
DeleteCriticalSection
FreeConsole
CreateDirectoryA
GetLocalTime
Sleep
InitializeCriticalSection
GetModuleFileNameA
lstrcpyA
SetConsoleScreenBufferSize
LeaveCriticalSection
GetStdHandle
EnterCriticalSection
GetConsoleScreenBufferInfo
AllocConsole
MulDiv
GlobalUnlock
ResetEvent
GlobalLock
SetEvent
WaitForSingleObject
CloseHandle
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
ResumeThread
GlobalFree
FreeResource
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileW
CreateProcessA
SearchPathA
GetLogicalDriveStringsA
lstrcatA
CreateIoCompletionPort
Module32Next
RtlUnwind
Module32First
GetLogicalDrives
GetBinaryTypeA
QueryDosDeviceA

gdi32

GetRgnBox
GetTextColor
GetBkColor
DPtoLP
GetMapMode
GetTextExtentPoint32A
CreateRectRgnIndirect
CreatePen
ExtSelectClipRgn
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
RestoreDC
SaveDC
GetDIBits
CreateFontA
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectA
SelectClipRgn
ExtTextOutA
GetTextMetricsA
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
StretchBlt
CombineRgn
CreateCompatibleDC
CreateBitmap
ExtCreateRegion
CreateRectRgn
CreateSolidBrush
GetPixel
DeleteObject
GetStockObject
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
GetObjectA
GetCurrentObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
_TrackMouseEvent

oledlg

ord8

wininet

HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetConnectA
InternetOpenUrlA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msimg32

GradientFill

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SpywareRemover/SpywareRemover.url
.url
SpywareRemover/vistaCPtasks.xml
SpywareRemover64.msi
.msi

Sharing

General

Malware Config

Signatures

Files

4766e72c51a09e2003a8439727f42ad5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 1024B - Virtual size: 520B

.rdata Size: 1024B - Virtual size: 708B

a3093eee10b21f5d7b310d1ddbde4503

Headers

File Characteristics

Imports

rpcrt4

kernel32

gdi32

comdlg32

winspool.drv

comctl32

oledlg

wininet

version

msimg32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 332KB - Virtual size: 331KB

.data Size: 64KB - Virtual size: 79KB

.rsrc Size: 14.7MB - Virtual size: 14.7MB

.text
Size: 1024B - Virtual size: 520B

.rdata
Size: 1024B - Virtual size: 708B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 332KB - Virtual size: 331KB

.data
Size: 64KB - Virtual size: 79KB

.rsrc
Size: 14.7MB - Virtual size: 14.7MB