baae5bbaf2decf7af9b22c4d10f66c7c77c9ebc7b73476f7cbe449d2bba97ed9

Resubmissions

18-09-2022 20:20

220918-y4pttsffcm 7

06-09-2022 17:36

220906-v63xpaeaam 6

06-09-2022 16:28

220906-tys7vadbdm 6

Sharing

Copy URL

Twitter E-mail

General

Target

baae5bbaf2decf7af9b22c4d10f66c7c77c9ebc7b73476f7cbe449d2bba97ed9
Size

510KB
MD5

ed6ef92fd6754103464e85fa2599c687
SHA1

18e351964011ee9fc577c1d5e203ed26cd42be9d
SHA256

baae5bbaf2decf7af9b22c4d10f66c7c77c9ebc7b73476f7cbe449d2bba97ed9
SHA512

3412545ae57aaa36998810e1d996d69e79a11ebcf878ee58024ec5c9fa0ef3c4d4f96775212335e577bb753cf435689285a02872647cbcfb3789f2135dd9f65e
SSDEEP

12288:0UWB0BhudkAHhly0Tbf/SA/q0U0SXBh2qnu6:cSBhudkAvTrSA/q30SXBh2+u6

Score

N/A

Malware Config

Signatures

Files

baae5bbaf2decf7af9b22c4d10f66c7c77c9ebc7b73476f7cbe449d2bba97ed9
.exe windows x86

014d766ca2f7ec3a13ca17bc491e6b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strstr
strncpy
memmove
strchr
strncmp
_strnicmp
tolower
isspace
_wcsicmp
isprint
memcmp
strcpy
_chkstk
strcmp
strlen
memset
atoi
strcat
_stricmp
_vsnprintf
memcpy
wcslen
_memccpy
atol
sprintf
strtoul
RtlUnwind
NtQueryVirtualMemory
_wcsnicmp
wcsstr

kernel32

UnhandledExceptionFilter
GetConsoleWindow
ExitProcess
Sleep
GetFileAttributesW
CopyFileW
SetFileAttributesW
CreateDirectoryW
ExpandEnvironmentStringsW
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
GetCurrentProcess
CloseHandle
ReadFile
GetFileSize
CreateFileW
WriteFile
DeviceIoControl
CreateFileA
GetVersionExW
LocalFree
GetLastError
FindNextFileA
CopyFileA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
InitializeCriticalSection
ExitThread
ResetEvent
SetUnhandledExceptionFilter
CreateThread
CreateEventW
SetEvent
DeleteFileW
GetTickCount
TryEnterCriticalSection
GetModuleHandleW
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
LocalAlloc
RemoveDirectoryW
GetCurrentThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
lstrcatW
lstrcpynW
UnregisterWait
GetNativeSystemInfo
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetProcessTimes
OpenProcess
CreateEventA
TerminateProcess
RegisterWaitForSingleObject
OpenEventA
lstrcmpiW
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
Process32Next
Process32First
VirtualFree
CreateRemoteThread
VirtualQueryEx
ReadProcessMemory
GetProcessHandleCount
VirtualAlloc
VirtualProtectEx
DuplicateHandle
GlobalFindAtomW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
CreateProcessW
TerminateThread
CreateProcessA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalUnlock
lstrlenA
IsDebuggerPresent
IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
WaitForSingleObject
GlobalLock

wininet

InternetOpenUrlA
InternetOpenW
InternetCloseHandle
InternetReadFile

shlwapi

PathCombineA

ws2_32

inet_ntoa
getsockname
recvfrom
sendto
htonl
getsockopt
inet_pton
ntohs
ioctlsocket
WSAGetLastError
shutdown
bind
listen
accept
getaddrinfo
freeaddrinfo
gethostname
inet_addr
closesocket
__WSAFDIsSet
socket
recv
htons
select
WSAStartup
connect
send
gethostbyname

user32

PtInRect
RealGetWindowClassA
MenuItemFromPoint
GetMenuItemID
MoveWindow
EnumWindows
PostMessageW
OpenDesktopA
CreateDesktopA
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
WindowFromPoint
SendMessageA
PostMessageA
GetWindowPlacement
ShowWindow
GetLastInputInfo
PostThreadMessageW
CallNextHookEx
ToAscii
MapVirtualKeyW
GetWindowTextA
GetWindowThreadProcessId
GetForegroundWindow
DispatchMessageW
TranslateMessage
UnhookWindowsHookEx
GetMessageW
SetWindowsHookExA
CharNextA
PrintWindow
GetWindowRect
GetWindow
GetTopWindow
SetWindowLongA
GetWindowLongA
IsWindowVisible
ReleaseDC
GetDC
GetDesktopWindow
SetThreadDesktop
ChildWindowFromPoint
ScreenToClient
FindWindowA

gdi32

DeleteObject
DeleteDC
BitBlt
SetStretchBltMode
StretchBlt
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject

advapi32

RegNotifyChangeKeyValue
CheckTokenMembership
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA

shell32

SHGetFolderPathA
SHGetFolderPathAndSubDirW
SHFileOperationW
SHGetFolderPathW

ole32

StringFromGUID2
CoCreateGuid

msvcr90

_mktime64
strftime
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
strtok

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 80.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

014d766ca2f7ec3a13ca17bc491e6b6d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

wininet

shlwapi

ws2_32

user32

gdi32

advapi32

shell32

ole32

msvcr90

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 17KB - Virtual size: 80.2MB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 17KB - Virtual size: 80.2MB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 58KB - Virtual size: 58KB