9a956caea48c27a19f26acb273c4b837f3fc950b9d8aa95a570be8dbab59649e

Sharing

Copy URL Twitter E-mail

General

Target

9a956caea48c27a19f26acb273c4b837f3fc950b9d8aa95a570be8dbab59649e
Size

223KB
MD5

38bad2b8c3e013145e48ced97e84ed1d
SHA1

db2540df64f4756e80ae8454b690ebfc419c83ef
SHA256

9a956caea48c27a19f26acb273c4b837f3fc950b9d8aa95a570be8dbab59649e
SHA512

ce43d2ad19df781f75619a8440230c6ea329e018da101f088a424ffaea26193b22387ea9dad0aadd1dc84b80dcbdfc42379ee45adf827b0fdd94dbe36f312edd
SSDEEP

3072:Tp6iphtPdQDe92NqX1cdRlLEtEj8P9wAZDulgzo4hFJsfP+mdvT:9/phtPdQDw2NoiNLEtzZCmWvJ

Score

N/A

Malware Config

Signatures

Files

9a956caea48c27a19f26acb273c4b837f3fc950b9d8aa95a570be8dbab59649e
.exe windows x86

78709e0fee4aa3f72453cdb384af29ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws_log

ord2
ord50
ord51

kernel32

GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
LocalFree
GetCurrentProcess
GlobalLock
GlobalAlloc
WideCharToMultiByte
MulDiv
lstrcmpW
GlobalUnlock
FlushInstructionCache
SetLastError
ResetEvent
CreateEventW
GetCurrentThreadId
SetEvent
GlobalFree
GetModuleFileNameA
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetLastError
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
HeapReAlloc
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesA
GetStartupInfoW
ExitProcess
Sleep
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetCommandLineW
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

GetWindowRect
RegisterWindowMessageW
FillRect
IsChild
ClientToScreen
EndPaint
GetForegroundWindow
SetForegroundWindow
wsprintfA
SetTimer
DestroyAcceleratorTable
GetClassNameA
SetCapture
GetWindowTextLengthW
ScreenToClient
UnregisterClassA
KillTimer
GetFocus
GetParent
InvalidateRgn
FindWindowW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
GetDC
OffsetRect
GetWindowTextA
InvalidateRect
GetWindowTextW
GetClassNameW
ReleaseDC
GetDlgItem
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
ReleaseCapture
GetSystemMetrics
SetWindowTextA
SendMessageW
SetWindowTextW
CallWindowProcW
GetMessageTime
GetMessagePos
GetWindow
MoveWindow
GetMessageW
CharNextW
PostMessageW
LoadCursorW
TranslateMessage
RegisterClassExW
GetWindowLongW
SetWindowLongW
IsWindow
CreateWindowExW
DefWindowProcW
DispatchMessageW
DestroyWindow

gdi32

BitBlt
GetDeviceCaps
SetBkColor
DeleteObject
SelectObject
CreateCompatibleBitmap
ExtTextOutW
GetObjectW
GetStockObject
CreateSolidBrush
DeleteDC
CreateCompatibleDC

advapi32

RegQueryValueExA
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExA

shell32

CommandLineToArgvW
DragQueryFileW
DragFinish
DragAcceptFiles

ole32

OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
StringFromGUID2
OleUninitialize
CoGetClassObject
CoInitialize

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
VarBstrCmp

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78709e0fee4aa3f72453cdb384af29ed

Headers

DLL Characteristics

File Characteristics

Imports

version

ws_log

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 8KB