c1af40f73693237754ea1866a01c2abe9f6ab25b1b7491df41d65f46de70b11c

Sharing

Copy URL

Twitter E-mail

General

Target

c1af40f73693237754ea1866a01c2abe9f6ab25b1b7491df41d65f46de70b11c
Size

437KB
MD5

9a741d49b65e8dfcc1634240460c3308
SHA1

70c939effc22a14333163189f24a2270a21e7031
SHA256

c1af40f73693237754ea1866a01c2abe9f6ab25b1b7491df41d65f46de70b11c
SHA512

93d329b96eed612d77ebca426b180005999d6525365d2667a0f6a942524ad40d737745c5ccbeb031befc3cb2659ed9c85a752365d3de5d3497e7f43e43b2ecfa
SSDEEP

12288:zQhmjpgRKK0lkQPcW/J5iH9chy2mjNIZpo8:zQhmdw0lPkWxWyqQp

Score

N/A

Malware Config

Signatures

Files

c1af40f73693237754ea1866a01c2abe9f6ab25b1b7491df41d65f46de70b11c
.exe windows x86

f532a70675d3a2bffe1d65a3d76eb64b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcImpersonateClient
RpcBindingFromStringBindingA

advapi32

RegSetValueExA
RegEnumKeyExA
CryptSignHashA
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
CryptVerifySignatureA
RegDeleteKeyA
RegSetValueExW
RegEnumValueA
CryptSetProviderA
RegEnumKeyExW
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteValueW
CryptAcquireContextA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExA

comctl32

CreatePropertySheetPageW
InitCommonControlsEx
ImageList_Destroy
PropertySheetW
ImageList_Draw
CreateToolbarEx
ImageList_GetIconSize

dnsapi

DnsApiFree
DnsValidateName_W
DnsReplaceRecordSetW

comdlg32

PrintDlgA
GetOpenFileNameA

kernel32

GetLocaleInfoW
lstrlenA
InitializeCriticalSection
MulDiv
GlobalGetAtomNameW
SetErrorMode
GetCurrentProcessId
ReadFile
LockFile
GetStdHandle
GetFileAttributesW
WaitForSingleObject
InterlockedDecrement
GetSystemInfo
LoadResource
ConvertDefaultLocale
SetThreadPriority
GetStartupInfoW
MoveFileW
InterlockedIncrement
GetVersionExW
GetModuleFileNameW
FlushFileBuffers
HeapFree
GetShortPathNameW
GetOEMCP
GetCommandLineA
LeaveCriticalSection
lstrcpyA
GetModuleHandleA
UnhandledExceptionFilter
GlobalLock
FindNextFileW
SizeofResource
FileTimeToLocalFileTime
ExitThread
lstrcmpiW
GetCurrentProcess
GetVersionExA
GetDriveTypeW
SetHandleCount
RaiseException
VirtualFree
CloseHandle
TlsGetValue
GlobalHandle
TlsFree
LockResource
WideCharToMultiByte
CompareStringA
LCMapStringA
FormatMessageW
GetLastError
SetEvent
HeapReAlloc
SetFileAttributesW
GetCurrentDirectoryA
SuspendThread
WriteFile
LoadLibraryA
RtlUnwind
EnterCriticalSection
HeapDestroy
GetAtomNameW
HeapCreate
TlsSetValue
lstrcmpA
HeapAlloc
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
TlsAlloc
GetVersion
CompareStringW
TerminateProcess
IsValidCodePage
GlobalUnlock
CreateEventW
EnumResourceLanguagesW
CreateThread
ResetEvent
LCMapStringW
GetUserDefaultLCID
GetCommandLineW
GetFullPathNameW
FindResourceW
SetFileTime
GlobalFree
GetPrivateProfileStringW
FreeEnvironmentStringsW
GetCurrentThread
SetCurrentDirectoryA
CreateProcessW
LocalFileTimeToFileTime
FindClose
VirtualAlloc
GetVolumeInformationW
LocalAlloc
DeleteCriticalSection
ResumeThread
FindFirstFileW
DeleteFileW
GlobalFlags
FatalAppExitA
GlobalDeleteAtom
FreeEnvironmentStringsA
Sleep
FreeResource
GetThreadLocale
SetEndOfFile
GetPrivateProfileIntW
GetFileSize
FileTimeToSystemTime
SetLastError
ExitProcess
GetFileAttributesA
GlobalReAlloc
GetCPInfo
GlobalAlloc
HeapSize
GlobalSize
lstrlenW
GetProcessHeap
GetStringTypeExW
InterlockedExchange
GetEnvironmentStrings
SystemTimeToFileTime
GetCurrentThreadId
UnlockFile
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LocalReAlloc
GetEnvironmentStringsW
SetFilePointer
CreateFileW
WritePrivateProfileStringW
DuplicateHandle
GetFileTime
CopyFileW

ws2_32

WSAEventSelect
WSAIoctl
WSALookupServiceNextW
getnameinfo
getaddrinfo
WSAAddressToStringW
freeaddrinfo
WSASocketW
WSARecvFrom
WSALookupServiceBeginW
WSALookupServiceEnd
WSAAddressToStringA
WSASendTo
WSAStringToAddressA

shell32

Shell_NotifyIconW
ShellExecuteW

msvcrt

sprintf
__dllonexit
isdigit
_wcsicmp
wcschr
wcscpy
wcscmp
memmove
_initterm
strtoul
bsearch
_itow
_except_handler3
_adjust_fdiv
_onexit
strncmp
free
_snwprintf
_ltoa
isxdigit
_ultoa
atol
_ltow
wcscat
_wcsnicmp
strncpy
qsort

crypt32

CertFreeCertificateContext
CryptUnprotectData
CertCloseStore
CertFindCertificateInStore
CertOpenStore

Sections

.data
Size: 102KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f532a70675d3a2bffe1d65a3d76eb64b

Headers

File Characteristics

Imports

rpcrt4

advapi32

comctl32

dnsapi

comdlg32

kernel32

ws2_32

shell32

msvcrt

crypt32

Sections

.data Size: 102KB - Virtual size: 928KB

.rsrc Size: 315KB - Virtual size: 314KB

.rdata Size: 14KB - Virtual size: 14KB

.text Size: 5KB - Virtual size: 4KB

.data
Size: 102KB - Virtual size: 928KB

.rsrc
Size: 315KB - Virtual size: 314KB

.rdata
Size: 14KB - Virtual size: 14KB

.text
Size: 5KB - Virtual size: 4KB