c2530c07c43f088117072ba31a50304f8df4f8bdd1ac0634771b46c072660f55

Sharing

Copy URL

Twitter E-mail

General

Target

c2530c07c43f088117072ba31a50304f8df4f8bdd1ac0634771b46c072660f55
Size

504KB
MD5

4e439833e00ef34d75ad90daadc94bfa
SHA1

d7670ac961bf3fe58dd310212bb00b03058777d6
SHA256

c2530c07c43f088117072ba31a50304f8df4f8bdd1ac0634771b46c072660f55
SHA512

cec9cc625c4984afa89fac648e3003d5e52d0b3bb6a9a3844dbf9c304607929a567f3dbbc55d2894a28b14220b76db8b878ae010b30b0578a68e479b363c0a18
SSDEEP

12288:h6HFS3AQy0J98Y/dPKbcQrTq52XDWhLymDPn4p/uLrnDBQb6Oio3/iY3:kF0AGsYlgfTq+Wx/4pUnDBWio1

Score

N/A

Malware Config

Signatures

Files

c2530c07c43f088117072ba31a50304f8df4f8bdd1ac0634771b46c072660f55
.exe windows x86

001ca83eb481de1a6ff4d80f6ca5218a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSaveKeyA
SetNamedSecurityInfoA
RegOpenKeyW
AccessCheckAndAuditAlarmW
CryptSetProviderExA
RegLoadKeyW
RegDeleteKeyA
CancelOverlappedAccess
CryptExportKey
RegDeleteKeyW
SetNamedSecurityInfoExA
BuildSecurityDescriptorA
CryptGetUserKey
CryptDestroyKey
GetMultipleTrusteeW
GetServiceDisplayNameW
ConvertAccessToSecurityDescriptorA
ObjectCloseAuditAlarmA
CryptDestroyHash
CryptContextAddRef
ObjectDeleteAuditAlarmA
ControlService
LookupPrivilegeValueA
SetEntriesInAccessListW
GetNamedSecurityInfoExA
DuplicateTokenEx
RegReplaceKeyW
CryptSetProviderW
InitializeSecurityDescriptor
ObjectCloseAuditAlarmW
GetSidIdentifierAuthority
DuplicateToken
RegUnLoadKeyW
CreateServiceA
RegEnumKeyExA
GetMultipleTrusteeOperationW
SetEntriesInAclA
RegSetValueW
RegRestoreKeyA
LogonUserA
RegQueryMultipleValuesW
CryptSetProviderExW
OpenSCManagerW
GetAclInformation
SetSecurityInfoExW
SetServiceStatus
GetPrivateObjectSecurity
SetEntriesInAccessListA
OpenBackupEventLogW
OpenThreadToken
GetAccessPermissionsForObjectA
AccessCheck
AdjustTokenPrivileges
QueryServiceConfigW
DeregisterEventSource
QueryServiceLockStatusA

user32

UnregisterClassW
CallNextHookEx
TabbedTextOutA
CreateWindowExA
DialogBoxIndirectParamW
PeekMessageA
CharNextExA
ReplyMessage
CreateMDIWindowA
DlgDirListW
VkKeyScanA
EmptyClipboard
GetSysColor
GetGUIThreadInfo
DrawFocusRect
TranslateAcceleratorA
SetKeyboardState
EnumClipboardFormats
MessageBoxIndirectW
InSendMessageEx
IsZoomed
DdeEnableCallback
CharUpperW
RealGetWindowClass
SetWindowsHookA
AppendMenuA
BroadcastSystemMessage
DdeFreeStringHandle
ChangeDisplaySettingsW
DispatchMessageA
CopyAcceleratorTableW
SetDlgItemTextA
CheckMenuRadioItem
FreeDDElParam
AnimateWindow
MessageBoxExW
GetCaretPos
DdeConnect
SetUserObjectInformationW
IsCharAlphaA
GetKeyboardLayout
CascadeChildWindows
CreateWindowExW
VkKeyScanW
CountClipboardFormats
SetForegroundWindow
SetClassLongA
SetClipboardViewer
CharToOemA
GetWindowRgn
GetPropW
GetMenuState
LoadCursorA
LoadIconA
LoadImageW
FlashWindow
PostMessageA
RemovePropW
DestroyWindow
GetMessageA
UpdateWindow
WinHelpA
DdeClientTransaction
LoadAcceleratorsA
GetMenu
ShowScrollBar
GetMenuBarInfo
GetDlgCtrlID
SetWindowContextHelpId
EnumWindowStationsA
InvalidateRgn
GetClipboardFormatNameW
NotifyWinEvent
SetWindowLongA
SetMenuItemBitmaps
CharLowerW
SetWindowTextA
InvertRect
MessageBoxIndirectA
GetWindowTextLengthW
GetMenuItemInfoA
SetLastErrorEx
CreateIconFromResourceEx

ole32

CoGetInstanceFromFile
CoRevokeMallocSpy
CoReleaseMarshalData
OleBuildVersion
ProgIDFromCLSID
CreateOleAdviseHolder
IsEqualGUID
CoGetMalloc
UpdateDCOMSettings
OleTranslateAccelerator
ReadStringStream
OleGetAutoConvert
SetConvertStg
CoFreeUnusedLibraries
OleDestroyMenuDescriptor
CoInitializeEx
CoRegisterSurrogate
CoCreateFreeThreadedMarshaler
OleCreateLinkToFileEx
CoFreeAllLibraries
StgCreateStorageEx
SetDocumentBitStg
StringFromCLSID
OleCreateLinkFromData
ReadFmtUserTypeStg
OleNoteObjectVisible
CoQueryAuthenticationServices
OleGetIconOfFile
GetConvertStg
CoCopyProxy
CoGetPSClsid
UtConvertDvtd32toDvtd16
CoIsHandlerConnected
OleSetAutoConvert
OpenOrCreateStream
WriteStringStream
CoLoadLibrary
CoIsOle1Class
OleLoad
StringFromGUID2
MkParseDisplayName
CoTaskMemFree
CreateAntiMoniker
CoCreateInstance
OleLoadFromStream
GetHGlobalFromILockBytes
CoDosDateTimeToFileTime
PropVariantClear
CoGetCallContext
DllDebugObjectRPCHook
OleCreateLinkFromDataEx
StgCreateDocfileOnILockBytes
CoGetClassObject
StgIsStorageFile
OleIsRunning
GetRunningObjectTable
CoGetInterfaceAndReleaseStream
CoCreateInstanceEx
StgOpenStorage
OleUninitialize
CoGetInstanceFromIStorage
OleCreateFromData
CoRevertToSelf
CreateGenericComposite
WriteClassStg
OleRegGetMiscStatus
OleRegGetUserType
CLSIDFromString
OleSave
OleDuplicateData
WriteFmtUserTypeStg
CoDisconnectObject
CoFileTimeNow

shlwapi

PathIsUNCW
UrlGetLocationW
PathRemoveExtensionA
SHRegWriteUSValueA
PathIsUNCServerShareA
PathIsRootA
PathQuoteSpacesA
StrNCatA
PathFileExistsA
StrCmpNIA
SHEnumKeyExA
StrFromTimeIntervalA
PathIsDirectoryEmptyA
PathCreateFromUrlA
PathIsRootW
UrlApplySchemeW
SHOpenRegStreamA
PathIsRelativeA
PathFindSuffixArrayW
StrIsIntlEqualA
UrlGetPartW
UrlGetPartA
StrSpnA
SHRegCreateUSKeyA
StrRetToBufA
PathIsPrefixW
IntlStrEqWorkerW
PathIsLFNFileSpecA
AssocQueryKeyA
PathAddExtensionW
PathBuildRootW
StrRChrIW
SHSetValueA
StrCmpNA
PathIsContentTypeW
StrIsIntlEqualW
PathRemoveBlanksW
SHRegSetUSValueW
SHRegGetBoolUSValueA
SHGetValueW
wvnsprintfW
ColorRGBToHLS
StrFormatByteSizeW
PathFindSuffixArrayA
SHEnumValueA
PathGetDriveNumberA
PathCompactPathA
PathStripToRootA
SHGetValueA
StrCmpNW
SHQueryInfoKeyA
PathUnquoteSpacesW
PathFindOnPathA
ChrCmpIW
PathIsLFNFileSpecW
SHDeleteValueW
UrlCombineW
SHRegDuplicateHKey
SHRegGetBoolUSValueW
UrlIsOpaqueW
PathFindFileNameA
StrPBrkW
SHCopyKeyA
StrDupA
SHOpenRegStream2A
ChrCmpIA
StrChrW
PathMakeSystemFolderW
SHDeleteKeyW
StrFromTimeIntervalW
StrToIntA
StrFormatKBSizeA
PathUnquoteSpacesA
PathUnmakeSystemFolderW
SHCreateShellPalette
UrlCompareW
SHQueryValueExW
StrRStrIW
SHRegDeleteUSValueA
SHRegQueryUSValueA
HashData
UrlCombineA
UrlIsNoHistoryW
wnsprintfW
SHRegGetUSValueW
AssocQueryStringByKeyW
SHCopyKeyW
SHStrDupA
SHRegEnumUSValueW

kernel32

GetConsoleCP
QueryDosDeviceA
OpenFileMappingA
CancelWaitableTimer
SleepEx
CopyFileA
ConvertDefaultLocale
BuildCommDCBA
CreateNamedPipeA
DebugActiveProcess
EnumDateFormatsExA
LCMapStringW
SetThreadIdealProcessor
SearchPathA
OpenSemaphoreA
DefineDosDeviceW
GetWriteWatch
GetCurrentDirectoryW
GetCPInfo
SetConsoleTitleA
ContinueDebugEvent
CreateTapePartition
ScrollConsoleScreenBufferW
GetBinaryTypeA
GetDriveTypeW
CallNamedPipeA
TerminateThread
CallNamedPipeW
GetTimeFormatA
GetThreadContext
SetCommTimeouts
VirtualAlloc
LocalSize
BuildCommDCBAndTimeoutsA
GetNumberOfConsoleMouseButtons
CopyFileExW
FileTimeToLocalFileTime
CreateMailslotW
FormatMessageA
FreeLibraryAndExitThread
GlobalFree
FatalAppExitW
EnumSystemLocalesA
GetConsoleMode
GetFileTime
ClearCommBreak
SetFileAttributesW
GetEnvironmentVariableA
RtlFillMemory
WritePrivateProfileStructA
ExpandEnvironmentStringsA
SetConsoleCursorPosition
WritePrivateProfileStringW
DeviceIoControl
SetCalendarInfoA
VirtualProtect
GlobalUnfix
GetOEMCP
SetProcessAffinityMask
GetConsoleOutputCP
GetCurrencyFormatA
GetFullPathNameA
CreateProcessW
WideCharToMultiByte
ReadFileEx
FindNextFileA
CancelIo
EnumResourceTypesW
GlobalLock
SetTimeZoneInformation
GetProfileIntA
FlushFileBuffers
CreateToolhelp32Snapshot
MultiByteToWideChar

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

001ca83eb481de1a6ff4d80f6ca5218a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ole32

shlwapi

kernel32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 12KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 12KB