c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a

Sharing

Copy URL

Twitter E-mail

General

Target

c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a
Size

874KB
MD5

e007d5311ca9f54be8eae6a3f9f39a08
SHA1

3e46f7e925dad542907b77232d82b04d56a21249
SHA256

c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a
SHA512

4c62607cc0e38fc00ae926c420778f4e893f81dc2b748a9aaf8bc81a678fa5433bbd6ed046247f9fd2f81bfb85b53c1b82fa11e0590ea5705dd91d08d75fe5a5
SSDEEP

12288:+AkBjlbMJqHdIFSDw8eRPLcB1LEUAwkTL2/VlVagyEdPdewuHA9ZPW5:+AUlbCoDjeBLI1LERMV/agy1KB6

Score

N/A

Malware Config

Signatures

Files

c1a477299f1f49616e46aae0dbb849a48da006a26ba396576bb6ebe53294b25a
.exe windows x86

7be475de1ecc5d76f0611924cff5dcb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??_V@YAXPAX@Z
memmove
_fileno
_iob
_isatty
_write
__pioinfo
__badioinfo
_lseeki64
_itoa
_snprintf
isleadbyte
__mb_cur_max
mbtowc
__set_app_type
_initterm
_cexit
_CIpow
_ftol
_CIsqrt
wcschr
realloc
_onexit
towlower
_vsnwprintf
_vscwprintf
_time64
_wputenv
??2@YAPAXI@Z
free
_purecall
malloc
calloc
??_U@YAPAXI@Z
memset
_CxxThrowException
towupper
memcpy
wcstoul
_wcstoui64
_wcslwr
wcsncmp
_wcsnicmp
wcstol
iswdigit
wcsstr
_wcsicmp
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_errno
__CxxFrameHandler
_stricmp
strncmp
_ultoa
_strlwr
_wtol
bsearch

advapi32

StartServiceW
ChangeServiceConfigW
ReportEventW
DeregisterEventSource
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegEnumKeyExW
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
CopySid
GetAce
RegQueryInfoKeyW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
IsValidSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
CheckTokenMembership
GetSecurityInfo
SetSecurityInfo
GetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceEvent
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
RegisterEventSourceW

kernel32

MapViewOfFile
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
DuplicateHandle
ReadFile
GetFileSize
FreeLibraryAndExitThread
FindClose
FindNextFileW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
InterlockedIncrement
InterlockedDecrement
SetEvent
OpenEventW
FindFirstFileW
GetLastError
GetTickCount
Sleep
WaitForSingleObject
SetLastError
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
SetThreadExecutionState
InterlockedExchange
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
MultiByteToWideChar
WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
LocalAlloc
RemoveDirectoryW
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
RegisterWaitForSingleObject
QueueUserWorkItem
GetCurrentThread
GetCurrentProcess
FormatMessageW
CreateThread
GetSystemTime
GetStringTypeExW
DebugBreak
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrlenA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
OutputDebugStringA
RtlUnwind
GetStartupInfoW
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
ExpandEnvironmentStringsW
GetTempPathW
GetVersionExW
ResetEvent
CompareFileTime
GetFileAttributesExW
VirtualFree
VirtualAlloc
OpenFileMappingW
SetFilePointerEx
GetFileSizeEx
CreateDirectoryW
SystemTimeToFileTime
UnmapViewOfFile
LoadLibraryW
FreeLibrary
ExitProcess
WaitForMultipleObjects
GetCommandLineW
GetTempFileNameW
GlobalFree
FileTimeToDosDateTime
FileTimeToSystemTime
SetThreadPriority
GetThreadPriority
ReleaseMutex
CreateMutexW
CompareStringW
OpenMutexW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

winhttp

WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpTimeFromSystemTime
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpQueryHeaders

user32

CharUpperBuffW
UnregisterClassA
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PeekMessageW
CharUpperW
wvsprintfW

oleaut32

SafeArrayLock
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayPtrOfIndex
VariantTimeToSystemTime
VariantInit
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType

ole32

PropVariantClear
IIDFromString
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoUnmarshalInterface
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance

authz

AuthzFreeResourceManager

wsock32

WSAGetLastError

iphlpapi

GetIpAddrTable
SendARP
GetAdaptersAddresses
GetBestInterfaceEx
NotifyAddrChange
CancelIPChangeNotify

secur32

GetUserNameExW

httpapi

HttpTerminate
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration
HttpInitialize

ws2_32

getnameinfo
GetAddrInfoW
FreeAddrInfoW

shlwapi

StrCmpNW
ord437
PathAppendW
StrStrIW
PathFileExistsW
PathFindFileNameW

ntdll

_vsnprintf
ceil
strchr

mfplat

MFShutdown
MFStartup
MFInvokeCallback
MFCreateAsyncResult
CreatePropertyStore

userenv

UnregisterGPNotification
RegisterGPNotification

Sections

.text
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7be475de1ecc5d76f0611924cff5dcb6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

shell32

winhttp

user32

oleaut32

ole32

authz

wsock32

iphlpapi

secur32

httpapi

ws2_32

shlwapi

ntdll

mfplat

userenv

Sections

.text Size: 678KB - Virtual size: 677KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 112KB - Virtual size: 116KB

.kdata Size: 68KB - Virtual size: 68KB

.text
Size: 678KB - Virtual size: 677KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 112KB - Virtual size: 116KB

.kdata
Size: 68KB - Virtual size: 68KB