bdc5bbe2e6bb942d054e91b30e11e3ab068dfe79241fffd77c7f01c307555721

Sharing

Copy URL

Twitter E-mail

General

Target

bdc5bbe2e6bb942d054e91b30e11e3ab068dfe79241fffd77c7f01c307555721
Size

132KB
MD5

4daf37d8e6938439d6f4740c41abdd3a
SHA1

2e68bca9b7bbdfa31fcda5fa9483925d733196cc
SHA256

bdc5bbe2e6bb942d054e91b30e11e3ab068dfe79241fffd77c7f01c307555721
SHA512

4c7d30c48c3f3437c377c8cbae36f4af796d6b6724ec2fb9a5f5321dd409dcfcc00475c9d8949c344f59f4cbf95c8f14ce79fedf99a2a5e0559a793641447801
SSDEEP

3072:i2oDyl4xezpFrd/H6R4irS42O4N8TqS2Ux09X9RgqsfsGYT1H5O:xqrelFBP6HrS42w2UM9qAR1Y

Score

N/A

Malware Config

Signatures

Files

bdc5bbe2e6bb942d054e91b30e11e3ab068dfe79241fffd77c7f01c307555721
.exe windows x86

727cf34761c2277c7ab1612b0d7a8c44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetComputerNameW
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
OpenProcess
VirtualAlloc
CreateProcessW
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetThreadContext
SetThreadContext
GetProcessId
TlsGetValue
TlsSetValue
TerminateProcess
ResetEvent
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
MoveFileExW
GetUserDefaultUILanguage
CreateRemoteThread
ExpandEnvironmentStringsW
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
CreateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
GetSystemTime
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
GetVersionExW
GetNativeSystemInfo
CreateToolhelp32Snapshot
Process32NextW
VirtualProtectEx
Process32FirstW
SetThreadPriority
GetCurrentThread
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
GetFileAttributesW
LoadLibraryW
CreateDirectoryW
WriteProcessMemory
LocalFree
GetCurrentProcessId
CloseHandle
DuplicateHandle
OpenEventW
GetFileAttributesExW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
Sleep
VirtualFreeEx
VirtualFree
GetModuleHandleW
SetEvent
WaitForSingleObject
SetErrorMode
GetCommandLineW
ExitProcess
lstrcmpiW
LoadLibraryA
GetProcAddress
SetLastError
FreeLibrary

user32

CharLowerA
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
SetCapture
DefDlgProcW
GetWindowRect
OpenInputDesktop
BeginPaint
GetUpdateRect
GetDC
GetCapture
MapVirtualKeyW
GetSystemMetrics
PrintWindow
CharLowerW
CharLowerBuffA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
GetShellWindow
FillRect
DrawEdge
IntersectRect
PostThreadMessageW
PostMessageW
WindowFromPoint
GetParent
GetWindowInfo
EqualRect
EndPaint
GetClassLongW
GetWindowLongW
SetWindowPos
IsWindow
GetCursorPos
GetIconInfo
SendMessageW
MapWindowPoints
GetWindowThreadProcessId
IsRectEmpty
RegisterClassExW
SetCursorPos
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMessagePos
DefFrameProcW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
DefFrameProcA
DrawIcon
ExitWindowsEx
CharToOemW
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
RegisterClassA
GetAncestor

advapi32

IsWellKnownSid
GetLengthSid
EqualSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ConvertSidToStringSidW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashW
PathIsURLW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
StrStrIA
PathQuoteSpacesW
StrCmpNIW
PathRenameExtensionW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

CreateCompatibleDC
SetRectRgn
SelectObject
SaveDC
DeleteDC
SetViewportOrgEx
RestoreDC
CreateDIBSection
GetDeviceCaps
GetDIBits
DeleteObject
GdiFlush
CreateCompatibleBitmap

ws2_32

sendto
select
getaddrinfo
recvfrom
getpeername
send
closesocket
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
bind
socket
WSASetLastError
listen
recv
freeaddrinfo
WSAEventSelect
getsockname
accept

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

727cf34761c2277c7ab1612b0d7a8c44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB