9497eba70516d22f8494c2893c03f1ec4734a66018945a1df9b543cac5501fb1

Sharing

Copy URL Twitter E-mail

General

Target

9497eba70516d22f8494c2893c03f1ec4734a66018945a1df9b543cac5501fb1
Size

3.2MB
MD5

bf9084213f6f0bb5479c8f2c17b0f0fe
SHA1

52d9bc4fb0549394aea7fca48494c5a0ae761018
SHA256

9497eba70516d22f8494c2893c03f1ec4734a66018945a1df9b543cac5501fb1
SHA512

91078dd7ae049713a67e24e3738a3828bb2c5e6aa2b46576698c0578d5f82b8d28edaab42e40169b9d9e00488305c08086a0cf82fa03cd0e70fc04575c1f500c
SSDEEP

98304:hLRE8VlbOO2NQXHsnPDgnB5tZfHiG9NQnof1QauT:hi8V5OO8QXHsPDoPBn4

Score

N/A

Malware Config

Signatures

Files

9497eba70516d22f8494c2893c03f1ec4734a66018945a1df9b543cac5501fb1
.exe windows x86

277ef4fbc4facc47ead1d036c6b2d0cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
gethostname
htonl
ntohl
WSAStartup
ioctlsocket
WSACleanup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
ExpandEnvironmentStringsW
GetModuleHandleA
RegisterWaitForSingleObject
UnregisterWaitEx
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GlobalMemoryStatusEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
RaiseException
DecodePointer
OutputDebugStringA
GetTickCount
GetCurrentDirectoryW
MulDiv
GetModuleHandleW
CreateSemaphoreW
GetModuleHandleExW
CreateThread
Sleep
WaitForSingleObject
SetCurrentDirectoryW
lstrcmpiW
GetShortPathNameW
LocalAlloc
SetFilePointer
ReadFile
GetFileSizeEx
CreateFileW
MultiByteToWideChar
CopyFileW
FindResourceW
LockResource
LoadResource
GetVersionExW
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
LoadLibraryW
lstrcpyW
GetCommandLineW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetModuleFileNameW
CreateDirectoryW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
GetLongPathNameW
GetVolumeInformationW
IsDebuggerPresent
GetThreadPriority
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
GetCurrentProcess
WriteConsoleW
GetStdHandle
ExpandEnvironmentStringsA
SetEvent
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
GetComputerNameW
CreateEventW
EncodePointer
GetStringTypeW
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
SizeofResource
GetNativeSystemInfo
CreateMutexW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetACP
GetDriveTypeW
ExitThread
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
QueryPerformanceCounter
FindResourceExW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VerifyVersionInfoW
DeviceIoControl
SetThreadAffinityMask
PeekNamedPipe
GetFileType
SleepEx
VerifyVersionInfoA
VerSetConditionMask
SetEnvironmentVariableA
FlushFileBuffers
FileTimeToLocalFileTime
GetFileTime
MoveFileExA
GetTempFileNameA
GetSystemDirectoryA
GetModuleFileNameA
lstrcmpiA
WinExec
OpenProcess
GetVersionExA
GetLocalTime
FreeResource
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryExA

user32

PostMessageW
DestroyWindow
ShowWindow
FlashWindow
MoveWindow
SetWindowPos
GetActiveWindow
GetKeyState
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
EnableWindow
IsWindowEnabled
GetSystemMetrics
SwitchToThisWindow
SetForegroundWindow
SetPropW
RemovePropW
SetWindowTextW
ClientToScreen
GetWindowLongW
SetWindowLongW
SetRectEmpty
wsprintfW
OffsetRect
EqualRect
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
IsWindow
IsWindowVisible
MsgWaitForMultipleObjects
SetTimer
KillTimer
GetForegroundWindow
GetCursorPos
ScreenToClient
InflateRect
IntersectRect
GetParent
MonitorFromWindow
GetMonitorInfoW
GetPropW
GetDesktopWindow
GetWindow
GetDlgItem
CheckRadioButton
IsDlgButtonChecked
IsRectEmpty
PtInRect
SetCursor
LoadCursorW
UnregisterClassW
RegisterClassExW
CreateWindowExW
DefWindowProcW
SendMessageW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
WindowFromPoint
CopyRect
CharUpperA
GetWindowThreadProcessId
FindWindowW
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetClassNameA
DrawTextW
GetDC
ReleaseDC
FillRect
InvertRect
DrawIconEx
GetIconInfo
DestroyCursor
SetRect
UnionRect
SetFocus
GetFocus
CallWindowProcW
GetClientRect
GetWindowRect
MapWindowPoints
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
GetClassNameW
DestroyIcon
SetActiveWindow
MessageBoxW
LoadIconW
LoadBitmapW
CreateIconFromResource
LoadImageW
CharNextW
EnableMenuItem
GetSysColor
SystemParametersInfoA
CharLowerBuffW
GetShellWindow

gdi32

CreateCompatibleDC
CreateEllipticRgnIndirect
CreateFontIndirectW
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteObject
Ellipse
ExcludeClipRect
GetClipBox
GetClipRgn
GetRgnBox
GetStockObject
GetTextColor
GetTextExtentPoint32W
CreateCompatibleBitmap
OffsetRgn
Pie
PtInRegion
RectInRegion
GetCurrentObject
StretchBlt
Rectangle
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetRectRgn
SetROP2
SetTextColor
CombineRgn
BitBlt
Arc
IntersectClipRect
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
SetStretchBltMode
StretchDIBits
GetWorldTransform
SetWorldTransform
CreateDIBSection
ExtCreatePen
GetObjectW
Polyline
SetViewportOrgEx
EnumFontsW
CreateBitmap
GetViewportOrgEx

comdlg32

GetSaveFileNameW
PrintDlgExW
GetOpenFileNameW

advapi32

AdjustTokenPrivileges
RegOpenCurrentUser
ConvertSidToStringSidA
LookupAccountNameW
RegQueryInfoKeyW
GetUserNameW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
GetUserNameA
ControlService
CreateServiceW
DeleteService
OpenProcessToken
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
CheckTokenMembership
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
CryptDestroyKey
CryptImportKey
CryptEncrypt
EnumServicesStatusW
AddAce
CopySid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
IsValidSid
MakeSelfRelativeSD
LookupPrivilegeValueW
ConvertSidToStringSidW
GetSecurityInfo
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ole32

CoCreateGuid
OleUninitialize
CoSetProxyBlanket
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathIsDirectoryW
StrCmpIW
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW
StrToIntExW
PathFileExistsA
PathFileExistsW
PathCanonicalizeW
PathAppendW
SHSetValueW
SHGetValueW
SHDeleteValueW
SHDeleteKeyW
SHDeleteEmptyKeyW
StrIsIntlEqualW
PathStripPathA
StrStrIA
StrToIntA
StrCpyW

pdfium

_FPDFText_GetUnicode@8
_FPDFText_GetCharIndexAtPos@36
_FPDF_PageToDevice@48
_FPDF_DeviceToPage@40
_FPDFText_GetText@16
_FPDFText_CountRects@12
_FPDFText_GetRect@24
_FPDFAction_GetType@4
_FPDFAction_GetDest@8
_FPDFAction_GetFilePath@12
_FPDFLink_GetLinkAtPoint@20
_FPDFLink_GetDest@8
_FPDFLink_GetAction@4
_FPDFText_FindStart@16
_FPDFText_FindNext@4
_FPDFText_FindPrev@4
_FPDFText_GetSchResultIndex@4
_FPDFText_GetSchCount@4
_FPDFText_FindClose@4
_FPDFText_CountChars@4
_FPDFPage_HasTransparency@4
_FORM_OnBeforeClosePage@8
_FORM_OnAfterLoadPage@8
_FPDFBitmap_GetStride@4
_FPDFBitmap_GetHeight@4
_FPDFBitmap_GetWidth@4
_FPDFBitmap_GetBuffer@4
_FPDF_DestroyLibrary@0
_FPDF_InitLibraryWithConfig@4
_FPDFDOC_ExitFormFillEnvironment@4
_FPDFDOC_InitFormFillEnvironment@8
_FPDF_CloseDocument@4
_FPDF_GetPageSizeByIndex@16
_FPDFBitmap_Destroy@4
_FPDF_LoadPage@8
_FPDF_RenderPageBitmap@32
_FPDF_ClosePage@4
_FPDFBitmap_Create@12
_FPDFBitmap_FillRect@24
_FPDF_FFLDraw@36
_FPDFText_LoadPage@4
_FPDFText_ClosePage@4
_FPDFLink_LoadWebLinks@4
_FPDFLink_CountWebLinks@4
_FPDFLink_GetURL@16
_FPDFLink_CountRects@8
_FPDFLink_GetRect@28
_FPDF_GetPageCount@4
_FPDF_GetLastError@0
_FPDF_LoadCustomDocument@8
_FPDFDest_GetPageIndex@8
_FPDFAction_GetURIPath@16
_FPDFBookmark_GetAction@4
_FPDFBookmark_GetDest@8
_FPDFBookmark_GetTitle@12
_FPDFBookmark_GetNextSibling@8
_FPDFBookmark_GetFirstChild@8
_FPDFLink_CloseWebLinks@4

comctl32

CreatePropertySheetPageW

dbghelp

MakeSureDirectoryPathExists

gdiplus

GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipGetPropertyItem
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipAlloc
GdipFree
GdipGetImageHeight
GdiplusShutdown

msimg32

GradientFill
AlphaBlend

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

iphlpapi

GetAdaptersInfo

userenv

UnloadUserProfile

wininet

InternetCheckConnectionW
InternetConnectW
HttpQueryInfoW
InternetCrackUrlW
HttpOpenRequestW
InternetOpenA
InternetReadFile
HttpSendRequestA
InternetCloseHandle

wldap32

ord46
ord143
ord60
ord211
ord50
ord41
ord22
ord26
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

277ef4fbc4facc47ead1d036c6b2d0cf

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

shlwapi

pdfium

comctl32

dbghelp

gdiplus

msimg32

imm32

iphlpapi

userenv

wininet

wldap32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 385KB - Virtual size: 384KB

.data Size: 29KB - Virtual size: 110KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 596KB - Virtual size: 596KB

.reloc Size: 159KB - Virtual size: 160KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 385KB - Virtual size: 384KB

.data
Size: 29KB - Virtual size: 110KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 596KB - Virtual size: 596KB

.reloc
Size: 159KB - Virtual size: 160KB