d289ac2c32d098f94093c2e998c1f2e1adf128cd2778714c8c284c4a6451e25b

Sharing

Copy URL Twitter E-mail

General

Target

d289ac2c32d098f94093c2e998c1f2e1adf128cd2778714c8c284c4a6451e25b
Size

799KB
MD5

873f1b891e245029a3cc9c018711b8a3
SHA1

48d122da2ce4763d75331ce184fee218c20588e0
SHA256

d289ac2c32d098f94093c2e998c1f2e1adf128cd2778714c8c284c4a6451e25b
SHA512

9ead9f16cd7b88a6ae720068fccb380e5e07d19091826d79ca9b997f794d532629d140f8ae850c38aa97f0b8aceebcec398c0b25f233521b180a573987f8821a
SSDEEP

12288:EgCxrjTA9ejmCP92pRLwVFqnRc7zTCXU6TvraF6Vses+8reUKs:Kro9qYfLwVFqnRe8UsvraF6VseB8reU

Score

N/A

Malware Config

Signatures

Files

d289ac2c32d098f94093c2e998c1f2e1adf128cd2778714c8c284c4a6451e25b
.exe windows x64

d3a42acc12b9b451a1394adb4e2a0e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTimeFormatA
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
OutputDebugStringA
Beep
UnmapViewOfFile
MapViewOfFile
lstrlenA
WriteFile
ReadFile
CreateFileA
CreateThread
CreatePipe
AllocConsole
GetDateFormatA
GlobalAlloc
GlobalLock
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
SetErrorMode
FreeLibrary
RtlCaptureContext
GlobalUnlock
GetCurrentProcessId
OpenProcess
CloseHandle
lstrcpyA
Sleep
GetWindowsDirectoryA
GetVersionExA
GetModuleFileNameA
RtlLookupFunctionEntry
WaitForSingleObject
ReleaseMutex
CreateMutexA
GetModuleHandleA
LoadLibraryA
GetProcAddress
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError

iphlpapi

NotifyAddrChange
GetIpAddrTable

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetParent
wsprintfA
GetWindowRect
CloseClipboard
GetLastActivePopup
KillTimer
SetTimer
FindWindowA
IsIconic
LoadIconW
LoadCursorA
SetForegroundWindow
UpdateWindow
GetForegroundWindow
PostMessageA
DefWindowProcA
MessageBoxA
ReleaseDC
GetDC
GetClientRect
SendMessageA
GetMenu
GetSysColor
GetDesktopWindow
GetCursorPos
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
IsWindow
SetWindowTextA
DeleteMenu
SetDlgItemTextA
IsRectEmpty
EnableWindow
CheckMenuItem

gdi32

SelectObject
GetDeviceCaps
GetObjectA
CreateFontIndirectA
DeleteObject
PatBlt
CreateRectRgnIndirect

comctl32

ord13

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wshelp64

wsh_getdomainname
wsh_gethostname

mfc100

ord5035
ord12679
ord310
ord5577
ord8000
ord5236
ord10841
ord7921
ord2354
ord12185
ord5321
ord2683
ord3602
ord7562
ord2527
ord3305
ord12906
ord2345
ord10777
ord3595
ord2166
ord2310
ord3540
ord3667
ord883
ord5616
ord7923
ord989
ord942
ord1895
ord2022
ord5963
ord12154
ord6012
ord11620
ord11597
ord4806
ord5829
ord5596
ord1948
ord4124
ord3313
ord2137
ord4185
ord1272
ord6318
ord946
ord1205
ord800
ord9686
ord10837
ord9707
ord7835
ord9907
ord9994
ord9266
ord9842
ord10573
ord10576
ord10574
ord10575
ord5580
ord3156
ord11125
ord4340
ord7027
ord2530
ord12597
ord3828
ord4608
ord2359
ord5406
ord3480
ord5325
ord956
ord9110
ord11638
ord6319
ord1208
ord808
ord8016
ord2572
ord8044
ord10838
ord2727
ord3495
ord9197
ord2199
ord1616
ord810
ord6555
ord1461
ord13745
ord13744
ord2454
ord12974
ord11005
ord1244
ord10602
ord856
ord6554
ord5550
ord7920
ord2655
ord3600
ord7561
ord2526
ord3303
ord906
ord5820
ord266
ord265
ord12004
ord1457
ord3991
ord6580
ord8881
ord8884
ord1267
ord877
ord5872
ord8977
ord4895
ord11470
ord10840
ord10871
ord7063
ord3935
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord7277
ord2380
ord11548
ord10534
ord12579
ord7769
ord7999
ord7295
ord12665
ord11145
ord1878
ord12503
ord1831
ord908
ord10866
ord10654
ord344
ord1564
ord838
ord7278
ord12311
ord1863
ord1989
ord6865
ord1951
ord1872
ord1939
ord4190
ord9145
ord902
ord5543
ord7918
ord4613
ord3597
ord3213
ord9141
ord12500
ord11565
ord1241
ord5849
ord7927
ord2745
ord3614
ord371
ord8250
ord12845
ord6074
ord6431
ord392
ord8003
ord8978
ord13361
ord12442
ord12249
ord2423
ord4765
ord5301
ord7874
ord3292
ord9710
ord9938
ord7988
ord11333
ord4734
ord11139
ord13749
ord13667
ord13754
ord13282
ord13501
ord9171
ord13478
ord13489
ord13343
ord8266
ord2318
ord11505
ord10716
ord3521
ord3475
ord12849
ord4568
ord4560
ord9143
ord13668
ord13429
ord13430
ord13409
ord13440
ord13410
ord3285
ord941
ord9662
ord6083
ord410
ord4902
ord9680
ord9700
ord7832
ord13552
ord10127
ord8879
ord9292
ord9198
ord8991
ord10381
ord12989
ord12986
ord12987
ord12988
ord6418
ord4739
ord6091
ord6436
ord422
ord8005
ord10726
ord5045
ord12135
ord6802
ord8029
ord2168
ord3843
ord10800
ord10704
ord7056
ord2669
ord7223
ord4273
ord4274
ord300
ord305
ord12144
ord5050
ord12142
ord5049
ord10090
ord5066
ord7641
ord8137
ord10446
ord10441
ord4561
ord3281
ord3932
ord10153
ord9118
ord1732
ord9531
ord12921
ord1722
ord4879
ord10168
ord7995
ord8488
ord10161
ord1555
ord964
ord8208
ord11490
ord6697
ord1502
ord3254
ord6116
ord6440
ord10546
ord982
ord445
ord8017
ord2284
ord5886
ord10711
ord7925
ord7141
ord9947
ord9950
ord8291
ord8306
ord8296
ord8726
ord8730
ord8308
ord9803
ord7717
ord10391
ord8309
ord9807
ord7805
ord9828
ord8789
ord8790
ord3604
ord354
ord5618
ord5095
ord10728
ord9207
ord7727
ord914
ord8133
ord12098
ord6929
ord12096
ord6924
ord7589
ord4186
ord4188
ord2676
ord3302
ord8249
ord5391
ord3346
ord12722
ord5634
ord3605
ord7563
ord2140
ord3821
ord301
ord2028
ord2024
ord10289
ord5972
ord957
ord4034
ord411
ord9099
ord9093
ord8058
ord1065
ord562
ord1119
ord1067
ord669
ord566
ord5683
ord12053
ord12412
ord12103
ord12425
ord6604
ord4577
ord12455
ord11943
ord5496
ord4451
ord4921
ord13000
ord7746
ord6779
ord5396
ord5404
ord12246
ord10171
ord12673
ord12241
ord2605
ord12244
ord12195
ord8521
ord8327
ord7817
ord2304
ord2474
ord3992
ord4015
ord4009
ord4020
ord12883
ord7734
ord11074
ord5421
ord4643
ord4817
ord13010
ord8473
ord4982
ord4978
ord9233
ord1697
ord4672
ord4667
ord13033
ord7674
ord9348
ord9401
ord9495
ord9307
ord10408
ord7669
ord11318
ord4949
ord4641
ord3639
ord7935
ord8907
ord8379
ord11717
ord3414
ord3751
ord3754
ord7291
ord2709
ord8089
ord13664
ord13140
ord11933
ord13621
ord12454
ord6602
ord6249
ord1908
ord7592
ord12497
ord10248
ord9059
ord7968
ord4279
ord649
ord1106
ord1426
ord11953
ord3270
ord6423
ord10754
ord7833
ord10054
ord3479
ord2878
ord2877
ord2659
ord5319
ord12181
ord2788
ord2785
ord7057
ord2353
ord13684
ord13686
ord13685

msvcr100

_initterm_e
strchr
__C_specific_handler
strstr
getenv
strrchr
strcpy
strlen
strcat
strcmp
memset
_strdup
free
__argc
__argv
_CxxThrowException
memcpy
malloc
strncat
strncpy
fclose
fopen
_itoa
_snprintf
_purecall
memcmp
printf
_tzset
_time64
strcat_s
_strupr
_setmbcp
remove
strftime
_localtime64_s
strcpy_s
vsprintf_s
_stricmp
_getdcwd
_getdrive
_chdir
atoi
_commit
_isatty
_write
setvbuf
_fdopen
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
__CxxFrameHandler3
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
calloc
_close
__iob_func
_fileno
_open_osfhandle

advapi32

RegCreateKeyExA
RegSetValueExA
RegGetValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA

shlwapi

SHOpenRegStream2A

ole32

CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString

uxtheme

OpenThemeData
DrawThemeBackground

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 494KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a42acc12b9b451a1394adb4e2a0e1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

user32

gdi32

comctl32

version

wshelp64

mfc100

msvcr100

advapi32

shell32

shlwapi

ole32

oleaut32

uxtheme

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 5KB - Virtual size: 20KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 494KB - Virtual size: 493KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 5KB - Virtual size: 20KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 494KB - Virtual size: 493KB

.reloc
Size: 11KB - Virtual size: 10KB