7134ab5d84b0ff508253e4530637f62917552fb376e1da889306b65473c61ab3

Sharing

Copy URL Twitter E-mail

General

Target

7134ab5d84b0ff508253e4530637f62917552fb376e1da889306b65473c61ab3
Size

4.4MB
MD5

ed933d5e48f5d9a6ffc1570ebcbb362a
SHA1

fa5bfb88faff4a01b6f22cb73d3939d79106836b
SHA256

7134ab5d84b0ff508253e4530637f62917552fb376e1da889306b65473c61ab3
SHA512

181163a257cc4f21200dbbb3d369f2366649fd70519aecb2478a0055d1e2ff26a29cd874ff2e57ab10be583b790db1939c74d0adb401d62a7e13a34f6448b67d
SSDEEP

49152:OldlnWowo2LjgY231uLkn3uvrv86+LFobdjF2kv5zg5PUwryYc+Rg4GrCZaae:Old1WoeIY231uLk3GpC2vSywr5c+

Score

N/A

Malware Config

Signatures

Files

7134ab5d84b0ff508253e4530637f62917552fb376e1da889306b65473c61ab3
.exe windows x86

971526f5446153d08402586b804bbe2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
PathAddBackslashW
PathRemoveFileSpecW
PathStripPathW
PathRemoveExtensionW

kernel32

RaiseException
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FindResourceW
DeleteFileW
GetCommandLineW
ConvertThreadToFiberEx
ConvertFiberToThread
CreateFiberEx
DeleteFiber
SwitchToFiber
AcquireSRWLockShared
ReleaseSRWLockShared
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
GetLastError
CreateProcessW
GetModuleHandleA
GetVersionExW
GetModuleFileNameW
lstrcmpiW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WriteConsoleW
HeapSize
GetTimeZoneInformation
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
WaitForSingleObject
TlsGetValue
TlsAlloc
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetExitCodeThread
LocalFree
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
MoveFileExW
CreateDirectoryExW
SetFilePointerEx
SetEndOfFile
GetCurrentProcess
TerminateProcess
CreateEventW
OutputDebugStringA
lstrcpyW
InitializeCriticalSectionEx
lstrcpynW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
GetCurrentProcessId
OutputDebugStringW
MulDiv
GetACP
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
LoadLibraryW
FreeResource
GetSystemDirectoryW
Sleep
FindNextFileW
FindClose
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesExW
GetSystemTimeAsFileTime
GetTickCount
GetFileSize
GetLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
HeapFree
SetLastError
VirtualFree
VirtualProtect
DeviceIoControl
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
FreeLibraryWhenCallbackReturns
FormatMessageA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTime
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
GetFullPathNameW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
IsBadReadPtr
FreeLibrary
GetProcessHeap
GetProcAddress
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
TlsSetValue

user32

GetUserObjectInformationW
GetProcessWindowStation
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
SendMessageW
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
wsprintfW
SetWindowRgn
MessageBoxW
InflateRect
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
LoadImageW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
MonitorFromPoint
SetCursor
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SystemParametersInfoW
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
CreateWindowExW
GetMonitorInfoW
GetKeyNameTextW
MapVirtualKeyExW

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateFontIndirectW
SetBitmapBits
GetBitmapBits
FillRgn
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
BitBlt
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
CombineRgn
GetDeviceCaps
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
DeleteObject
DeleteDC
CreatePen

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyW
CryptGetUserKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CLSIDFromString
CoCreateInstance
OleLockRunning
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCloneBrush
GdiplusStartup
GdiplusShutdown
GdipDeleteBrush
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipAlloc
GdipImageGetFrameDimensionsCount
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

select
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
__WSAFDIsSet
WSASetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
shutdown
WSAIoctl
inet_pton
WSAStartup
WSACleanup
accept
closesocket
recv
send
socket
ntohl
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 787KB - Virtual size: 786KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

971526f5446153d08402586b804bbe2a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

ws2_32

crypt32

bcrypt

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 787KB - Virtual size: 786KB

.data Size: 38KB - Virtual size: 51KB

.rsrc Size: 560KB - Virtual size: 559KB

.reloc Size: 148KB - Virtual size: 148KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 787KB - Virtual size: 786KB

.data
Size: 38KB - Virtual size: 51KB

.rsrc
Size: 560KB - Virtual size: 559KB

.reloc
Size: 148KB - Virtual size: 148KB