1b218a603110f6ba120f75b9d0fa55ca62551f408ca0a1ee740d2ba81f3dadbb

Sharing

Copy URL Twitter E-mail

General

Target

1b218a603110f6ba120f75b9d0fa55ca62551f408ca0a1ee740d2ba81f3dadbb
Size

3.5MB
MD5

472e9f4e4fe9f59a6ec7d9efacff8a1f
SHA1

c0f6c1469a2c1396e560802da0a45527a72b1c3c
SHA256

1b218a603110f6ba120f75b9d0fa55ca62551f408ca0a1ee740d2ba81f3dadbb
SHA512

03c3c2ccee82dfee1cf2063421eb2c6a4e7fa3c566d7d4531bff3390b288bbe95e7540bd35bba01f77f93c53a58d3e80673157b8b20df416b3e40698c1f2e4c8
SSDEEP

98304:YRj2Jw1hi34Ie2uhe8RZNiOM9qCfoU4yI3MP:c2F4Te8RZNiOM9qCfoPbM

Score

N/A

Malware Config

Signatures

Files

1b218a603110f6ba120f75b9d0fa55ca62551f408ca0a1ee740d2ba81f3dadbb
.exe windows x86

55a05c98ae6c6301bc74b718051d2d29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersAddresses
GetIfTable
NotifyAddrChange
GetAdaptersInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeGetTime

ws2_32

gethostbyname
closesocket
socket
bind
send
setsockopt
htons
inet_addr
WSAStartup
connect
inet_ntoa
WSACreateEvent
WSAGetLastError
WSASetLastError
__WSAFDIsSet
select
WSACleanup
WSAIoctl
getsockname
ntohs
getsockopt
getpeername
sendto
getservbyname
shutdown
ntohl
htonl
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
listen
accept
recvfrom
recv

wldap32

ord33
ord79
ord35
ord301
ord200
ord30
ord26
ord27
ord41
ord46
ord45
ord32
ord60
ord50
ord143
ord217
ord211
ord22

kernel32

WideCharToMultiByte
Sleep
LeaveCriticalSection
CreateProcessA
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
FindFirstFileA
GetLastError
EnterCriticalSection
FindClose
GetLocalTime
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetStdHandle
GetTickCount
ReadFile
GetStartupInfoA
CreatePipe
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
LoadLibraryA
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
GetACP
ExitProcess
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceA
SetFilePointer
GetFileType
CreateFileA
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
MulDiv
GetFileSize
lstrlenA
InterlockedIncrement
InterlockedDecrement
SetLastError
FreeLibrary
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
ExpandEnvironmentStringsA
GetSystemTime
FlushConsoleInputBuffer
GetVersion
GlobalMemoryStatus
UnhandledExceptionFilter
HeapReAlloc
GetLocaleInfoA
InterlockedCompareExchange
InterlockedExchange
FormatMessageA
WaitForSingleObject
SetCurrentDirectoryA
GetCommandLineA
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
RtlUnwind
RaiseException
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileInformationByHandle
GetFileAttributesA
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetConsoleCP
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
CreateFileW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
SetStdHandle
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GetCurrentDirectoryA

user32

GetSysColor
ClientToScreen
SetCaretPos
ShowCaret
HideCaret
CreateCaret
IntersectRect
CharNextA
SetWindowRgn
IsZoomed
IsIconic
SetCursor
wvsprintfA
UnionRect
InflateRect
OffsetRect
PtInRect
SetCapture
KillTimer
SetTimer
GetFocus
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
MapWindowPoints
ScreenToClient
GetProcessWindowStation
GetDC
DestroyWindow
ReleaseDC
SetWindowTextA
GetMenu
AdjustWindowRectEx
SetPropA
GetPropA
GetWindowLongA
CallWindowProcA
GetClassInfoExA
RegisterClassExA
LoadCursorA
RegisterClassA
LoadImageA
GetWindowRect
GetParent
MonitorFromWindow
GetMonitorInfoA
SetWindowPos
GetWindow
EnableWindow
GetMessageA
SetFocus
TranslateMessage
DispatchMessageA
PostQuitMessage
IsWindow
SetWindowLongA
GetWindowTextLengthA
GetUserObjectInformationW
GetKeyState
GetWindowTextA
FindWindowA
ShowWindow
SetForegroundWindow
GetSystemMetrics
MoveWindow
CreateAcceleratorTableA
InvalidateRgn
SetRect
CharPrevA
DrawTextA
PostMessageA
GetClientRect
FillRect
GetCursorPos
MessageBoxA
SendMessageA
ReleaseCapture
wsprintfA
DefWindowProcA
CreateWindowExA

gdi32

StretchBlt
SetStretchBltMode
ExtTextOutA
SetBkColor
CreateSolidBrush
LineTo
MoveToEx
CreateDIBSection
RoundRect
SetTextColor
SetBkMode
TextOutA
GetTextExtentPoint32A
GetCharABCWidthsA
GdiFlush
SetWorldTransform
SetGraphicsMode
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
GetDeviceCaps
CreateRoundRectRgn
GetTextMetricsA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteObject
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
CreatePenIndirect
CreatePen

advapi32

CryptSetHashParam
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
DeregisterEventSource
CryptSignHashA
CryptDestroyHash

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantInit

gdiplus

GdipDrawString
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipCreateFontFromDC
GdipSetStringFormatLineAlign

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryA

powrprof

CallNtPowerInformation

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a05c98ae6c6301bc74b718051d2d29

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

winmm

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

crypt32

pdh

powrprof

comctl32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 415KB - Virtual size: 415KB

.data Size: 56KB - Virtual size: 87KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 101KB - Virtual size: 101KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 415KB - Virtual size: 415KB

.data
Size: 56KB - Virtual size: 87KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 101KB - Virtual size: 101KB