7e2dd751b0487706414911ed4529c4475b449a22760fe8599aee0e37a4f63f68

Sharing

Copy URL Twitter E-mail

General

Target

7e2dd751b0487706414911ed4529c4475b449a22760fe8599aee0e37a4f63f68
Size

206KB
MD5

756dec5edc28b6d98393719012bd6e1b
SHA1

1b11f5be48ae80c034858c23e9a0e8745a7d6532
SHA256

7e2dd751b0487706414911ed4529c4475b449a22760fe8599aee0e37a4f63f68
SHA512

2137b28bcf313ce9c02bd0b333449454e3ed58c81425d28943ea2268386f087ce20e5e0d299c08c540420d8354468e1224cb52b06bdd5dacd52ffe2bf597e42a
SSDEEP

3072:AKH3PiN3C7ReqdXdl17n23Nk02EFM5B8o/2JirZXPeKEvo9MQOji6ZpA6gdqpnBH:AckS7AqdX43Nk3EGxuJaXmzoIZmupnxn

Score

N/A

Malware Config

Signatures

Files

7e2dd751b0487706414911ed4529c4475b449a22760fe8599aee0e37a4f63f68
.exe windows x86

41d64ee551f965ccd4ec65999e5e712f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
WriteFile
FlushFileBuffers
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
VirtualProtect
ReadFile
GetTimeZoneInformation
LoadLibraryA
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
SetHandleInformation
CreatePipe
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
CreateRemoteThread
GetNativeSystemInfo
GetModuleHandleA
WaitForMultipleObjects
CreateEventW
ExitThread
GetVersionExW
CreateEventA
VirtualFree
GetComputerNameW
SetErrorMode
SetFileAttributesW
IsBadReadPtr
GetSystemTime
GetLastError
SetLastError
DeleteFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
GetLocalTime
CreateThread
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
MultiByteToWideChar
OpenEventW
WTSGetActiveConsoleSessionId
CreateFileW
LoadLibraryW
CreateDirectoryW
FreeLibrary
GetCommandLineW
GetUserDefaultUILanguage
GetFileAttributesW
Sleep
MoveFileExW
GlobalUnlock
GetTickCount
GlobalLock
ReleaseMutex
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
GetThreadContext
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileAttributesExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
ExitProcess
ResetEvent
TerminateProcess
TlsSetValue
SetEvent
TlsGetValue
ExpandEnvironmentStringsW
CloseHandle
LocalFree
GetCurrentThreadId
lstrcmpiW
lstrcmpiA
SetThreadPriority
GetCurrentThread
Thread32Next

user32

CharToOemW
GetKeyboardState
ToUnicode
GetSystemMetrics
GetMessageA
RegisterClassExA
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetCapture
TranslateMessage
RegisterClassExW
SetCursorPos
GetClipboardData
PeekMessageW
GetKeyboardLayoutList
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
GetWindow
DefFrameProcW
RegisterClassA
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
MessageBoxA
MapVirtualKeyW
GetWindowThreadProcessId
MapWindowPoints
IsWindow
CharLowerW
DrawIcon
GetIconInfo
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
GetShellWindow
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
CharLowerA
WindowFromPoint
CharUpperW
PeekMessageA
SetWindowLongW
FillRect
PostMessageW
GetWindowInfo
DispatchMessageW
GetWindowRect
GetParent
GetClassLongW
GetWindowLongW
GetAncestor
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
ExitWindowsEx
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
SetWindowPos
GetMessagePos
SendMessageTimeoutW
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
CharLowerBuffA
DefWindowProcA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
InitiateSystemShutdownExW
CreateProcessAsUserA
CreateProcessAsUserW
EqualSid
IsWellKnownSid
GetLengthSid
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
RegEnumKeyW
ConvertSidToStringSidW

shlwapi

SHDeleteValueW
PathQuoteSpacesW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
PathIsURLW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
StrStrIA
PathUnquoteSpacesW
PathRemoveBackslashW
StrCmpNIW
PathRenameExtensionW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
SaveDC

ws2_32

WSASend
getaddrinfo
inet_addr
getpeername
WSAGetLastError
freeaddrinfo
recv
sendto
getsockname
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
closesocket
gethostbyname
send
recvfrom
accept
WSAEventSelect
listen
WSASetLastError
socket
bind
select

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

InternetReadFileExA
InternetReadFile
HttpSendRequestW
HttpOpenRequestA
HttpEndRequestA
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetOpenA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetSetStatusCallbackA
InternetConnectA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
InternetQueryDataAvailable
InternetSetFilePointer
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
HttpOpenRequestW

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41d64ee551f965ccd4ec65999e5e712f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 193KB - Virtual size: 193KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 193KB - Virtual size: 193KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB