1f76448b3e555d2b461af35877711867041d073bb427f5328ea1f71e0a6f1481

Sharing

Copy URL Twitter E-mail

General

Target

1f76448b3e555d2b461af35877711867041d073bb427f5328ea1f71e0a6f1481
Size

621KB
MD5

6bdf12be27fc1983c3a5a4f2bb8951d0
SHA1

9fb0f28a67734bdd756cf99c79c6f5ef0c662772
SHA256

1f76448b3e555d2b461af35877711867041d073bb427f5328ea1f71e0a6f1481
SHA512

5bd4a9aeb58713577b0d1df9314924a97c1417b40ac977ad0fdaec0bb5e1a60cdc063d699ef4da50d7b468decc6de3cd4eef5bc4260c98045099ce31a4a712f2
SSDEEP

12288:j87+g82N6g8ucNU64jcOsJOGhKe89MFe+8iG7cd6JXmwO+F0:O+g1OWyPKete+8joMYi0

Score

N/A

Malware Config

Signatures

Files

1f76448b3e555d2b461af35877711867041d073bb427f5328ea1f71e0a6f1481
.exe windows x86

6069c664d988db84a62d9456cf76ac12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCloneImage
GdipAlloc

kernel32

RaiseException
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
GetTickCount
Sleep
CreateFileW
GetFileSize
ReadFile
WriteFile
FindFirstFileW
FindClose
WideCharToMultiByte
GetVersionExW
OpenProcess
CreateFileMappingW
CreateThread
UnmapViewOfFile
lstrlenA
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
LoadResource
GetStringTypeA
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
CreateProcessW
CloseHandle
FindResourceW
MapViewOfFile
SizeofResource
LockResource
GlobalAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
SetErrorMode
LoadLibraryW
InitializeCriticalSection
GetProcAddress
IsValidLocale
SetFilePointer
SetEndOfFile
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapSize
FatalAppExitA
HeapCreate
HeapDestroy
GetStartupInfoW
IsDebuggerPresent
FileTimeToLocalFileTime
GetFileTime
FileTimeToSystemTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleCP
TerminateProcess
RtlUnwind
HeapReAlloc
GetThreadLocale
GetStringTypeW
VirtualQuery
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
QueueUserWorkItem
SetFilePointerEx
SetFileAttributesW
GetFileAttributesW
GetConsoleMode
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
MoveFileW
SystemTimeToFileTime
InterlockedExchangeAdd
CreateEventW
GetLocalTime
SetEvent
MoveFileExW
AllocConsole
ResumeThread
SuspendThread
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA

user32

BeginPaint
EndPaint
SetWindowLongW
SystemParametersInfoW
MapWindowPoints
GetDlgItem
ShowWindow
GetClientRect
GetSystemMetrics
LoadImageW
GetParent
GetWindow
SetWindowPos
SetWindowTextW
wsprintfA
UnregisterClassA
PostThreadMessageW
GetMessageW
PeekMessageW
GetWindowLongW
SendMessageW
EndDialog
wsprintfW
SetTimer
GetWindowRect
CharNextW
GetLastInputInfo
PostMessageW
DefWindowProcW
GetActiveWindow
DialogBoxParamW
DestroyWindow

gdi32

SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC

advapi32

AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
CheckTokenMembership
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ord155
SHGetPathFromIDListW
SHGetFolderLocation
ShellExecuteExW
ord165
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

SHDeleteValueW
SHGetValueA
PathFileExistsW
SHSetValueW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
InternetGetCookieA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionA
InternetCrackUrlA
InternetOpenW
InternetOpenUrlA
HttpOpenRequestA
InternetConnectA

ws2_32

__WSAFDIsSet
select
inet_addr
accept
ioctlsocket
listen
ntohs
WSACleanup
WSAStartup
recv
inet_ntoa
getsockname
WSAGetLastError
connect
htons
socket
gethostbyname
sendto
bind
closesocket
shutdown
send

Sections

.text
Size: 432KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6069c664d988db84a62d9456cf76ac12

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

version

wininet

ws2_32

Sections

.text Size: 432KB - Virtual size: 430KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 432KB - Virtual size: 430KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 88KB - Virtual size: 88KB