3a28df91191060f60ee7fbda80898a0b505b9906f9f7b14b4e71e1caa044f7af

Sharing

Copy URL Twitter E-mail

General

Target

3a28df91191060f60ee7fbda80898a0b505b9906f9f7b14b4e71e1caa044f7af
Size

873KB
MD5

796218100f6741a3d40ab5b3bd006a90
SHA1

1caf27e0f023a4b1ff737e87ac6cde604877f496
SHA256

3a28df91191060f60ee7fbda80898a0b505b9906f9f7b14b4e71e1caa044f7af
SHA512

cbdc00dfda0bc7fa7dae0e922e2e75b0b958f289e1484667d0af1a136f7f977c09564ed8eedefb4dab7ba5dabcac4dbf2ae02f751adb04d81720f3cef5517a7d
SSDEEP

12288:uJAjU+DrN0BKM+c1xAOFKaDCrYc1VVi1YPPKsxduDIg5L3/UcSI:9nrN0IFc1COFherz1G1YPvxduk4Zz

Score

N/A

Malware Config

Signatures

Files

3a28df91191060f60ee7fbda80898a0b505b9906f9f7b14b4e71e1caa044f7af
.exe windows x86

e82aa0b62b4e3967a9182310470c8fe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getprotobyname
ntohl
inet_ntoa
inet_addr
connect
shutdown
getservbyname
WSAIoctl
ioctlsocket
WSACleanup
WSAStartup
getsockopt
WSARecv
WSARecvFrom
WSAWaitForMultipleEvents
WSASendTo
getsockname
listen
WSASocketA
socket
bind
accept
recv
recvfrom
send
sendto
setsockopt
gethostbyname
WSAGetLastError
gethostname
WSACloseEvent
htons
WSASetLastError
htonl
WSACreateEvent
WSASend
WSAEventSelect
WSAAddressToStringA
WSAEnumNetworkEvents
closesocket
ntohs
getservbyport

imm32

ImmAssociateContext

kernel32

CreateEventW
OutputDebugStringA
GetVersionExW
GlobalMemoryStatus
QueryPerformanceCounter
GetProcessTimes
GetProcessWorkingSetSize
GetThreadTimes
GetStdHandle
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
GetStringTypeA
TerminateProcess
IsValidCodePage
IsDBCSLeadByteEx
GetTempFileNameW
GetTempPathW
DeleteFileW
RtlUnwind
VirtualProtect
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
ExitThread
InitializeCriticalSectionAndSpinCount
GetConsoleMode
UnhandledExceptionFilter
GetACP
LCMapStringA
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
GetFileType
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapAlloc
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
ResetEvent
SetUnhandledExceptionFilter
GetCurrentDirectoryW
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
DebugBreak
LoadLibraryW
Sleep
IsDebuggerPresent
CreateThread
CreateFileW
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetStringTypeExA
FormatMessageW
FindResourceW
VirtualProtectEx
GetLocalTime
MoveFileA
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CreateEventA
SuspendThread
SetEvent
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedExchange
lstrcmpA
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
GlobalFree
MulDiv
SetLastError
GetProcessHeap
HeapFree
lstrcpyA
GetFileAttributesA
GetCurrentProcess
DuplicateHandle
CreatePipe
CloseHandle
GetFullPathNameA
GetExitCodeThread
WaitForSingleObject
FormatMessageA
CreateDirectoryA
DeleteFileA
ResumeThread
LocalFree
ExitProcess
GetLocaleInfoA
GetTickCount
LoadLibraryA
SetCurrentDirectoryA
GetCurrentDirectoryA
LockResource
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetCurrentProcessId
IsDBCSLeadByte
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetThreadContext
FindResourceExA
GetConsoleCP

user32

LoadCursorA
SetCapture
SetWindowRgn
DrawIcon
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuItemInfoA
InflateRect
UnpackDDElParam
LoadMenuA
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
GetDesktopWindow
TranslateAcceleratorA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
GetNextDlgTabItem
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
CreateDialogIndirectParamA
IsZoomed
GetSysColorBrush
UnregisterClassA
DeleteMenu
DestroyIcon
CharUpperA
SetRect
WindowFromPoint
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetOpenClipboardWindow
GetClipboardOwner
GetClipboardViewer
GetCaretPos
GetInputState
GetQueueStatus
CallNextHookEx
GetProcessWindowStation
GetWindow
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
wsprintfA
EndDialog
LoadIconA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
MessageBoxA
DialogBoxParamA
LoadStringA
PostQuitMessage
OemToCharBuffA
CharToOemBuffA
SendMessageA
EnableWindow
GetParent
GetFocus
KillTimer
SetTimer
ReleaseDC
GetDC
GetWindowRect
GetSystemMenu
EnableMenuItem
PostMessageA
UpdateWindow
GetClipboardData
CharNextExA
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CharNextA
GetClassNameA
ReuseDDElParam

gdi32

GetBkColor
GetPixel
PtVisible
GetTextMetricsA
Ellipse
LPtoDP
CreateEllipticRgn
CreateSolidBrush
CreatePatternBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
CreateFontIndirectA
GetTextExtentPoint32A
GetStockObject
SelectObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject
GetObjectA
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

QueryServiceConfigW
RegNotifyChangeKeyValue
SetServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

FindExecutableA
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
ShellExecuteA

shlwapi

PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindFileNameA

ole32

CoInitialize
OleRun
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
GetActiveObject
VarUI4FromStr
VariantClear
SysAllocString
GetErrorInfo
VariantChangeType
VariantInit
SysAllocStringLen

dbghelp

SymGetModuleInfo
SymFromAddr
SymInitialize
SymCleanup
SymGetLineFromAddr
SymLoadModule
SymSetOptions
SymGetModuleBase
SymFunctionTableAccess
SymSetContext
SymEnumSymbols
StackWalk
SymGetTypeInfo
MiniDumpWriteDump

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

Netbios

secur32

DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesA
AcquireCredentialsHandleA
InitializeSecurityContextW
CompleteAuthToken
DecryptMessage
EncryptMessage

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mixcrt
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

colfk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 142KB - Virtual size: 142KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e82aa0b62b4e3967a9182310470c8fe1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

imm32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

dbghelp

version

netapi32

secur32

Sections

.text Size: 504KB - Virtual size: 503KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 27KB - Virtual size: 60KB

.mixcrt Size: 512B - Virtual size: 1B

.rsrc Size: 63KB - Virtual size: 62KB

colfk Size: 4KB - Virtual size: 4KB

Size: 142KB - Virtual size: 142KB

.text
Size: 504KB - Virtual size: 503KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 27KB - Virtual size: 60KB

.mixcrt
Size: 512B - Virtual size: 1B

.rsrc
Size: 63KB - Virtual size: 62KB

colfk
Size: 4KB - Virtual size: 4KB