de49b633e9b24067087ff0b31391aa13b42460b013a6eaac7e35c2cba922e144

Sharing

Copy URL Twitter E-mail

General

Target

de49b633e9b24067087ff0b31391aa13b42460b013a6eaac7e35c2cba922e144
Size

529KB
MD5

67412a1b11fde2e336c542da804028c1
SHA1

c9c54da7808e60253d5fa527fe6bb456c9f06900
SHA256

de49b633e9b24067087ff0b31391aa13b42460b013a6eaac7e35c2cba922e144
SHA512

da7aa454c097f650225ccd3105a5cec2c0cf39ac7fcc0e158f658615104f366e145ecccf5da27a61cc26e751c5c2b37526319e0c05a8799194e4b8a5faac9e47
SSDEEP

12288:ezIVReQ7C9GWTgxhUs0fBBg9Mext3LzggOZYl/4CLylM:4IVQ99YToBeMex2YyM

Score

N/A

Malware Config

Signatures

Files

de49b633e9b24067087ff0b31391aa13b42460b013a6eaac7e35c2cba922e144
.exe windows x86

eeafe7e4b42706814879392eeb8a50a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteConsoleW
OutputDebugStringA
HeapQueryInformation
HeapSize
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
HeapFree
OutputDebugStringW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
GetEnvironmentVariableW
IsProcessorFeaturePresent
IsDebuggerPresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
RaiseException
LocalAlloc
GlobalAlloc
GetLastError
CreateThread
CloseHandle
WaitForSingleObject
HeapCreate
GetProcAddress
lstrlenA
HeapAlloc
CompareStringA
GetWindowsDirectoryA
GetEnvironmentStringsW
FormatMessageA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
HeapValidate
SetLastError
TlsFree
CreateFileW
GetCurrentThreadId
lstrcpyA
GetModuleHandleA
SetHandleCount
LoadLibraryA
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetStdHandle
WriteFile
GetModuleFileNameW
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DecodePointer
GetModuleHandleW
ExitProcess
EnterCriticalSection

user32

DrawFrameControl
DestroyIcon
CreateWindowExA
RegisterClassExA
LoadCursorA
ShowWindow
UpdateWindow
LoadAcceleratorsA
MessageBoxA
GetWindowTextA
GetDC
CheckRadioButton
SetRectEmpty
LoadStringA
LoadIconA
SetCursor
GetSysColor
GetMenuCheckMarkDimensions
GetSystemMetrics
DefWindowProcA
BeginPaint
GetClientRect
DrawTextW
EndPaint
InvalidateRect
SendMessageA
GetIconInfo
DdeNameService
DestroyWindow
PostQuitMessage
EnableMenuItem
PostMessageA
GetWindowTextLengthA

gdi32

ExtTextOutA
CreateCompatibleDC
GetObjectA
CreateBitmap
StretchBlt
DeleteDC
CreateFontW
CreateFontIndirectA
GetTextMetricsA
SetTextAlign
CreateSolidBrush
MoveToEx
GetStockObject
SetDCPenColor
LineTo
CreateCompatibleBitmap
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
Rectangle
PatBlt
DeleteObject
SelectObject

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetFileInfoA

ole32

CoInitialize

msimg32

GradientFill

winmm

waveOutGetNumDevs
mmioClose
mmioWrite
mmioCreateChunk
mmioOpenA

shlwapi

PathStripToRootA
PathIsDirectoryEmptyW

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP

sensapi

IsNetworkAlive

dxva2

GetMonitorDisplayAreaSize

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ydata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeafe7e4b42706814879392eeb8a50a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

msimg32

winmm

shlwapi

comctl32

rpcrt4

gdiplus

sensapi

dxva2

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 12KB

.qdata Size: 222KB - Virtual size: 221KB

.ydata Size: 7KB - Virtual size: 7KB

.rsrc Size: 116KB - Virtual size: 115KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 12KB

.qdata
Size: 222KB - Virtual size: 221KB

.ydata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 116KB - Virtual size: 115KB