9172ba159829df371867f9ca933320716bb017c7009087bf9f4f7435d5f72c29

Sharing

Copy URL Twitter E-mail

General

Target

9172ba159829df371867f9ca933320716bb017c7009087bf9f4f7435d5f72c29
Size

288KB
MD5

671e98221e9ff156023adb5c0b3ff5f0
SHA1

6cd0b7a3e88f66438cf7411f901046bc77329a57
SHA256

9172ba159829df371867f9ca933320716bb017c7009087bf9f4f7435d5f72c29
SHA512

906634354ae13f16898883ae09dfed1e1fc384f7485de0dff7bab7f148c883f2727e74ac3ac2f71306fd00ea3d9e2b34869364bb159d1b184353028f9a71171e
SSDEEP

6144:kB34cJZPXskOpgrCLWdY6VWxtoloBV+rLxUoKdt:SVJdXPOp4hVJ6BV+rLx

Score

N/A

Malware Config

Signatures

Files

9172ba159829df371867f9ca933320716bb017c7009087bf9f4f7435d5f72c29
.exe windows x86

f41047efe93f2963cecbb686bd6d42ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW

kernel32

GlobalFree
GetCommandLineW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
EnterCriticalSection
GetLocaleInfoW
SetProcessWorkingSetSize
GetUserPreferredUILanguages
FindResourceExW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
MoveFileExW
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetSystemDefaultLangID
LoadLibraryW
LocalFree
FormatMessageW
CreateProcessW
CloseHandle
CreateMutexW
InterlockedExchange
HeapSetInformation
GetLastError
InitializeCriticalSection
DeleteCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultUILanguage
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
lstrlenW
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetTimeFormatW
LeaveCriticalSection
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
VirtualAlloc
VirtualFree
RaiseException
LoadLibraryA
CreateEventW
CheckElevationEnabled
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetProcAddress
UnhandledExceptionFilter

gdi32

SetLayout
DeleteDC
GetObjectW
GetObjectA
SetBkMode
SetTextColor
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectW
SelectObject
GetTextMetricsW
DeleteObject
RestoreDC
GetDeviceCaps
CreateBitmap

user32

EndPaint
BeginPaint
GetWindowTextW
GetWindowTextLengthW
MoveWindow
InvalidateRect
DrawTextW
ScreenToClient
GetParent
IsWindowEnabled
TrackMouseEvent
GetDlgItem
SetRect
DestroyWindow
SetFocus
GetScrollPos
ScrollWindow
ScrollWindowEx
SetScrollPos
GetScrollInfo
SetScrollInfo
SendNotifyMessageW
IsWindowVisible
EnableWindow
DrawIcon
GetKeyState
GetFocus
IsIconic
GetWindowRect
MapWindowPoints
FillRect
SystemParametersInfoW
GetSysColor
GetSystemMetrics
LoadImageW
PeekMessageW
MsgWaitForMultipleObjectsEx
GetCursorPos
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
BringWindowToTop
KillTimer
SetTimer
GetDC
ReleaseDC
LoadStringW
CharNextW
SetForegroundWindow
FindWindowExW
IsWindow
LoadIconW
DestroyIcon
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
UnregisterClassA
GetAncestor
PostMessageW
GetWindowLongW
CallWindowProcW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
ShowWindow
UpdateWindow
SetWindowTextW
SetWindowLongW
SendMessageW
GetClientRect

msvcrt

__dllonexit
_lock
_onexit
_unlock
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_CxxThrowException
swprintf_s
__CxxFrameHandler3
_purecall
free
memmove_s
memcpy_s
malloc
memcpy
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_vsnwprintf
_resetstkoflw
wcscat_s
towupper
wcschr
wcsstr
iswspace
wcstol
_wtof
_ftol2_sse
wcscpy_s
wcsncpy_s
vswprintf_s
_vscwprintf
memset
_controlfp

shell32

ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFolderPathW

gdiplus

GdipDrawPath
GdipDrawImageRectI
GdipFillPath
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCreateBitmapFromHICON
GdiplusShutdown
GdiplusStartup
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromFile
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateLineBrushFromRectI
GdipCreateFromHDC
GdipSetSmoothingMode
GdipFillRectangleI
GdipMeasureString
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipCloneImage
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

StrCmpW

ole32

StringFromGUID2
CoGetObject
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

comctl32

ord344

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mcoyoon
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f41047efe93f2963cecbb686bd6d42ab

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

gdiplus

oleaut32

shlwapi

ole32

comctl32

Sections

.text Size: 109KB - Virtual size: 109KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 139KB - Virtual size: 139KB

.reloc Size: 33KB - Virtual size: 34KB

mcoyoon Size: - Virtual size: 4KB

.text
Size: 109KB - Virtual size: 109KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 139KB - Virtual size: 139KB

.reloc
Size: 33KB - Virtual size: 34KB

mcoyoon
Size: - Virtual size: 4KB