246f47dc113b771643b279362df637fc1eaa402f2797729cfc2ef792f30f7196

Sharing

Copy URL Twitter E-mail

General

Target

246f47dc113b771643b279362df637fc1eaa402f2797729cfc2ef792f30f7196
Size

632KB
MD5

6ffde252c4d5d4180d08cc30e01dfe00
SHA1

0e0cdb53b8222cea341ad070fe2db4c6f3a7121a
SHA256

246f47dc113b771643b279362df637fc1eaa402f2797729cfc2ef792f30f7196
SHA512

d5789427c3b928b319070641cb2fd5efacdc59ee50a3845615b9250f68563ab87c1a990f653776ae85ea6c2280f4b867757c5638ac50567eb373f950547b616a
SSDEEP

12288:dBI2iWlwgqeESDaDwfBTgCO6xlwm1wGQNSKkGLPbIj4:dSnpwpTgCOews/QHkQPkk

Score

N/A

Malware Config

Signatures

Files

246f47dc113b771643b279362df637fc1eaa402f2797729cfc2ef792f30f7196
.exe windows x86

c34ace5094185ef795cebb7ccb97e7f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateEventW
OpenEventW
DebugBreak
OutputDebugStringW
lstrlenA
CreateThread
WritePrivateProfileStringW
GetPrivateProfileStringW
GetDriveTypeW
DeleteFileW
CreateDirectoryW
FindClose
FindFirstFileW
MoveFileW
Sleep
TerminateThread
TerminateProcess
CopyFileW
GetFileAttributesW
GetVersionExW
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
SetThreadAffinityMask
GetCurrentThread
DeviceIoControl
CreateFileA
CreateFileW
GetSystemInfo
SetUnhandledExceptionFilter
SuspendThread
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
GetConsoleMode
GetConsoleCP
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetEvent
GetLocalTime
GetCurrentProcessId
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FreeLibrary
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
OpenMutexW
CloseHandle
CreateMutexW
GetLastError
GetPrivateProfileIntW
LoadLibraryW
GetProcAddress
GetLocaleInfoA

user32

LoadStringW
PostMessageW
FindWindowW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadImageW
FindWindowExW
GetWindowDC
ReleaseDC
InflateRect
CharLowerW
CreateWindowExW
DestroyWindow
SetWindowLongW
UpdateWindow
ShowWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharNextW
wvsprintfW
SystemParametersInfoW
SetWindowRgn
LoadIconW
SetTimer
GetSystemMetrics
ScreenToClient
TrackMouseEvent
TrackPopupMenu
ClientToScreen
AppendMenuW
CreatePopupMenu
ReleaseCapture
GetCapture
DrawTextW
PostQuitMessage
wsprintfW
SetWindowTextW
MessageBoxW
GetWindowLongW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
IsWindowVisible
UnregisterClassA
KillTimer
SetCapture
GetParent
OffsetRect
SetRectEmpty
SetRect
PtInRect
CopyRect
EndPaint
BeginPaint
CallWindowProcW
EndDialog
DialogBoxParamW
DefWindowProcW
CreateDialogParamW
DrawIcon
GetMessagePos
GetCursorPos
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SendMessageW
SetParent

gdi32

SelectObject
DeleteDC
BitBlt
SetBkColor
ExtTextOutW
SetBkMode
DeleteObject
GetStockObject
SetViewportOrgEx
CreateFontIndirectW
CreateRectRgn
ExtCreateRegion
GetTextExtentPoint32W
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW

shell32

SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrCpyW
StrCatW
PathAppendW
PathRemoveExtensionW
PathFileExistsW
PathIsDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipCloneImage
GdipBitmapLockBits
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipBitmapUnlockBits
GdipDisposeImage

urlmon

URLDownloadToFileW

netapi32

Netbios

wininet

DeleteUrlCacheEntryW
InternetCheckConnectionW
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

wintrust

WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c34ace5094185ef795cebb7ccb97e7f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

urlmon

netapi32

wininet

wintrust

Sections

.text Size: 324KB - Virtual size: 324KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 251KB - Virtual size: 252KB

.text
Size: 324KB - Virtual size: 324KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 251KB - Virtual size: 252KB