e049c7a5fec2d26c42a880c22b0d8a8bc9882c899b9c8a36025c0a199e14ee5b

Sharing

Copy URL Twitter E-mail

General

Target

e049c7a5fec2d26c42a880c22b0d8a8bc9882c899b9c8a36025c0a199e14ee5b
Size

552KB
MD5

7b21cae24946bf7aeef28b4e2bf23860
SHA1

9a3498a6c9dc5992972cfadbbc0c52264637b3a2
SHA256

e049c7a5fec2d26c42a880c22b0d8a8bc9882c899b9c8a36025c0a199e14ee5b
SHA512

007b2f113e94654ec30e6ddace79b5619ebb8b7d785256c8f6c8187d3a35eb02ea1f33fc01c1ae9c690a535876fb409303a15907206885d1e434cdcab6ba977c
SSDEEP

12288:5yxqZVQQxfnr+T8/trNWxvJWnaMwdM5llBG:5yWVQQxfnr+T8/trIvUncdM5ll

Score

N/A

Malware Config

Signatures

Files

e049c7a5fec2d26c42a880c22b0d8a8bc9882c899b9c8a36025c0a199e14ee5b
.exe windows x86

d2491c37a73fa2786fde9e104ede9a73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

kernel32

WideCharToMultiByte
ResetEvent
lstrcpyA
InterlockedExchange
GetModuleHandleA
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
FreeLibrary
lstrcmpA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetVolumeInformationA
LeaveCriticalSection
FindClose
LocalFree
FindFirstFileA
LocalAlloc
MoveFileA
GetVersion
DeviceIoControl
Sleep
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
LoadLibraryA
Process32Next
OpenProcess
GetStartupInfoA
GetModuleFileNameA
GetLogicalDriveStringsA
GlobalAlloc
GetProcAddress

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
GetDesktopWindow
GetDC
SetRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
SystemParametersInfoA
BlockInput
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
ExitWindowsEx
CharNextA
wsprintfA
CreateDialogParamA
ShowWindow
SetWindowPos
GetDlgItemTextA
SetDlgItemTextA
mouse_event
CloseClipboard
GetDlgItem
SendMessageA
CloseWindow
DispatchMessageA
CreateWindowExA
GetMessageA
TranslateMessage

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

advapi32

RegDeleteKeyA
LookupAccountNameA
LsaClose
RegOpenKeyA
RegDeleteValueA
LsaRetrievePrivateData
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
IsValidSid

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString

msvcrt

free
malloc
strchr
strcmp
strcat
_purecall
memcmp
_except_handler3
strrchr
exit
atoi
strncmp
strncpy
_errno
wcscpy
strncat
_beginthreadex
sprintf
vsprintf
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnicmp
_strcmpi
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
strcpy
strstr
strlen
_ftol
ceil
memmove
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
??1type_info@@UAE@XZ

winmm

waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInReset
waveOutWrite
waveInStop
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInStart

ws2_32

ntohs
recv
select
send
inet_ntoa
inet_addr
getsockname
bind
getpeername
accept
listen
sendto
recvfrom
__WSAFDIsSet
gethostname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
closesocket
socket
gethostbyname
htons

urlmon

URLDownloadToFileA

netapi32

NetUserAdd
NetLocalGroupAddMembers

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2491c37a73fa2786fde9e104ede9a73

Headers

File Characteristics

Imports

avicap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

winmm

ws2_32

urlmon

netapi32

psapi

wtsapi32

Sections

.text Size: 396KB - Virtual size: 393KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 473KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 396KB - Virtual size: 393KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 473KB

.rsrc
Size: 88KB - Virtual size: 88KB