b2b9c46b8b9039a4da2b034428587e246252980644822a010e0d76298bb23285

Sharing

Copy URL

Twitter E-mail

General

Target

b2b9c46b8b9039a4da2b034428587e246252980644822a010e0d76298bb23285
Size

200KB
MD5

40975cf6e4d831198dd562d8a1f070c0
SHA1

fc79a4c2aa10358c6347831a7bee0e8aa8a008e2
SHA256

b2b9c46b8b9039a4da2b034428587e246252980644822a010e0d76298bb23285
SHA512

2e0ba6e2b1e1a4dc967e14c5e4df6ea03421dc66a0b28b2872085474887ca7aa41b8a535b913ebb3434259770f65f7ef7ee8754c4d7cd9ad5cd9e5fe38b811b4
SSDEEP

6144:BVWqqDLFSHBzhdDrbJrgKbQqygLuozP8xhnesFw/nlEo:BVTqnFkrbJrgcQNqEeuwN

Score

N/A

Malware Config

Signatures

Files

b2b9c46b8b9039a4da2b034428587e246252980644822a010e0d76298bb23285
.exe windows x86

b16448c24c3b4f25bf2ffa3e0a25835e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
CreateDirectoryW
GetProcessHeap
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
WriteFile
GetTempPathW
GetFileSizeEx
OpenMutexW
SetLastError
GetEnvironmentVariableW
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
SetHandleInformation
CreatePipe
GlobalLock
GlobalUnlock
WTSGetActiveConsoleSessionId
GetNativeSystemInfo
CreateRemoteThread
Process32FirstW
Process32NextW
GetPrivateProfileStringW
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
WaitForMultipleObjects
GetProcAddress
GetVersionExW
GetCurrentProcess
ResetEvent
TerminateProcess
TlsSetValue
TlsGetValue
lstrcmpiA
ExitThread
GetProcessId
SetThreadContext
GetThreadContext
LoadLibraryW
FreeLibrary
GetPrivateProfileIntW
FlushFileBuffers
VirtualProtectEx
CreateFileW
VirtualFreeEx
GetModuleHandleW
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
IsBadReadPtr
VirtualFree
ExpandEnvironmentStringsW
CreateThread
GetSystemTime
GetLocalTime
GetLastError
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
InitializeCriticalSection
GetUserDefaultUILanguage
lstrcmpiW
GetModuleFileNameW
GetFileAttributesW
Sleep
GetTickCount
MoveFileExW
TlsFree
CloseHandle
TlsAlloc
GetCurrentThreadId
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
lstrlenW

user32

SetCapture
BeginPaint
GetUpdateRect
GetCapture
TranslateMessage
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
GetWindowDC
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetKeyboardLayoutList
MessageBoxA
ExitWindowsEx
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
IntersectRect
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
GetMessageW
GetUpdateRgn
GetMessageA
MapVirtualKeyW
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
GetSystemMetrics
GetKeyboardState
ToUnicode
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetWindowLongW
CharLowerA
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
FillRect
DispatchMessageW
PostMessageW
GetWindowInfo
CreateWindowStationW
DrawEdge
MenuItemFromPoint
GetDC
GetMenu
EqualRect
PrintWindow
IsRectEmpty
CharLowerW
CharLowerBuffA
DrawIcon
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
GetIconInfo
GetMenuItemID
EndPaint
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
GetProcessWindowStation

advapi32

InitiateSystemShutdownExW
IsWellKnownSid
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
CreateProcessAsUserA
CreateProcessAsUserW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW
EqualSid
ConvertSidToStringSidW

shlwapi

SHDeleteKeyW
StrCmpNIW
PathQuoteSpacesW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
PathRemoveFileSpecW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
StrStrIA
PathRemoveBackslashW
PathIsURLW
PathRenameExtensionW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
GetDIBits
CreateDIBSection
CreateCompatibleDC

ws2_32

WSASend
getaddrinfo
inet_addr
getpeername
freeaddrinfo
recv
sendto
getsockname
select
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
closesocket
gethostbyname
send
accept
WSAEventSelect
listen
WSASetLastError
socket
bind
recvfrom

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpSendRequestExA
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExW
InternetCloseHandle
InternetConnectA
InternetSetStatusCallbackA
HttpQueryInfoA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b16448c24c3b4f25bf2ffa3e0a25835e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB