1fda768ba1f922c2c5510155e72ca4ebba6ded91fa570c0ed772b082bfc336d5

Sharing

Copy URL Twitter E-mail

General

Target

1fda768ba1f922c2c5510155e72ca4ebba6ded91fa570c0ed772b082bfc336d5
Size

156KB
MD5

6fd06aaf4ffa4b4e623b24430f10b801
SHA1

289361ad275bcc6917dbaf9dd96f5242b0835ec1
SHA256

1fda768ba1f922c2c5510155e72ca4ebba6ded91fa570c0ed772b082bfc336d5
SHA512

9bf994033b99e4b8615d8022c5591d704730f03f44f58eaaaff814f1342e28a9ab0d7edbe95e19af1c384ff7ab5dcb42b1ecfaa99f4463fd4224b8f4ac6ee6eb
SSDEEP

3072:243GpuCF0oTkcB2H8x6vggC0u3sJuRAM+Lx7pqxpktcLE5gQiRTh:2HJ0oTkcBsqnJsMRAM+Lx7pXoEKQMh

Score

N/A

Malware Config

Signatures

Files

1fda768ba1f922c2c5510155e72ca4ebba6ded91fa570c0ed772b082bfc336d5
.exe windows x86

b4978f2e0b82083d4e59bb30bb7ccfc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetFileAttributesW
FlushFileBuffers
GetPrivateProfileIntW
InterlockedExchange
GetNativeSystemInfo
ExpandEnvironmentStringsW
CreateDirectoryW
lstrcmpiA
WTSGetActiveConsoleSessionId
SetFileAttributesW
SetLastError
ResetEvent
GetSystemTime
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetCurrentThread
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
WriteFile
WriteProcessMemory
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualAllocEx
FindClose
RemoveDirectoryW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateThread
MoveFileExW
GetUserDefaultUILanguage
MapViewOfFile
UnmapViewOfFile
CreateRemoteThread
FlushInstructionCache
Process32FirstW
CreateFileMappingW
Process32NextW
GetLocalTime
PeekNamedPipe
GetDriveTypeW
GetLogicalDrives
GetStartupInfoW
CreatePipe
GetWindowsDirectoryW
FindFirstChangeNotificationW
FindNextChangeNotification
SetThreadPriority
GetPrivateProfileStringW
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateFileW
LoadLibraryW
CreateMutexW
GlobalUnlock
GetTickCount
GlobalLock
GlobalMemoryStatusEx
GetVersionExW
GetVolumeInformationA
GetComputerNameW
LoadLibraryA
GetTimeZoneInformation
FreeLibrary
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
VirtualProtect
lstrcmpiW
VirtualProtectEx
GetProcAddress
GetModuleFileNameW
TerminateProcess
Sleep
VirtualFree
GetModuleHandleW
CreateProcessW
GetThreadContext
SetErrorMode
GetCommandLineW
ExitProcess
WaitForMultipleObjects
CreateEventW
SetEvent
WaitForSingleObject
CloseHandle
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext

user32

CharLowerA
DispatchMessageW
CharToOemW
TranslateMessage
ExitWindowsEx
GetCursorPos
GetIconInfo
CharUpperW
MsgWaitForMultipleObjects
LoadImageW
GetShellWindow
GetWindowThreadProcessId
CharLowerBuffA
DrawIcon
CharLowerW
ToUnicode
GetKeyboardState
GetClipboardData
PeekMessageW

advapi32

GetLengthSid
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
EqualSid
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
ConvertSidToStringSidW
IsWellKnownSid
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl

shlwapi

PathRemoveFileSpecW
StrCmpNIW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
StrStrIA
PathFileExistsW
PathQuoteSpacesW
StrStrIW
PathIsURLW
PathRemoveBackslashW
PathRenameExtensionW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoInitializeEx
CLSIDFromString
CoUninitialize
CoCreateInstance
CoGetObject
StringFromGUID2

ws2_32

getaddrinfo
recvfrom
bind
listen
send
closesocket
WSASetLastError
socket
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
select
sendto
recv
freeaddrinfo
WSAEventSelect
getsockname
WSAGetLastError
accept
getpeername

crypt32

CertDeleteCertificateFromStore
CertOpenSystemStoreW
CryptUnprotectData
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CertCloseStore

wininet

GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetOpenA
InternetSetOptionW
InternetCrackUrlA
InternetQueryOptionW
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFileExW
HttpOpenRequestW
HttpOpenRequestA
HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
HttpSendRequestW
DeleteUrlCacheEntryA
InternetWriteFile
InternetSetOptionA
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFileExA
InternetReadFile
InternetConnectW

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4978f2e0b82083d4e59bb30bb7ccfc4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 6KB - Virtual size: 6KB