562703a7eb4c6b6e81916d9bf58738cae793c0511243e49dfbd495de12221ba9

Sharing

Copy URL Twitter E-mail

General

Target

562703a7eb4c6b6e81916d9bf58738cae793c0511243e49dfbd495de12221ba9
Size

561KB
MD5

3577e28cb9eb04c27a6a09c836dd057d
SHA1

0bdf323c3c08760048d23bd3ff3ab8079b3ef7c3
SHA256

562703a7eb4c6b6e81916d9bf58738cae793c0511243e49dfbd495de12221ba9
SHA512

0d5f28653e20a8d5d1cef1a5c58a49e0c2eef8afc126d5749d4aa9ef15dc484c7669b7ad3ac57547f9ca0343362c646cfc3a5c67b4e8ff8da8bf6d08b231e0a0
SSDEEP

6144:y3pw7Lci3okY8r7f43wv/gMMEjTLvEFjpJNoSgz9SSYgsR0qGRpn9r:spf+o3IcwHgAXLGYY3GFr

Score

N/A

Malware Config

Signatures

Files

562703a7eb4c6b6e81916d9bf58738cae793c0511243e49dfbd495de12221ba9
.exe windows x86

b2ed0a6bc2bbda68e75ff0bfc6fc807a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA

user32

DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
PeekMessageA
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
CharNextA
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
wsprintfA
GetSystemMetrics
UnregisterClassA
LoadImageA
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetGetConnectedState
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetOpenA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpSendRequestA
InternetErrorDlg
HttpQueryInfoA
InternetTimeToSystemTime
InternetReadFile
InternetCloseHandle
InternetTimeFromSystemTime

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

InterlockedExchange
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetStdHandle
CompareStringW
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetEnvironmentVariableA
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetEnvironmentVariableA
GetSystemInfo
GetVersionExA
GetTempPathA
GetThreadLocale
GetSystemTime
OpenEventA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetUnhandledExceptionFilter
CompareStringA
ExitProcess
HeapReAlloc
LoadLibraryA
GetProcAddress
CreatePipe
SetHandleInformation
ReadFile
GetModuleHandleA
LoadLibraryExA
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
lstrlenA
WaitForSingleObject
CloseHandle
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
GetLastError
FileTimeToSystemTime
GetFileTime
GetFileSize
CreateFileA
lstrcatA
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LoadResource
CreateFileW

ole32

OleLockRunning
CoGetClassObject
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoUninitialize
CoInitialize
StringFromCLSID
CLSIDFromProgID

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b2ed0a6bc2bbda68e75ff0bfc6fc807a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 213KB - Virtual size: 213KB

.krdata Size: 68KB - Virtual size: 68KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 213KB - Virtual size: 213KB

.krdata
Size: 68KB - Virtual size: 68KB