2e29447a9869330ef9483610acbfd29200b6ffd842f2fdc3ca877aee9fdae230

Sharing

Copy URL Twitter E-mail

General

Target

2e29447a9869330ef9483610acbfd29200b6ffd842f2fdc3ca877aee9fdae230
Size

339KB
MD5

07f59c6be28e5d3be57d05c4e8198151
SHA1

db43c12dc095db632d7267860b7ec179228bd6bd
SHA256

2e29447a9869330ef9483610acbfd29200b6ffd842f2fdc3ca877aee9fdae230
SHA512

5e5251d63a8391dbdc12bffb31a36021501785a7710f87002927f50f815f9cfbbf965a94f97110530c7b2e6f5152cc66a135219d7a6b687ab9cac1464e2b3eac
SSDEEP

6144:RoMah58XSo5mD6rdYm5b7fDu+3i1h2BAybkZr1YStrYSYDw:Rozh+Ym5vf/3i6BAyb7StrqDw

Score

N/A

Malware Config

Signatures

Files

2e29447a9869330ef9483610acbfd29200b6ffd842f2fdc3ca877aee9fdae230
.exe windows x86

ca8a9084f9e7c0e958e12d8090cfc614

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
WritePrivateProfileStringW
OutputDebugStringA
GetModuleFileNameW
GetPrivateProfileStringW
lstrlenA
GetFileAttributesW
WideCharToMultiByte
GetPrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileIntW
GetCurrentProcessId
LoadLibraryW
EnterCriticalSection
GetCurrentThreadId
FreeLibrary
GetTempPathW
CreateDirectoryW
InitializeCriticalSection
CopyFileW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
GetSystemDirectoryW
DeleteCriticalSection
CreateProcessW
DeleteFileW
GetCommandLineW
FindFirstFileW
FindNextFileW
FindClose
WriteFile
FileTimeToSystemTime
ReadFile
GetLocalTime
GetFileInformationByHandle
SetFilePointer
SystemTimeToFileTime
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStdHandle
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
OpenProcess
GetModuleHandleW
GetProcAddress
GetExitCodeThread
FlushInstructionCache
Sleep
GetCurrentProcess
TerminateThread
GetTickCount
CreateFileMappingW
LeaveCriticalSection
lstrcpyW
FindResourceExW
LoadResource
LockResource
SizeofResource
CreateThread
WaitForSingleObject
FindResourceW
lstrlenW
GetLastError
CreateFileW
UnmapViewOfFile
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapReAlloc
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileSize
MapViewOfFile
CloseHandle
SetStdHandle

user32

ScreenToClient
SendMessageW
DefWindowProcW
GetSystemMenu
GetDlgItem
SetWindowLongW
EnableWindow
SetDlgItemTextW
GetWindowLongW
MoveWindow
GetMenuItemCount
GetMenuItemID
ShowWindow
GetWindowRect
EnableMenuItem
SetForegroundWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
PostMessageW
GetWindowTextLengthW
wvsprintfW
DialogBoxParamW
UpdateWindow
DrawIcon
InvalidateRect
CallWindowProcW
EndDialog
GetDesktopWindow
CharNextW
wvsprintfA
MessageBoxW
PostQuitMessage
IsWindowVisible
wsprintfA
LoadBitmapW
wsprintfW
ReleaseDC
LoadCursorW
LoadStringW
SetCursor
GetWindowDC
RedrawWindow
EndPaint
GetActiveWindow
GetCursorPos
GetDlgCtrlID
GetWindowTextW
SetWindowTextW
BeginPaint
DestroyWindow
CreateDialogParamW
UnregisterClassA

gdi32

CreateSolidBrush
TextOutW
SetBkMode
SetTextColor
CreateFontW
DeleteObject
BitBlt
CreateCompatibleDC
CreateBitmap
DeleteDC
SetBkColor
SelectObject

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
ShellExecuteA
CommandLineToArgvW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW
PathAppendW

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_LoadImageW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

htons
inet_addr
gethostbyname
connect
WSAAsyncSelect
setsockopt
socket
WSACleanup
closesocket
WSAStartup
WSAGetLastError
send

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca8a9084f9e7c0e958e12d8090cfc614

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

ws2_32

psapi

wininet

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 84KB - Virtual size: 84KB