185e59fd21ecfc3870d3cb4dbceb566049c4e59a4ecedd4d86c0a6baad7b3e48

Sharing

Copy URL Twitter E-mail

General

Target

185e59fd21ecfc3870d3cb4dbceb566049c4e59a4ecedd4d86c0a6baad7b3e48
Size

342KB
MD5

416bcef7717e69c8a4b3b85a01b1a020
SHA1

627e4ebc8c43e93bd223c886afce8c063cdfdadb
SHA256

185e59fd21ecfc3870d3cb4dbceb566049c4e59a4ecedd4d86c0a6baad7b3e48
SHA512

97fc0385e9aefd711f66cc98e5decb48df72e7cf9ed9d7f6a79a860039d4e0b4bb1dfc59cb8f5e6c54ecc9fd1965776ca8cfe8dfbc7e8527087db66b0f403494
SSDEEP

6144:UGiapYHiQOXCw79IvmR5TF32r4ERln/5zfcgPFEgZa0EXbOJBrZY:diapYHiQOXCw79rh32rzRYkmKPEXKJB+

Score

N/A

Malware Config

Signatures

Files

185e59fd21ecfc3870d3cb4dbceb566049c4e59a4ecedd4d86c0a6baad7b3e48
.exe windows x86

9f4a40868a407a64901a2011b4d68a4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
OpenEventW
CreateMutexW
FreeLibrary
LoadLibraryW
GetCurrentProcess
CreateEventW
WaitForSingleObject
GetVersionExW
MoveFileExW
DeleteFileW
Sleep
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapSize
FindResourceExW
HeapDestroy
RaiseException
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
HeapFree
GetProcessHeap
HeapAlloc
CreateProcessW
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathW
ExpandEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
GetTickCount
CreateThread
FreeLibraryAndExitThread
WaitNamedPipeW
WriteFileEx
ReadFileEx
DisconnectNamedPipe
CancelIo
ConnectNamedPipe
LocalAlloc
CreateNamedPipeW
GetOverlappedResult
ResetEvent
OpenThread
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetCurrentThreadId
LocalFree
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleExW
SetErrorMode
SetLastError
GetProcAddress
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapReAlloc
InitializeCriticalSection

user32

PostThreadMessageW
SendMessageW
KillTimer
OpenDesktopW
CloseDesktop
CreateWindowExW
DefWindowProcW
IsWindow
RegisterClassExW
GetClassInfoExW
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
FindWindowExW
MsgWaitForMultipleObjects
RegisterClassW
GetClassInfoW
PostQuitMessage
RegisterWindowMessageW
SendMessageTimeoutW
DestroyWindow
TranslateMessage
DispatchMessageW

advapi32

FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclW
GetTokenInformation
OpenProcessToken
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

shell32

CommandLineToArgvW
ShellExecuteExW
ord165
SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

shlwapi

StrStrW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

msvcr110

_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
__CxxFrameHandler3
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
memset
free
swprintf_s
_wcslwr_s
_wsplitpath_s
_wcsupr_s
wcsstr
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wcsrchr
vswprintf_s
wcschr
??_V@YAXPAX@Z
_waccess_s
_itow_s
_waccess
wmemcpy_s
memmove_s
memcpy_s
_purecall
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
__RTDynamicCast
_cexit
memcpy

imm32

ImmDisableIME

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f4a40868a407a64901a2011b4d68a4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp110

shlwapi

msvcr110

imm32

wintrust

crypt32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 92KB - Virtual size: 96KB