1680e4ef3fc4907ae32a8b71bd4f504f6b01cc18e49332a829c12d0ec92af435

Sharing

Copy URL Twitter E-mail

General

Target

1680e4ef3fc4907ae32a8b71bd4f504f6b01cc18e49332a829c12d0ec92af435
Size

274KB
MD5

0166f3fe998569e01c45813b34673910
SHA1

987b0612bea8cb441e87190ef22e81285c2633d8
SHA256

1680e4ef3fc4907ae32a8b71bd4f504f6b01cc18e49332a829c12d0ec92af435
SHA512

d8d31b1016695a67bcb973a5bed93c023fce0c3b3eba455fc540fd04ed843da32cb646c44926a91267f35e05e7b725e256c4f66917f1c8d5211f358efe94b31c
SSDEEP

3072:4UFUu8m5Y3FazXSkRCsg63ybfsggSB7tUrYfNWUHJSFvtpda5B+wttHhVKhQAsTk:4Ju8mKwhRCsgxbfvBNuNcfBtHhohPFd

Score

N/A

Malware Config

Signatures

Files

1680e4ef3fc4907ae32a8b71bd4f504f6b01cc18e49332a829c12d0ec92af435
.exe windows x86

0c2b1d36ab901d8cacfb10c7841aed24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultUILanguage
DebugBreak
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetTickCount
Sleep
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
VirtualFreeEx
DeleteFileW
GetPrivateProfileIntW
ReadProcessMemory
WritePrivateProfileStringW
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WaitForSingleObject
GetTempFileNameW
TerminateProcess
MoveFileExW
FindFirstFileW
FindNextFileW
SetLastError
FindClose
RemoveDirectoryW
GetFileAttributesW
CreateDirectoryW
GetLastError
SetFilePointer
GetVersion
LoadLibraryW
GetCurrentProcessId
QueryDosDeviceW
GetSystemDirectoryW
GetModuleFileNameW
FreeLibrary
GetVersionExW
MultiByteToWideChar
CreateMutexW
SetEvent
GetLocalTime
ReleaseMutex
MoveFileW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetFullPathNameW
GetCurrentThreadId
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
VirtualFree
VirtualAlloc
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
FlushFileBuffers
WriteConsoleA
VirtualQuery

user32

RegisterClassExW
UnregisterClassA
LoadIconW
LoadCursorW
PostQuitMessage
ScreenToClient
ClientToScreen
SendMessageTimeoutW
InvalidateRect
GetClientRect
FindWindowExW
FindWindowW
MessageBoxW
ShowWindow
GetWindowThreadProcessId
GetDesktopWindow
SendMessageW
ExitWindowsEx
GetParent
DefWindowProcW
LoadStringW
CreateWindowExW

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteW

oleaut32

VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
SHDeleteKeyW
SHDeleteValueW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c2b1d36ab901d8cacfb10c7841aed24

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

ole32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 100KB - Virtual size: 100KB