bde0fda33a78f0b58212a525935398b8017a3843d469a57ddadb7308f0ffea0c

Sharing

Copy URL

Twitter E-mail

General

Target

bde0fda33a78f0b58212a525935398b8017a3843d469a57ddadb7308f0ffea0c
Size

1.1MB
MD5

702aa0bd49e69a2245e970815d2a9cc0
SHA1

3211126adc4b83fc328d1aace5227a0bc42f9571
SHA256

bde0fda33a78f0b58212a525935398b8017a3843d469a57ddadb7308f0ffea0c
SHA512

9aaa3790ff1adcae02c702ff6bdddaf7ceb517196339515119c3cbb3aa650935cbfe69ca2810bfd6fbd906e93a539f3c6dbb94ea1e98086866e73d7542c96b21
SSDEEP

24576:+E0WhAYDgYF1ivJQB6QRqk4DaIGgK8eyh4FBTz5D1oJo6ONhya1/G4vhMq:IYFkJQBeaKo6Iya1dvhMq

Score

N/A

Malware Config

Signatures

Files

bde0fda33a78f0b58212a525935398b8017a3843d469a57ddadb7308f0ffea0c
.exe windows x86

4ca90419eb7a5f1d55038837b168a809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueW
PathFileExistsW

kernel32

GetFileAttributesExW
GetCurrentProcessId
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Module32FirstW
RemoveDirectoryW
Process32FirstW
GetFileAttributesW
GetExitCodeProcess
CopyFileW
CreateDirectoryW
GetFileSizeEx
GetFullPathNameW
DeleteFileW
SetCurrentDirectoryW
GetConsoleScreenBufferInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ProcessIdToSessionId
FindClose
GetProcAddress
GetCurrentDirectoryW
GetStdHandle
LocalFree
lstrlenW
TerminateProcess
GetVersionExW
Sleep
LoadLibraryW
OpenProcess
GetModuleHandleW
WaitForSingleObject
VerSetConditionMask
GetACP
GetCurrentProcess
DeviceIoControl
GetSystemInfo
GetSystemDirectoryW
WideCharToMultiByte
CompareFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualQuery
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LockResource
QueryDosDeviceW
FreeLibrary
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
LCMapStringW
InterlockedExchange
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetStringTypeW
RtlUnwind
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableW
HeapReAlloc
SetFilePointer
GetConsoleCP
FlushFileBuffers
SetStdHandle
ReadFile
FormatMessageA
SetConsoleTextAttribute
CreateProcessW
FindFirstFileW
CloseHandle
GetLastError
MultiByteToWideChar
CreateFileW
WriteFile
VerifyVersionInfoW

user32

GetSystemMetrics
GetWindowThreadProcessId
CreateDesktopW
OpenWindowStationW
SwitchDesktop
EnumWindowStationsW
CharUpperW
CloseDesktop
EnumDesktopsW
OpenDesktopW
CloseWindowStation
EnumDesktopWindows
CharLowerW

shell32

DoEnvironmentSubstW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance

advapi32

CryptHashData
CryptDestroyHash
CryptDecrypt
SetSecurityInfo
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
IsTextUnicode
GetSecurityInfo
RegDeleteValueW
RegEnumValueW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
RegSetValueW
StartServiceW
ChangeServiceConfigW
ControlService
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
InitializeAcl
LookupPrivilegeValueW
SetNamedSecurityInfoW
RegSetValueExW
RegCloseKey
InitiateSystemShutdownW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
CryptDestroyKey
CryptCreateHash
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW

wininet

InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
InternetOpenW
InternetCloseHandle

netapi32

NetApiBufferFree
NetWkstaGetInfo

wintrust

WinVerifyTrust

psapi

GetModuleFileNameExW

wtsapi32

WTSQuerySessionInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca90419eb7a5f1d55038837b168a809

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

shell32

ole32

advapi32

wininet

netapi32

wintrust

psapi

wtsapi32

version

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 264KB - Virtual size: 424KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 264KB - Virtual size: 424KB