17c8370b43c3a8b70df55a6b51465dbefa5f986c4313ef39527fe87a924c93d6

Sharing

Copy URL Twitter E-mail

General

Target

17c8370b43c3a8b70df55a6b51465dbefa5f986c4313ef39527fe87a924c93d6
Size

811KB
MD5

03cf708f9fd6e71fbd6e0da0bced0630
SHA1

a09571188b238daef3863bf54110ecbafe3b84a6
SHA256

17c8370b43c3a8b70df55a6b51465dbefa5f986c4313ef39527fe87a924c93d6
SHA512

a9dffbd2bfefe8adba26bbe9a9ac88f79846529f7ddc7f44b295cdc11222d22fba716b3401980aa7b0bf691ec9d94a7756db8a006c46468f5cfbd01c375ae402
SSDEEP

12288:ovg+LKiRwrAP4DyBkdg6vN+d5Ah4xTY2Lm7Us+CtnFHpZyl9TD12mEBGCDd1P:ovtLKiCr64Wkdg6pgEFH6PGJ1

Score

N/A

Malware Config

Signatures

Files

17c8370b43c3a8b70df55a6b51465dbefa5f986c4313ef39527fe87a924c93d6
.exe windows x86

c2e6bbcf8c043d17c74c1e20d80c9247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
CryptAcquireContextW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExA
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptReleaseContext

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CloseHandle
GetVersionExW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
RtlUnwind
InitializeCriticalSection
LoadLibraryA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentProcess
GetModuleHandleW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetProcAddress
InterlockedCompareExchange
LoadLibraryW
LocalFree
GetCommandLineW
GetLastError
GetModuleFileNameW
CreateProcessW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
DuplicateHandle
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateThread
WaitForMultipleObjectsEx
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
WaitForMultipleObjects
WriteFile
CreateFileW
GetFileSize
ReadFile
SetFilePointer
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
FreeResource
FindResourceExW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
RaiseException
InterlockedExchange
GlobalFree
LockResource
GetSystemDefaultLCID
GetSystemTimeAsFileTime
DosDateTimeToFileTime
SetEndOfFile
GetFileAttributesExW
CreateDirectoryW
GetCommandLineA
GetVersionExA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
LocalAlloc

gdi32

GetObjectW
CreateFontIndirectW
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
SelectObject
SetStretchBltMode
StretchBlt
GetStockObject
SetDIBColorTable

msimg32

GradientFill

shlwapi

SHDeleteKeyW
PathAppendW
SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW

shell32

SHFileOperationW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

comctl32

ord17
PropertySheetW
InitCommonControlsEx

user32

DialogBoxParamW
GetWindowLongW
EndDialog
HideCaret
ReleaseDC
LoadIconW
GetDlgItem
EnableWindow
PostQuitMessage
SetWindowTextW
GetWindowRect
MapWindowPoints
InvalidateRect
GetDC
ShowWindow
BeginPaint
EndPaint
IsDlgButtonChecked
IsWindowEnabled
GetMonitorInfoW
SetWindowPos
PostMessageW
LoadStringW
GetParent
FillRect
GetSysColor
MonitorFromWindow
SystemParametersInfoW
MsgWaitForMultipleObjects
DestroyWindow
SetWindowLongW
SendMessageW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VarBstrCmp
SysFreeString
VariantInit

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2e6bbcf8c043d17c74c1e20d80c9247

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

msimg32

shlwapi

shell32

comctl32

user32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 202KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 600KB - Virtual size: 2.4MB

.text
Size: 203KB - Virtual size: 202KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 600KB - Virtual size: 2.4MB