690f568a08418de7a9418463a55453dca262b4439a497c11cce89b5267c499eb

Sharing

Copy URL Twitter E-mail

General

Target

690f568a08418de7a9418463a55453dca262b4439a497c11cce89b5267c499eb
Size

1.0MB
MD5

67933e7fbcc3728960ef154b202dd4e7
SHA1

700634da5ac844bbc62f310d92bff1ebc1d05318
SHA256

690f568a08418de7a9418463a55453dca262b4439a497c11cce89b5267c499eb
SHA512

eb9afb40d13cf9c60870c8439310b26d9daac8bd399c41ffc32c73b27ca125d4c178295388aecf797e76d47db5a7939edadb296d7d9ff20cd1793f242792949c
SSDEEP

24576:xUK7fx4h1ZCYUKnxOIWI4RTEGtGL1dHjk2XycDIeQK:OmKnxOLvGLbHjk2XHDIeQK

Score

N/A

Malware Config

Signatures

Files

690f568a08418de7a9418463a55453dca262b4439a497c11cce89b5267c499eb
.exe windows x86

15e43d1777c34261b455f0debd700d43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetReadFile

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

GetModuleHandleW
WriteFile
MultiByteToWideChar
LoadLibraryExW
CreateFileW
OutputDebugStringW
Sleep
SetFilePointer
GetCommandLineW
OpenMutexW
OpenEventW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetTickCount
lstrlenA
InterlockedCompareExchange
SwitchToThread
SetThreadPriority
FindClose
FindFirstFileW
GetCurrentThread
CreateThread
CreateDirectoryW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
GetFileSize
ReadFile
WideCharToMultiByte
GetSystemTime
GetVersionExW
GetCurrentThreadId
GetThreadPriority
GetExitCodeThread
TerminateThread
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
Module32FirstW
Module32NextW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
SystemTimeToFileTime
GetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
MapViewOfFileEx
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
FreeLibrary
GetProcAddress
lstrcpyW
LoadLibraryW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
OpenProcess
GetSystemTimeAsFileTime
TerminateProcess
DeleteFileW
GetModuleFileNameW
WaitForMultipleObjects
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
CreateEventW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetLastError
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
GetLocaleInfoW
SetEndOfFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
RtlUnwind
ExitThread
GetStartupInfoW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetModuleFileNameA
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
ExitProcess
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetVersionExA
HeapDestroy

user32

DispatchMessageW
wsprintfW
GetMessageW
UnregisterClassA
LoadStringW
PostThreadMessageW
MessageBoxW
CharUpperW
TranslateMessage
PeekMessageW
GetForegroundWindow
CharNextW

advapi32

RegisterEventSourceW
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
FreeSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
RegOpenCurrentUser
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegNotifyChangeKeyValue
ChangeServiceConfigW
CreateProcessAsUserW
ControlService
DeleteService
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
CreateServiceW
SetServiceStatus
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHFileOperationW

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc

oleaut32

VarI4FromStr
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathMatchSpecW
PathFileExistsW
PathRemoveExtensionW
PathCombineW
PathAppendW

dbghelp

ImageDirectoryEntryToData

Sections

.text
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15e43d1777c34261b455f0debd700d43

Headers

File Characteristics

Imports

wininet

userenv

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

dbghelp

Sections

.text Size: 456KB - Virtual size: 452KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 1KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 456KB - Virtual size: 452KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB

.vmp0
Size: 500KB - Virtual size: 1.6MB