f4b54c6b7f62071eb0ed98e67a610199a135188e391ceda017c5b12cf03afa52

Sharing

Copy URL

Twitter E-mail

General

Target

f4b54c6b7f62071eb0ed98e67a610199a135188e391ceda017c5b12cf03afa52
Size

201KB
MD5

0409620c4356adbec68ff60e2b5d47e2
SHA1

36504ba064e13304099fc7882ffc49f8ae878cf0
SHA256

f4b54c6b7f62071eb0ed98e67a610199a135188e391ceda017c5b12cf03afa52
SHA512

16a5899b8c611c715146bf77741e5eff9d4e9cdf26867e547c05a75fe0bb7864616d3534d7d1a935947ae6df4101b3a32d4a8411be6f76be76c2b8b417b8797e
SSDEEP

3072:mFPlX1/xl0IXHvrPADAxNDcgCtLF5lktYlVGsavKCjKEOnC:mF9X1/xl3rPADAxJothQtltvK7nC

Score

N/A

Malware Config

Signatures

Files

f4b54c6b7f62071eb0ed98e67a610199a135188e391ceda017c5b12cf03afa52
.exe windows x86

86d899f4f1c9c13eebb3bf8aafe1eb30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetFileTime
CreateDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
FlushFileBuffers
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
OpenProcess
CreateProcessW
GetVolumeNameForVolumeMountPointW
GetOverlappedResult
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetEndOfFile
GetSystemTime
GetEnvironmentVariableW
GetCurrentProcessId
CreateEventW
GetModuleFileNameW
DuplicateHandle
SetErrorMode
GetVersionExW
ExitProcess
GetFileAttributesExW
SetEvent
ReadProcessMemory
lstrcatW
WriteFile
InitializeCriticalSection
SetThreadContext
GetThreadContext
GetProcessId
LeaveCriticalSection
EnterCriticalSection
Process32NextW
Process32FirstW
CreateRemoteThread
DeleteCriticalSection
GetLocalTime
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNativeSystemInfo
GetUserDefaultUILanguage
MoveFileExW
GlobalUnlock
GlobalLock
GetCurrentThreadId
TlsSetValue
TlsGetValue
TerminateProcess
ResetEvent
MapViewOfFile
CreateFileMappingW
TlsAlloc
UnmapViewOfFile
TlsFree
WriteProcessMemory
VirtualQueryEx
MulDiv
WaitForMultipleObjects
GetTempPathW
GetTempFileNameW
SetFileAttributesW
DeleteFileW
SetFilePointerEx
GetFileSizeEx
VirtualAlloc
VirtualFree
CreateFileW
ReadFile
VirtualFreeEx
IsBadReadPtr
LoadLibraryA
VirtualAllocEx
lstrcpyW
VirtualProtectEx
SetLastError
OpenMutexW
ReleaseMutex
CreateMutexW
LocalFree
LoadLibraryW
FreeLibrary
CreateThread
GetModuleHandleW
GetProcAddress
GetLastError
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CloseHandle
lstrcmpiW
Sleep
GetTickCount
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcessHeap
lstrcmpiA
GetCurrentThread
SetThreadPriority
OpenEventW
WaitForSingleObject

user32

DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefMDIChildProcW
DefMDIChildProcA
CallWindowProcW
CallWindowProcA
RegisterClassW
RegisterClassA
RegisterClassExW
RegisterClassExA
CreateWindowStationW
OpenWindowStationW
SetProcessWindowStation
GetProcessWindowStation
CreateDesktopW
SetThreadDesktop
CloseWindowStation
CloseDesktop
EqualRect
DefWindowProcW
PrintWindow
PeekMessageA
GetMenuItemCount
GetMessageW
GetCapture
ReleaseCapture
SetCapture
SetCursorPos
GetCursorPos
GetMessagePos
GetClassLongW
GetAncestor
GetWindowRect
DefWindowProcA
MapWindowPoints
SetWindowPos
SendMessageW
GetParent
GetWindowThreadProcessId
IsWindow
GetWindowInfo
MapVirtualKeyW
PostMessageW
GetSystemMetrics
GetClipboardData
GetKeyboardState
ToUnicode
GetMenuState
HiliteMenuItem
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuItemID
BeginPaint
SetKeyboardState
SwitchDesktop
OpenDesktopW
OpenInputDesktop
GetShellWindow
SystemParametersInfoW
RegisterWindowMessageW
GetThreadDesktop
GetUserObjectInformationW
GetClassNameW
PostThreadMessageW
IntersectRect
FillRect
GetUpdateRgn
GetUpdateRect
IsRectEmpty
GetMenu
GetWindowDC
GetDCEx
EndPaint
GetMessageA
CharLowerBuffA
CharLowerA
DispatchMessageW
ExitWindowsEx
CharToOemW
GetDC
ReleaseDC
LoadImageW
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
SendMessageTimeoutW
GetWindowLongW
SetWindowLongW
GetTopWindow
GetWindow
CharUpperW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DrawEdge

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetNamedSecurityInfoW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
CreateProcessAsUserW
GetLengthSid
ConvertSidToStringSidW
InitiateSystemShutdownExW

shlwapi

PathIsURLW
StrCmpNIW
PathQuoteSpacesW
PathRenameExtensionW
PathIsDirectoryW
PathMatchSpecW
UrlUnescapeA
PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAddExtensionW
wvnsprintfW
PathCombineW
PathUnquoteSpacesW
PathSkipRootW
StrCmpNIA
SHDeleteValueW
SHDeleteKeyW
PathIsRelativeW
wvnsprintfA

shell32

ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

ole32

CLSIDFromString
StringFromGUID2

gdi32

CreateFontIndirectW
GetDIBits
GetObjectW
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
SelectObject
RestoreDC
SetViewportOrgEx
SaveDC
DeleteDC
CreateCompatibleDC
GdiFlush
SetRectRgn
GetDeviceCaps

comctl32

InitCommonControlsEx

ws2_32

WSAStringToAddressW
WSAAddressToStringW
getsockname
WSAGetLastError
setsockopt
WSAIoctl
shutdown
accept
WSASetLastError
bind
listen
getaddrinfo
freeaddrinfo
socket
connect
closesocket
send
select
recv
WSACleanup
WSAStartup

wininet

InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpSendRequestExA
InternetReadFileExA
InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetCrackUrlA
InternetReadFile
InternetQueryOptionW
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCloseHandle

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86d899f4f1c9c13eebb3bf8aafe1eb30

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

psapi

ole32

gdi32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: 157KB - Virtual size: 156KB

code Size: 13KB - Virtual size: 13KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 10KB

.idata Size: 11KB - Virtual size: 10KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 157KB - Virtual size: 156KB

code
Size: 13KB - Virtual size: 13KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 10KB

.idata
Size: 11KB - Virtual size: 10KB

.reloc
Size: 6KB - Virtual size: 5KB