4ba9c57c1f70a2d971bb28e26f019356ea50e93a531fbda59cd1cda226045364

Sharing

Copy URL Twitter E-mail

General

Target

4ba9c57c1f70a2d971bb28e26f019356ea50e93a531fbda59cd1cda226045364
Size

700KB
MD5

4dc4e321431f7fc40e0f79b67073d370
SHA1

2426f510252578fe52f7def8c4f2e718a1d41386
SHA256

4ba9c57c1f70a2d971bb28e26f019356ea50e93a531fbda59cd1cda226045364
SHA512

7e707e57b9c71e7071dd7cabd8d2a41b4def649b5f6195d58a2e26a14b9539f1ac115429af81e8b70557f80ba617490813df23a66d6f6d3770f89c07ead06aa6
SSDEEP

12288:LTU9VIA1rw2DOO4DSh82agTrsdpzBsl3L4c0S2OBv9y7Srp5:fiIA1rw2DgDQ82agH2zBsl3Lp2OB07SN

Score

N/A

Malware Config

Signatures

Files

4ba9c57c1f70a2d971bb28e26f019356ea50e93a531fbda59cd1cda226045364
.exe windows x64

c4ed04c567043de2279ca06cb6bc0456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
CreateWellKnownSid
BuildExplicitAccessWithNameW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetNamedSecurityInfoW
LookupAccountSidW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid

kernel32

GetDriveTypeW
GetVolumePathNameW
DeleteFileW
GetLocalTime
GetVersionExW
OutputDebugStringW
RaiseException
lstrlenW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetVolumeInformationW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
ExpandEnvironmentStringsA
GetProcAddress
LocalFree
CloseHandle
GetUserDefaultUILanguage
HeapSetInformation
HeapSize
GetLastError
lstrcmpW
GetTimeZoneInformation
MulDiv
GetTimeFormatW
FormatMessageW
GetLocaleInfoW
RegisterApplicationRestart
LoadLibraryA
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetComputerNameW
HeapFree
HeapAlloc
CreateMutexW
GetDateFormatW
GetCommandLineW
ExitProcess
GetFullPathNameW

gdi32

SelectObject
DeleteObject
GetDeviceCaps
StartPage
GetTextMetricsW
GetTextExtentPoint32W
EndPage
StartDocW
EndDoc
CreateFontW

user32

SetWindowTextW
SetWindowLongPtrW
FindWindowExW
LoadStringW
SendDlgItemMessageW
GetDlgItem
GetWindowTextW
InvalidateRect
LoadIconW
EnumWindows
GetWindowLongPtrW
GetParent
SetForegroundWindow
DrawTextW
PostMessageW
GetWindowTextLengthW
DestroyWindow
SendMessageW

msvcrt

_fmode
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_initterm
_vsnwprintf
_beginthread
_endthread
??3@YAXPEAX@Z
__set_app_type
?terminate@@YAXXZ
_local_unwind
_amsg_exit
__setusermatherr
wcstok
_commode
??2@YAPEAX_K@Z
memcpy_s
??_V@YAXPEAX@Z
memset
_acmdln
??_U@YAPEAX_K@Z
memcpy

comctl32

ord345
PropertySheetW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound
SysAllocString
SysFreeString
SysStringLen
VariantClear
SafeArrayGetElement
VariantCopy
VariantInit
SysAllocStringLen
SafeArrayUnaccessData
SysStringByteLen

comdlg32

PrintDlgW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

shell32

CommandLineToArgvW
SHGetKnownFolderIDList
SHCreateItemFromIDList
ord155

secur32

GetUserNameExW

activeds

ord9

imm32

ImmAssociateContext

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4ed04c567043de2279ca06cb6bc0456

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ntdll

ole32

oleaut32

comdlg32

shell32

secur32

activeds

imm32

bcrypt

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 588KB - Virtual size: 2.5MB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 588KB - Virtual size: 2.5MB