d2d58619f69e702def59f20ed4545142a78e99f1556206619f0b6ba3fa4ba37b

Sharing

Copy URL Twitter E-mail

General

Target

d2d58619f69e702def59f20ed4545142a78e99f1556206619f0b6ba3fa4ba37b
Size

654KB
MD5

6000500b5c597e73207bc9d9f4107f10
SHA1

3f0dbc67d721228629e5bada8b937f10c0c9b403
SHA256

d2d58619f69e702def59f20ed4545142a78e99f1556206619f0b6ba3fa4ba37b
SHA512

22ff8e41775cb37415f61f6873e1e53a57b1e3e951b74e94d16ad812d764f2691254018e621d12c5a4d2e12c3cf4ff598c521e472e03a88bd46a1ec075d26179
SSDEEP

12288:ZfT5I7LT7ebirlxMn4gsvhMuOvny8f+N1ZNQFyGBWTwns5i+MeSsPd5:ZO5rgn4XbOWQFfQTN5iZeSob

Score

N/A

Malware Config

Signatures

Files

d2d58619f69e702def59f20ed4545142a78e99f1556206619f0b6ba3fa4ba37b
.exe windows x86

ef4d3af52ff8fc30311546fdd1085c04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSACleanup
WSAStartup
getservbyname
socket
connect
closesocket
send
recv
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons

dnsapi

DnsQuery_W
DnsFree

wininet

HttpEndRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
HttpSendRequestExW
InternetCloseHandle
InternetWriteFile

rpcrt4

RpcStringFreeA
UuidToStringA

psapi

GetProcessMemoryInfo

gdi32

CreateDCW
GetDIBits
TextOutW
CreateFontW
CreateRectRgn
SelectClipRgn
BitBlt
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
SetViewportOrgEx
SetDIBits
GetDIBColorTable
SetLayout
DeleteObject
SelectObject
CreatePalette
SetBkMode
SetTextColor
DeleteDC
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
Polygon
CreateSolidBrush
SetBkColor
CreateHalftonePalette
GetObjectW

shell32

SHFileOperationW
ExtractIconW
ShellExecuteW
CommandLineToArgvW
SHGetFileInfoW
Shell_NotifyIconW
SHGetSpecialFolderPathW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetStartupInfoW
HeapSetInformation
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetSystemDirectoryA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryA
GetProcessId
GlobalLock
GlobalUnlock
lstrlenW
InterlockedDecrement
OpenFileMappingW
CreateFileMappingW
CloseHandle
UnmapViewOfFile
InterlockedIncrement
GetSystemInfo
MapViewOfFile
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
SystemTimeToFileTime
GetModuleHandleW
MultiByteToWideChar
lstrlenA
DebugBreak
OutputDebugStringW
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringW
GlobalFree
FormatMessageW
GlobalAlloc
GetFileAttributesW
GetLastError
CreateDirectoryW
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
CreateEventW
lstrcpyW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
WideCharToMultiByte
GetSystemTime
FileTimeToSystemTime
GetProcessTimes
OpenProcess
GetFileSizeEx
CreateFileW
RaiseException
FlushInstructionCache
GetCurrentThreadId
lstrcmpiW
MulDiv
CompareStringW
lstrcmpW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateMutexW
GetCommandLineW
GetVersionExW
lstrcpynW
CreateProcessW
ReadFile
GetFileInformationByHandle
WriteFile
CreateThread
InitializeCriticalSection

user32

DrawTextExA
CharUpperW
SetScrollInfo
GetScrollInfo
PostMessageW
DialogBoxParamW
PostQuitMessage
LoadIconW
CopyRect
AdjustWindowRectEx
IsDialogMessageW
EnableWindow
KillTimer
SetTimer
GetMenu
GetIconInfo
DrawTextExW
DrawIcon
GetActiveWindow
GetSubMenu
TrackPopupMenu
LoadMenuW
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SetMenuItemInfoW
CheckMenuRadioItem
DeleteMenu
EndDialog
MessageBoxW
UnregisterClassA
LoadImageW
GetDesktopWindow
GetSysColorBrush
GetKeyState
CreateDialogParamW
GetClassNameW
LoadCursorW
GetSysColor
GetFocus
EnumWindows
GetCapture
ReleaseCapture
ReleaseDC
AnimateWindow
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextW
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
DestroyWindow
SetRectEmpty
GetDlgItem
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
SendMessageW
SetWindowPos
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyIcon
GetGuiResources
CharNextW
GetWindowLongW
SetWindowLongW
GetDC
GetClientRect
GetWindowRect
MapWindowPoints
MoveWindow
GetWindow
LoadStringW
wvsprintfW
EnableMenuItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetWindowThreadProcessId
EndPaint
GetSystemMetrics
IntersectRect
EnumDisplayMonitors
GetCursorInfo
OffsetRect
PtInRect
SetProcessDefaultLayout

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
VarDecCmp
VarUI4FromStr

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Create
ImageList_ReplaceIcon

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

longjmp
strtod
rand
strcpy
_gmtime64
fabs
abs
pow
abort
isalpha
tolower
isspace
strncmp
atof
ftell
fopen_s
_vsnprintf_s
sscanf_s
fputc
fseek
strncpy
tmpfile
getenv
sscanf
ferror
fflush
exit
__iob_func
sprintf
_localtime64_s
strcat_s
strtoul
strncpy_s
calloc
strcpy_s
labs
strchr
__CxxLongjmpUnwind
fprintf
atoi
wcsncmp
_wtol
_setjmp3
_amsg_exit
rewind
_wstat64i32
fwrite
fwprintf
feof
fread
wcsncpy_s
memcpy_s
malloc
_recalloc
_wcsicmp
_purecall
memmove_s
strcmp
_wfopen_s
fclose
wcscmp
iswspace
isalnum
memchr
strlen
memcmp
swprintf_s
strftime
_wdupenv_s
free
wcslen
memset
wcscpy_s
_time64
_gmtime64_s
_wtoi
iswdigit
wcscspn
wcsstr
wcschr
memmove
wcsrchr
__CxxFrameHandler3
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy
??3@YAXPAX@Z
__set_app_type
_fmode
sprintf_s
_commode
srand
_ftelli64
_fseeki64
_wfopen
fopen
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
__wgetmainargs
__setusermatherr

Sections

.text
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef4d3af52ff8fc30311546fdd1085c04

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dnsapi

wininet

rpcrt4

psapi

gdi32

shell32

comdlg32

version

kernel32

user32

advapi32

ole32

oleaut32

comctl32

msvcp100

msvcr100

Sections

.text Size: 464KB - Virtual size: 463KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 464KB - Virtual size: 463KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 57KB - Virtual size: 56KB