d88bea571eb81476134963ff116941779002983d080cbe20ef09c4ed9f5a24b0

Sharing

Copy URL Twitter E-mail

General

Target

d88bea571eb81476134963ff116941779002983d080cbe20ef09c4ed9f5a24b0
Size

86KB
MD5

699a05ebd9b4ea3997503ce2228b2f25
SHA1

cbbeabab628553c12289ff0d76d6135d946a9941
SHA256

d88bea571eb81476134963ff116941779002983d080cbe20ef09c4ed9f5a24b0
SHA512

cb9c26a64bb144cefecbc2fd976908e13b75aac5e4ddf68242ca76d0c5c01d2a3f6977a0adc31be832495ebfe6709b09b348e1ce83e5dce7feefc2661a8e6460
SSDEEP

1536:MdbyqKGw8tZ3CNMX9bB2lx1U9H+nZ6ZlyVR8VDgZ85LInbbbLtvlk+iq:MdbKGr33CNU3s1saGyMVMZ8ZIDk+iq

Score

N/A

Malware Config

Signatures

Files

d88bea571eb81476134963ff116941779002983d080cbe20ef09c4ed9f5a24b0
.exe windows x86

41c777f1f12a9d7583826efb09d9a264

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipAlloc
GdiplusShutdown
GdipFree
GdipCloneImage
GdipCreateBitmapFromFileICM

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

netapi32

NetWkstaUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetGetJoinInformation

shell32

FindExecutableW
ShellExecuteW
SHAppBarMessage
SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ole32

CoTaskMemFree
OleInitialize
CoUninitialize
CLSIDFromString
StringFromCLSID
CoInitializeSecurity
StringFromGUID2
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx
OleLockRunning
CoAllowSetForegroundWindow
CoTaskMemAlloc
CoSetProxyBlanket
OleUninitialize
CLSIDFromProgID
CoCreateGuid

shlwapi

UrlCombineW
UrlApplySchemeW
UrlCanonicalizeW
PathCombineW
UrlGetPartW
PathAppendW

gdi32

GetDeviceCaps
BitBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SelectObject
CreateSolidBrush
DeleteObject
GetObjectW

crypt32

CryptUnprotectData
CryptProtectData

kernel32

LocalAlloc
GetProcessHeap
CreateEventW
FindResourceExW
GlobalHandle
GetSystemTimeAsFileTime
VirtualFree
LoadResource
SetEvent
QueryPerformanceCounter
InitializeCriticalSection
GlobalLock
VirtualUnlock
GetThreadLocale
GetProcAddress
SizeofResource
GetSystemInfo
GetLocaleInfoW
GetProcessVersion
GetCurrentProcess
lstrcmpW
InterlockedExchange
LoadLibraryW
CreateMutexW
GetLastError
HeapFree
HeapReAlloc
LoadLibraryExW
FormatMessageW
GetVersionExA
GlobalAlloc
CreateThread
GetTempPathW
GlobalUnlock
GetVersionExW
LeaveCriticalSection
WaitForMultipleObjects
GetCurrentThreadId
ReleaseMutex
HeapDestroy
ProcessIdToSessionId
MultiByteToWideChar
RaiseException
SetUnhandledExceptionFilter
FlushInstructionCache
ResetEvent
DeleteCriticalSection
ExitProcess
WaitForSingleObject
HeapAlloc
FreeLibrary
GetSystemDirectoryW
InterlockedDecrement
IsProcessorFeaturePresent
GetACP
GetComputerNameW
IsDebuggerPresent
OpenProcess
LCMapStringW
MulDiv
CreateFileW
VirtualLock
lstrlenA
InterlockedIncrement
UnhandledExceptionFilter
LocalFree
GetProcessId
CloseHandle
LockResource
WideCharToMultiByte
SetLastError
GetLocaleInfoA
GetTickCount
FindResourceW
GetStartupInfoW
Sleep
lstrlenW
HeapSetInformation
VirtualAlloc
GlobalFree
LoadLibraryA
InterlockedCompareExchange
TerminateProcess
HeapSize
EnterCriticalSection
GetModuleFileNameW
GetModuleHandleW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c777f1f12a9d7583826efb09d9a264

Headers

File Characteristics

Imports

secur32

gdiplus

wtsapi32

netapi32

shell32

ddraw

version

ole32

shlwapi

gdi32

crypt32

kernel32

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 26KB - Virtual size: 25KB

.rsrc Size: 1024B - Virtual size: 64KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 1024B - Virtual size: 64KB