913c6479058db310abc72b3099aa5dc5c20725d4ee78af232c70219ec9f3bf95

Sharing

Copy URL Twitter E-mail

General

Target

913c6479058db310abc72b3099aa5dc5c20725d4ee78af232c70219ec9f3bf95
Size

64KB
MD5

683475d568790add902781ee1c63f0f0
SHA1

f75af33cf9fc9ab636662a3bf26445d7e971792d
SHA256

913c6479058db310abc72b3099aa5dc5c20725d4ee78af232c70219ec9f3bf95
SHA512

5c62a6b9ef80ac3a59834200af50e6cabf11db2ab32a6ee5021da09aad5a461bdc1a1434e794e7836a25baa82028ccbae096aee5a959d6afe86a2bbe855d1450
SSDEEP

768:psb9tZLMrMrWF7aJSoucn6ASEzQNGlleI74lrfobfsKDn3DUknTzm8c3QrF5X0WR:aMBcD6ABwelmrAPocTbs30Vft3

Score

N/A

Malware Config

Signatures

Files

913c6479058db310abc72b3099aa5dc5c20725d4ee78af232c70219ec9f3bf95
.exe windows x86

de7b321c12131dc12fedbf142a38e2c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

isalpha
sprintf
sscanf
tolower
NtQueueApcThread
NtQueryInformationThread
ZwResumeThread
RtlExitUserThread
NtOpenProcess
NtUnmapViewOfSection
RtlImageNtHeader
RtlCompareMemory
NtClose
NtOpenSection
strncpy
RtlInitUnicodeString
NtMapViewOfSection
_snprintf
strchr
memcpy
memset
_stricmp
_alloca_probe

shlwapi

StrStrIA
PathAppendA
StrToIntA
PathFindFileNameA
PathCombineA
PathRemoveExtensionA
PathAddExtensionA
UrlGetPartA

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpQueryInfoA

psapi

GetProcessImageFileNameA
EnumProcessModules

urlmon

URLDownloadToFileA

kernel32

ReadProcessMemory
WinExec
lstrcpyA
ExitProcess
ExitThread
lstrcatA
Sleep
WriteProcessMemory
GetCurrentProcessId
OpenEventW
GetModuleFileNameA
LoadLibraryA
VirtualAllocEx
CreateRemoteThread
SetEvent
VirtualProtect
CreateEventW
CreateFileMappingW
OpenProcess
GetModuleHandleW
VirtualQuery
UnmapViewOfFile
MapViewOfFile
lstrcmpA
CreateThread
DeleteFileA
LocalFree
GetTempPathA
CloseHandle
GetVersionExA
CreateToolhelp32Snapshot
CreateMutexA
GetModuleHandleA
lstrcmpiW
Process32NextW
GetSystemInfo
LocalAlloc
OpenMutexA
Process32FirstW
lstrlenA
WaitForSingleObject
VirtualAlloc
HeapReAlloc
CreateFileA
GetFileSize
SetFilePointer
MoveFileExA
SetEndOfFile
HeapAlloc
GetCurrentProcess
HeapFree
GetTickCount
VirtualFree
UnlockFileEx
GetProcessHeap
VirtualQueryEx
WriteFile
GetTempFileNameA
ReadFile
GetLastError
lstrcmpiA
GetProcAddress
LockFileEx

user32

GetForegroundWindow
SendNotifyMessageA
FindWindowW
SetWindowLongA
GetWindowLongA

advapi32

RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
GetSidSubAuthority

shell32

SHGetFolderPathA
ShellExecuteExA

Exports

Exports

DownloadRunExeId
DownloadRunExeUrl
DownloadRunModId
DownloadUpdateMain
Inject32End
Inject32Normal
Inject32Start
InjectApcRoutine
InjectNormRoutine
SelfDelete
SendLogs
WriteConfigString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cfg
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de7b321c12131dc12fedbf142a38e2c3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wininet

psapi

urlmon

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.cfg Size: 30KB - Virtual size: 32KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.cfg
Size: 30KB - Virtual size: 32KB