bb5205e6f4dbe0dfbf2e222990adf381528a45f218032d23cfed1603ea1c111c

Sharing

Copy URL

Twitter E-mail

General

Target

bb5205e6f4dbe0dfbf2e222990adf381528a45f218032d23cfed1603ea1c111c
Size

551KB
MD5

3e4fadaf33efb7bbfceb9e63813c8a00
SHA1

bf4111e1222249f696cddd864c7e4229f551aaa9
SHA256

bb5205e6f4dbe0dfbf2e222990adf381528a45f218032d23cfed1603ea1c111c
SHA512

d79bfdc1b0c1e9b913a8aec54eb0425f1ce568696600160bc8f7e8630bb712a03a5afc7dc1d07bacdb1656a6d3b56541472a3eb6c303036f2ee3201d4b7c4fc6
SSDEEP

6144:4xjgyEK8V6vqgUqGFbfalZE0xsgvIUnmbkq79Bi7t4/9FAwscVJJGUdAUatL:6gn+vcOwEIUmB79BiY5suGU+5tL

Score

N/A

Malware Config

Signatures

Files

bb5205e6f4dbe0dfbf2e222990adf381528a45f218032d23cfed1603ea1c111c
.exe windows x86

80f0e70d9b52265a7509b2d3e3ddd8c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
CryptReleaseContext
GetUserNameW
GetLengthSid
GetTokenInformation
OpenProcessToken
EventActivityIdControl
RegEnumKeyW
EventRegister
EventWrite
EventUnregister
CryptDestroyKey
CryptDestroyHash
CryptImportKey
CryptGetUserKey
CryptExportKey
CryptAcquireContextW
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptSetKeyParam
CryptGenRandom
CryptEncrypt
CryptDecrypt
CryptGenKey
CryptGetHashParam
CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegGetValueW
RegDeleteKeyValueW

kernel32

WideCharToMultiByte
GlobalAlloc
FindFirstFileW
GetTickCount
Sleep
GetComputerNameW
ReadFile
GetFileSizeEx
CreateFileW
FormatMessageW
DeleteFileW
MoveFileExW
WaitForMultipleObjects
ExpandEnvironmentStringsW
lstrlenA
HeapSetInformation
RegisterApplicationRestart
GetCommandLineW
CreateWaitableTimerW
SetWaitableTimer
LockResource
GlobalHandle
GlobalFree
FindResourceW
LoadLibraryExW
LoadResource
SizeofResource
MultiByteToWideChar
LocalAlloc
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
GetProcAddress
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalLock
GlobalUnlock
SetLastError
MulDiv
lstrcmpW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
CompareStringW
LocalFree
GetCurrentThreadId
ResetEvent
QueueUserWorkItem
RaiseException
GetFullPathNameW
CreateDirectoryW
CreateEventW
GetLastError
CreateMutexW
CreateThread
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetModuleHandleW
GetLocalTime
GetDateFormatW
GetTimeFormatW
SetEvent
ReleaseMutex
HeapFree
CloseHandle
lstrlenW
FindClose
GetFileSize
GetSystemTime
CreateTimerQueue
WriteFile
DeleteTimerQueueTimer
OutputDebugStringW
DeleteTimerQueueEx
CreateTimerQueueTimer
CreateSemaphoreW
ReleaseSemaphore
OpenMutexW
GetTempPathW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
VirtualAlloc
VirtualFree
LoadLibraryA
InterlockedExchange
GetVersionExA

gdi32

CreateFontIndirectW
SetTextColor
SetBkColor
GetObjectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject
GetStockObject

user32

SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetClassNameW
FrameRect
MoveWindow
GetSysColor
SetDlgItemTextW
MapWindowPoints
EndDialog
GetSystemMetrics
GetWindowRect
RegisterHotKey
UnregisterHotKey
SystemParametersInfoW
GetActiveWindow
UnregisterClassA
DefWindowProcW
EnableWindow
SetWindowContextHelpId
PostQuitMessage
OpenIcon
SetForegroundWindow
GetSysColorBrush
GetDCEx
DrawFocusRect
PtInRect
MapDialogRect
SendDlgItemMessageW
KillTimer
SetTimer
UpdateWindow
IsIconic
SetCursor
LoadImageW
GetWindowInfo
PostMessageW
LoadIconW
LoadAcceleratorsW
CopyAcceleratorTableW
ShowWindow
PeekMessageW
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
DialogBoxIndirectParamW
SendMessageW
FlashWindowEx
GetWindowLongW
SetWindowLongW
CharUpperW
CharNextW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadStringW
IsWindowEnabled
AllowSetForegroundWindow
MessageBeep
GetDialogBaseUnits
LoadMenuW
GetSubMenu
TrackPopupMenu
DestroyMenu
GetCaretPos
OpenClipboard
EmptyClipboard
SetClipboardData
GetDlgItem
CloseClipboard

msvcrt

time
srand
exit
_purecall
_controlfp
_errno
realloc
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
iswdigit
_wtol
swscanf_s
_itow
towupper
wcstok
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
memmove_s
_wtoi
_ftol2
_time64
_vsnprintf
calloc
swprintf_s
memcpy
wcsncpy_s
malloc
free
memset
__CxxFrameHandler3
_vsnwprintf
memcpy_s
_CxxThrowException
??0exception@@QAE@ABQBD@Z
wcsncmp

ws2_32

closesocket
connect
socket
WSASocketW
WSAIoctl
GetAddrInfoW
FreeAddrInfoW
WSACleanup
WSAStartup
WSAGetLastError

ntdll

NtOpenThreadToken
WinSqmAddToStream
NtOpenProcessToken
NtClose
NtQueryInformationToken
RtlIpv4AddressToStringW

secur32

GetUserNameExW

ole32

CreateBindCtx
GetHGlobalFromStream
CoInitialize
CoUninitialize
CoGetObject
CoInitializeEx
StringFromIID
CoCreateGuid
CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstanceEx

oleaut32

SysStringByteLen
VarUI4FromStr
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarBstrCat
SysAllocStringByteLen
VariantClear
VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
SysReAllocString
DispCallFunc
SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen

shlwapi

PathFindExtensionW
PathFindFileNameW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

comctl32

ord410
CreatePropertySheetPageW
PropertySheetW
ord344
InitCommonControlsEx
ord413
ImageList_LoadImageW
ord345

shell32

CommandLineToArgvW
ord261
ShellExecuteW
SHGetSpecialFolderPathW
ord258

urlmon

MkParseDisplayNameEx

uxtheme

GetThemeColor
CloseThemeData
OpenThemeData
GetThemeFont
IsAppThemed

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

ndfapi

NdfCloseIncident
NdfExecuteDiagnosis
NdfCreateIncident

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFree

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lmnzcby
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80f0e70d9b52265a7509b2d3e3ddd8c7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ws2_32

ntdll

secur32

ole32

oleaut32

shlwapi

comdlg32

comctl32

shell32

urlmon

uxtheme

crypt32

ndfapi

rpcrt4

Sections

.text Size: 290KB - Virtual size: 290KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 210KB - Virtual size: 209KB

.reloc Size: 47KB - Virtual size: 48KB

lmnzcby Size: - Virtual size: 4KB

.text
Size: 290KB - Virtual size: 290KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 210KB - Virtual size: 209KB

.reloc
Size: 47KB - Virtual size: 48KB

lmnzcby
Size: - Virtual size: 4KB