ab4f09df60292da157ca01c7c52ca6af4de01fb15eed069055938bfbc3c82ca1

Sharing

Copy URL Twitter E-mail

General

Target

ab4f09df60292da157ca01c7c52ca6af4de01fb15eed069055938bfbc3c82ca1
Size

1.3MB
MD5

3277a3a8720b0683544f7fdb130c8cb0
SHA1

6ed3dc726d64a6807e50251a7e154869549eb24b
SHA256

ab4f09df60292da157ca01c7c52ca6af4de01fb15eed069055938bfbc3c82ca1
SHA512

7e6d2f60d6c05d45737a2257b52c366ae89c871725a2353003c3ba7799902f735e0af77953ff810f3d2e3bd81750da44c250b414c5ab52ad09e458f3e1613450
SSDEEP

24576:G/iF42eq55wiY8xonHfxpLtwfJz0YoiSYmrUxL2YkD:NF4btIJQYoLYmIxL2Yk

Score

N/A

Malware Config

Signatures

Files

ab4f09df60292da157ca01c7c52ca6af4de01fb15eed069055938bfbc3c82ca1
.exe windows x86

e34e5c4cc06d2e89b1637f2513a0dec5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_init
curl_easy_cleanup
curl_global_init
curl_easy_strerror
curl_global_cleanup

ws2_32

recv
htons
WSAGetLastError
inet_addr
connect
WSAStartup
WSACleanup
socket
closesocket
send
gethostbyname

winmm

timeSetEvent
timeGetTime
timeKillEvent

shlwapi

wvnsprintfW
StrStrIA
PathFindFileNameW
StrToInt64ExW
StrCpyW
SHGetValueW
StrCmpW
StrToIntExW
StrStrIW
PathIsRootW
StrCmpNIW
StrNCatW
StrCmpIW
PathFileExistsW
PathAppendW
wnsprintfA
PathCanonicalizeW
StrCpyNW
wnsprintfW

kernel32

HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetLastError
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
InitializeCriticalSection
GetProcessTimes
QueryPerformanceCounter
GetModuleHandleExW
GetLocalTime
OutputDebugStringA
GetTickCount
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
lstrcpyW
IsBadStringPtrW
lstrlenW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
MulDiv
lstrcpynW
WideCharToMultiByte
GetCurrentProcessId
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateFileW
GetFileSizeEx
ReadFile
CloseHandle
MultiByteToWideChar
GetCommandLineW
GetFileAttributesW
LocalFree
FlushFileBuffers
WriteFile
SetFilePointerEx
SetEndOfFile
DuplicateHandle
DisconnectNamedPipe
CreateEventW
WaitForSingleObject
CreateNamedPipeW
ConnectNamedPipe
InterlockedCompareExchange
Sleep
CreateMutexW
GetLastError
TerminateProcess
OpenProcess
CreateProcessW
AssignProcessToJobObject
ResumeThread
CreateThread
HeapDestroy
SetFileAttributesW
GetVersionExW
GetSystemInfo
lstrcatW
SearchPathW
SetUnhandledExceptionFilter
FreeLibrary
CreateFileMappingW
GetFileSize
MapViewOfFile
UnmapViewOfFile
ExitProcess
SetEvent
WaitForMultipleObjects
InterlockedExchange
FindResourceExW
GlobalMemoryStatusEx
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetSystemDirectoryW
FormatMessageW
TerminateThread
lstrcmpiW
GlobalSize
GlobalLock
GlobalUnlock
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTempPathW
SetProcessWorkingSetSize
IsBadWritePtr
GetPrivateProfileStringW
GlobalDeleteAtom
WritePrivateProfileStringW
CreateDirectoryW
GetPrivateProfileIntW
FindResourceA
GlobalAlloc
LoadLibraryExW
FlushInstructionCache
lstrcmpW
DeleteFileW
OutputDebugStringW
PeekNamedPipe
WaitNamedPipeW
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
SetConsoleTitleW
SetFilePointer
EncodePointer
GlobalAddAtomW
IsDebuggerPresent
GetStringTypeW
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
RaiseException
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
AreFileApisANSI
GetConsoleCP
GetConsoleMode
GetFileType
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ReleaseMutex

user32

DrawTextW
MessageBeep
SetFocus
GetSysColor
ClientToScreen
ScreenToClient
ScrollWindowEx
InvalidateRect
SetScrollPos
SetScrollRange
EnableScrollBar
ShowScrollBar
GetFocus
GetSystemMetrics
PtInRect
IsZoomed
ReleaseCapture
SetCapture
SetCursor
SetWindowsHookExW
CallNextHookEx
EndDialog
TrackMouseEvent
GetCursorPos
SystemParametersInfoW
UpdateLayeredWindow
UnhookWindowsHookEx
RegisterClassExW
DialogBoxIndirectParamW
GetLastInputInfo
GetWindowThreadProcessId
GetParent
KillTimer
SetTimer
IsWindowVisible
ShowWindow
UpdateWindow
ReleaseDC
GetDC
EndPaint
BeginPaint
MapWindowPoints
GetClientRect
GetWindowRect
SetWindowPos
IsIconic
PostMessageW
SendMessageW
LoadImageW
RemovePropW
SetWindowLongW
SetPropW
GetWindowLongW
CreateWindowExW
DestroyWindow
IsWindow
DispatchMessageW
PostQuitMessage
TranslateMessage
wsprintfW
FindWindowExW
MessageBoxW
GetMessageW
RegisterWindowMessageW
WindowFromPoint
BroadcastSystemMessageW
IsRectEmpty
GetShellWindow
CallWindowProcW
SetLayeredWindowAttributes
DefWindowProcW
UnregisterClassW
LoadCursorW
GetClassInfoExW
CreateAcceleratorTableW
FillRect
DestroyAcceleratorTable
GetDlgItem
IsChild
RedrawWindow
InvalidateRgn
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CharNextW
CopyIcon
DrawIconEx
FindWindowW
GetIconInfo
SendMessageTimeoutW
AllowSetForegroundWindow
SetForegroundWindow
DisableProcessWindowsGhosting
DestroyIcon
GetClassNameW
GetDesktopWindow
GetWindow
GetPropW

gdi32

SelectObject
GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
BitBlt
GetObjectW
EnumFontFamiliesExW
SetMapMode
SetGraphicsMode
SetTextAlign
SetBkMode
GetCurrentObject
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
CreateDCW
GetObjectType
SetTextColor
SetBkColor
GdiFlush
DeleteDC
CreateDIBSection
GdiAlphaBlend

comdlg32

GetOpenFileNameW

advapi32

LookupAccountNameW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHFileOperationW
ord680
SHGetDesktopFolder
ord25
ord155
SHGetFileInfoW
ord727
ord190
SHCreateDirectoryExW
Shell_NotifyIconW
ord165
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
OleInitialize
OleUninitialize
ReleaseStgMedium
RegisterDragDrop
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

dxboxui

ord1

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusShutdown
GdipGraphicsClear
GdipCloneImage
GdipSaveImageToFile
GdipGetImageWidth
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContextEx
ImmAssociateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dbghelp

MakeSureDirectoryPathExists

wininet

InternetConnectW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
InternetQueryDataAvailable
InternetReadFile
InternetGetConnectedState

lzmalib

LzmaUncompress

Sections

.text
Size: 953KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e34e5c4cc06d2e89b1637f2513a0dec5

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

ws2_32

winmm

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

dxboxui

iphlpapi

gdiplus

imm32

version

userenv

dbghelp

wininet

lzmalib

Sections

.text Size: 953KB - Virtual size: 952KB

.rdata Size: 253KB - Virtual size: 253KB

.data Size: 18KB - Virtual size: 61KB

_RDATA Size: 512B - Virtual size: 288B

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 87KB - Virtual size: 88KB

.text
Size: 953KB - Virtual size: 952KB

.rdata
Size: 253KB - Virtual size: 253KB

.data
Size: 18KB - Virtual size: 61KB

_RDATA
Size: 512B - Virtual size: 288B

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 87KB - Virtual size: 88KB