6b155d1498f0a384f7044ab3242d6246e3001593f48c40f255a3eecadb32b584

Sharing

Copy URL Twitter E-mail

General

Target

6b155d1498f0a384f7044ab3242d6246e3001593f48c40f255a3eecadb32b584
Size

617KB
MD5

40ca3846cbc9fcfbc6b92a4bd6d92ac0
SHA1

2cf1dc55a8cc72e9ff6df71dd9525a541bca6dbc
SHA256

6b155d1498f0a384f7044ab3242d6246e3001593f48c40f255a3eecadb32b584
SHA512

d39d3b71271713eeef0cda340c1912f8207fe005c01da03e57a1bafedcec67d48a04908e989570dadc92aa079eea32c9bb09cd6a96bdb411d3dff1abc7dc08e0
SSDEEP

12288:JHXimq19WxdiqPJJkgzTgTOa/ZghYEkNXAXWmop:NXisxdiqhJkgzMTJZghYEktAYp

Score

N/A

Malware Config

Signatures

Files

6b155d1498f0a384f7044ab3242d6246e3001593f48c40f255a3eecadb32b584
.exe windows x86

43d977daa7c212e15220b50f73473b19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyW
LookupAccountSidW
GetTokenInformation
OpenProcessToken

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
EnumProcesses

wininet

InternetSetOptionW
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetSetCookieW

kernel32

GetTickCount
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetFileAttributesW
FileTimeToSystemTime
GetProcAddress
FindClose
QueryDosDeviceW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
CreateProcessW
WaitForSingleObject
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetVersionExW
LocalAlloc
GetFileSize
SetFilePointer
WriteFile
Sleep
ReadFile
FlushFileBuffers
CreateMutexW
OpenMutexW
ReleaseMutex
TerminateProcess
GetStartupInfoW
HeapFree
HeapAlloc
HeapReAlloc
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
LCMapStringW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
GetProcessHeap
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeLibrary
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
CreateThread
LocalFree
GetCurrentThreadId
GlobalFree
GetModuleHandleA
SetLastError
ExitThread
FormatMessageW
GlobalAlloc
CloseHandle
EnterCriticalSection
GetLastError
GetTempPathW
GetModuleFileNameW
LeaveCriticalSection
GetModuleHandleW
GetCurrentProcess
GetCommandLineW
GetCurrentProcessId
DeleteCriticalSection
TlsSetValue
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime

user32

ReleaseCapture
CreateWindowExW
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
SetWindowLongW
GetWindowLongW
InvalidateRect
LoadIconW
RegisterClassExW
TranslateMessage
BeginPaint
LoadCursorW
GetKeyState
KillTimer
PostMessageW
CloseWindow
SetCapture
PostQuitMessage
GetMessageW
GetWindowRect
SetTimer
SetWindowRgn
SetWindowTextW
DestroyWindow
EndPaint
GetClientRect
EnableWindow
IsWindowVisible
ReleaseDC
GetDC
FillRect
DrawTextW
FindWindowW
SendMessageW
WindowFromPoint
GetForegroundWindow
SystemParametersInfoW
GetWindowThreadProcessId
MessageBoxW
GetSystemMetrics
DefWindowProcW
MoveWindow
DispatchMessageW
SetForegroundWindow
SetCursor
UnregisterClassW

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

msimg32

TransparentBlt
AlphaBlend

gdi32

GetObjectW
GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateDIBSection
CreateFontIndirectW
SelectClipRgn
CreateCompatibleDC
CreateCompatibleBitmap
GetPixel
StretchBlt
CreateRectRgn
CombineRgn
DeleteObject
SetBkMode
CreatePolygonRgn
GetStockObject
BitBlt
CreateSolidBrush
SelectObject

ole32

OleInitialize
OleCreate
OleSetContainedObject

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.srdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43d977daa7c212e15220b50f73473b19

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

imm32

version

psapi

wininet

kernel32

user32

shell32

msimg32

gdi32

ole32

oleaut32

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 13KB - Virtual size: 27KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 18KB - Virtual size: 18KB

.srdata Size: 68KB - Virtual size: 68KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 13KB - Virtual size: 27KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 18KB - Virtual size: 18KB

.srdata
Size: 68KB - Virtual size: 68KB