59e66693352b7d9e5e7a300abe2cdf4585497039c696efd9c433b14630019987

Sharing

Copy URL Twitter E-mail

General

Target

59e66693352b7d9e5e7a300abe2cdf4585497039c696efd9c433b14630019987
Size

616KB
MD5

2d4e6386445e7e7a1e083112840cf770
SHA1

7a53a5661d363c85af40e0ac8105b535760d7aca
SHA256

59e66693352b7d9e5e7a300abe2cdf4585497039c696efd9c433b14630019987
SHA512

219cf74aa1ad7c72dc59528cf2a96c6db9ed2ae76b3361ffe4de31ff7b536f529df038ba2b857971bb1ecb9b23118446b79f72fa40195ce9f7a94f87acd9bcfc
SSDEEP

12288:ZHZglWhjhte1odZHFMApmnTqKprQCIrVEqdCdH8gdY1mamTsk6eQUneRhbD57wJ:ZKohtTlWbpkDVtdCpfTR0UefbD57wJ

Score

N/A

Malware Config

Signatures

Files

59e66693352b7d9e5e7a300abe2cdf4585497039c696efd9c433b14630019987
.exe windows x86

9d5c07f86c129a89d2a435c83e6d2901

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

freeaddrinfo
getnameinfo
WSACleanup
getaddrinfo
gethostname
WSAStartup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

imm32

ImmDisableIME

psapi

EnumProcesses

kernel32

MoveFileExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
FlushInstructionCache
GetCurrentProcess
SetLastError
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
Thread32Next
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
VirtualQuery
IsBadWritePtr
lstrlenW
UnmapViewOfFile
lstrcpyW
FindNextFileW
FindClose
MapViewOfFile
CreateFileMappingW
GetFullPathNameW
FindFirstFileW
CreateProcessW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
lstrcmpiW
GetCommandLineW
GetModuleFileNameW
LoadLibraryExW
SetEnvironmentVariableW
OutputDebugStringW
GetSystemTime
GetTempPathW
FreeConsole
lstrlenA
GetStdHandle
AllocConsole
DosDateTimeToFileTime
SetConsoleTextAttribute
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateMutexW
OpenFileMappingW
ExitProcess
Sleep
GetFileSize
OpenEventW
ReadFile
CopyFileW
MulDiv
CompareStringW
WaitForMultipleObjects
HeapSize
HeapReAlloc
HeapDestroy
SetEvent
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetConsoleCP
GetConsoleMode
SetFilePointer
ExitThread
CreateThread
SetEndOfFile
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
LCMapStringW
GetModuleHandleA
SetHandleCount
GetFileType
SetStdHandle
GetConsoleScreenBufferInfo
CreateEventW
ResetEvent
WaitForSingleObject
WriteConsoleA
GetConsoleOutputCP
CreateFileA
VirtualFree
HeapCreate
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetTickCount
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CloseHandle
MultiByteToWideChar
DeviceIoControl
GlobalAlloc
GlobalFree
GetVolumeInformationA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TlsAlloc
InterlockedCompareExchange
IsProcessorFeaturePresent
RemoveDirectoryW
SetThreadPriority
TerminateThread
OpenProcess
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
WriteFile
LocalFree
FormatMessageW
LoadLibraryW
GetProcAddress
DeleteFileW
FreeLibrary
CreateDirectoryW
GetLastError
TerminateProcess
TlsFree
QueryPerformanceCounter
LCMapStringA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
CompareStringA
SetEnvironmentVariableA
WriteConsoleW
VirtualAlloc

user32

SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
SetRectEmpty
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetDlgCtrlID
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetDlgItemTextW
EnableWindow
RedrawWindow
IsWindowVisible
PtInRect
UnregisterClassA
DrawFocusRect
SetCursor
GetCursorPos
SetForegroundWindow
GetDC
ShowWindow
ScreenToClient
GetWindowRect
ReleaseDC
SetWindowPos
MoveWindow
GetWindowTextW
SetWindowTextW
PeekMessageW
ReleaseCapture
GetCapture
OffsetRect
GetFocus
GetSysColor
GetClassNameW
CreateDialogParamW
LoadIconW
GetSystemMetrics
PostQuitMessage
LoadStringW
GetDlgItem
MessageBoxW
WindowFromPoint
SendMessageW
AllowSetForegroundWindow
RegisterWindowMessageW
EndPaint
BeginPaint
LoadImageW
InvalidateRect
GetClientRect
DrawTextW
CharNextW
DestroyIcon
SetTimer
CallWindowProcW
GetWindowLongW
KillTimer
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
SetWindowLongW
PostMessageW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
BringWindowToTop
GetWindowTextLengthW
FillRect

gdi32

SetBkMode
SelectObject
DeleteDC
DeleteObject
StretchBlt
GetObjectW
GetStockObject
SetTextColor
CreateFontW
CreateCompatibleDC
CreateFontIndirectW

advapi32

CryptDestroyHash
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCloseKey
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueExW
SetServiceStatus
SetServiceObjectSecurity
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CreateProcessAsUserW
RegOpenKeyW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CryptDestroyKey

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ord165
ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoInitialize
CLSIDFromProgID

oleaut32

VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VarBstrCmp
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen

comctl32

_TrackMouseEvent

msimg32

GradientFill

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW
HttpAddRequestHeadersW
InternetReadFileExA
InternetQueryOptionW
HttpEndRequestW
InternetSetStatusCallbackW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestExW
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW
InternetSetCookieW
InternetOpenW
InternetOpenA

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d5c07f86c129a89d2a435c83e6d2901

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

userenv

wintrust

crypt32

imm32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

iphlpapi

wininet

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 12KB - Virtual size: 42KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 12KB - Virtual size: 42KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 92KB - Virtual size: 96KB