e01e409bfd7f832aa93f3658433051f6c56ee6c14d63c7984ae98e173da5ef8c

Sharing

Copy URL Twitter E-mail

General

Target

e01e409bfd7f832aa93f3658433051f6c56ee6c14d63c7984ae98e173da5ef8c
Size

497KB
MD5

369d648c72e1be775034edef6d622940
SHA1

cdacb134c5153822b38c55b14e8a06ba23a98c9f
SHA256

e01e409bfd7f832aa93f3658433051f6c56ee6c14d63c7984ae98e173da5ef8c
SHA512

ba5669fc5e0a13a152932b1bc154dc8c7d0a528dba2d7d814126871e7bf3007baab1dc80fc4fb95da6e043a7d3c676365dadd7687b081ec77d3dfbe62158d492
SSDEEP

12288:QVcF+43rOPntWb3IyT1Hxs9hVYkWLEuznE6haUulnB+gXZ2XB:YUpxs9h/ynEiaUulnZXKB

Score

N/A

Malware Config

Signatures

Files

e01e409bfd7f832aa93f3658433051f6c56ee6c14d63c7984ae98e173da5ef8c
.exe windows x86

60edb943d9a76460119aacd5ce78b778

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetFileAttributesW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetModuleHandleA
TerminateProcess
ExitProcess
OpenProcess
GetPrivateProfileStringW
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleW
LocalFree
LocalAlloc
MoveFileExW
GetSystemInfo
GetSystemTimeAsFileTime
LockResource
SizeofResource
LoadResource
FindResourceW
DeviceIoControl
GetCurrentProcessId
GetSystemTime
CreateProcessW
GetCommandLineW
GetSystemDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
SetLastError
GlobalMemoryStatusEx
lstrcmpA
CreateMutexW
CreateThread
ExpandEnvironmentStringsW
FindNextFileW
CreateWaitableTimerW
VirtualProtect
WaitForMultipleObjectsEx
GetLongPathNameW
lstrcmpiA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
LCMapStringA
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapCreate
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ExitThread
RaiseException
FindClose
CreateDirectoryW
GetModuleFileNameW
WaitForMultipleObjects
CancelWaitableTimer
GetTempPathW
GetTempFileNameW
GetPrivateProfileSectionNamesW
GetDiskFreeSpaceExW
SetWaitableTimer
CreateEventW
GetTickCount
ResetEvent
SetFileTime
WriteFile
IsBadReadPtr
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
InitializeCriticalSection
SetEndOfFile
SystemTimeToFileTime
WaitForSingleObject
Sleep
SetEvent
GetCurrentProcess
InterlockedIncrement
OutputDebugStringW
DebugBreak
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
WideCharToMultiByte
DeleteFileW
GetLastError
CreateFileW
ReadFile
SetFilePointer
GetFileSize
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
VirtualFree
CloseHandle
SetEnvironmentVariableA
GetPrivateProfileStringA

user32

ShowWindow
CharNextW
wvsprintfW
DispatchMessageW
TranslateMessage
PostQuitMessage
PostMessageW
IsWindow
DefWindowProcW
GetMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadStringW

advapi32

LookupPrivilegeValueW
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
CheckTokenMembership
RegOpenKeyW
RegEnumValueW
RegDeleteKeyW
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFolderPathW
ord680
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
VarBstrCmp
SysAllocString
SysFreeString

shlwapi

PathAddBackslashW
PathAppendW
SHSetValueW
PathFindFileNameW
SHDeleteKeyW
SHDeleteValueW
PathRemoveFileSpecW
SHGetValueA
PathGetDriveNumberW
PathFileExistsW
PathCombineW
PathIsRootW
StrStrIW
SHGetValueW
StrRetToBufW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

ws2_32

WSACleanup
WSAStartup

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
InternetQueryOptionW
InternetWriteFile
InternetReadFileExA
InternetReadFile
HttpEndRequestW
UnlockUrlCacheEntryFileW
HttpOpenRequestW
HttpSendRequestExW
InternetSetOptionW
InternetSetStatusCallbackW
InternetConnectW
InternetSetOptionA
InternetGetLastResponseInfoW
FtpCommandW
FtpGetFileSize
HttpQueryInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
FtpOpenFileW
InternetOpenW

netapi32

Netbios

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60edb943d9a76460119aacd5ce78b778

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

psapi

ws2_32

setupapi

version

wininet

netapi32

Sections

.text Size: 319KB - Virtual size: 319KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 11KB - Virtual size: 30KB

.rsrc Size: 83KB - Virtual size: 84KB

.text
Size: 319KB - Virtual size: 319KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 11KB - Virtual size: 30KB

.rsrc
Size: 83KB - Virtual size: 84KB