70a358bc0c7ab792d36c13de52bdf6d178acf7d376836769a0cc31f141bd32cb

Sharing

Copy URL Twitter E-mail

General

Target

70a358bc0c7ab792d36c13de52bdf6d178acf7d376836769a0cc31f141bd32cb
Size

1.5MB
MD5

507d5751af6f187f0d8a1e3af896a5e5
SHA1

e2ff136aa0d78f0703331ed8f1fb8084de59da5e
SHA256

70a358bc0c7ab792d36c13de52bdf6d178acf7d376836769a0cc31f141bd32cb
SHA512

407efb1fe128540a31de6fc59476da78a8ec03601863e509199eb8423f5a3cd55132edc12289f08645f85d54c879a491ef0992fdfc63308c112401131f4ac7d8
SSDEEP

24576:BYZmDAoExFJOwZEeQA+vMg1KAJVT4A+bZYXUQfDyqCwsmBiF:2nVz+vMg1KOwQjfDrJ/B

Score

N/A

Malware Config

Signatures

Files

70a358bc0c7ab792d36c13de52bdf6d178acf7d376836769a0cc31f141bd32cb
.exe windows x86

7ea63a0d1cc9c5f8c9cb023c6bfbd400

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CredWriteW
CredGetSessionTypes
CredReadW
IsTextUnicode
CredUnmarshalCredentialW
CredIsMarshaledCredentialW
RegOpenKeyExA
RegQueryValueExA
CredWriteDomainCredentialsW
CredDeleteW
CredFree
CredReadDomainCredentialsW
SystemFunction036
GetUserNameA
RegSetValueExA
RegCreateKeyExA

kernel32

FindResourceW
SystemTimeToFileTime
WriteFile
GetSystemDirectoryW
GetSystemTime
GetComputerNameW
LoadLibraryExA
ExpandEnvironmentStringsA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GetVersion
Sleep
HeapSetInformation
ExpandEnvironmentStringsW
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
GetTempPathW
SetFilePointer
GetACP
SetLastError
GetFullPathNameW
lstrcmpW
CompareStringW
GetFileAttributesW
LocalAlloc
FormatMessageW
CreateDirectoryW
TlsAlloc
GetVersionExW
SearchPathW
GetCurrentDirectoryW
LocalFree
DebugBreak
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetVersionExA
InterlockedCompareExchange
LoadLibraryW
ReadFile
GetFileSize
CreateFileW
GetDateFormatW
GetTimeFormatW
GetLocalTime
GetCurrentProcessId
DeleteFileW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
GetLocaleInfoW
CreateFileMappingW
GetUserDefaultUILanguage
TlsFree
InterlockedIncrement
WaitForSingleObject
InterlockedExchange
CloseHandle
CreateThread
CreateEventW
SetEvent
InterlockedDecrement
DeleteCriticalSection
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCommandLineW
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetLastError
GetModuleHandleExA
GetProcAddress
FreeLibrary
LockResource

gdi32

EqualRgn
SelectPalette
RealizePalette
GetObjectW
GetStockObject
GetDeviceCaps
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
CombineRgn
DeleteDC
SetTextColor
SetBkMode
SetMapMode
TranslateCharsetInfo
CreateFontIndirectW
UpdateColors
GetDIBColorTable
StretchBlt
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
CreatePalette
DeleteObject

user32

TranslateMessage
DispatchMessageW
TranslateAcceleratorW
IsDialogMessageW
PostThreadMessageW
UnregisterClassA
LoadStringW
SystemParametersInfoW
MonitorFromWindow
PostMessageW
GetMonitorInfoW
IsRectEmpty
PtInRect
GetClassInfoW
DefDlgProcW
RegisterClassW
GetMessageW
CharLowerW
FillRect
CheckRadioButton
DrawIconEx
GetWindowDC
GetWindow
MapDialogRect
ScreenToClient
GetFocus
DrawTextW
EnumDisplayMonitors
IsDlgButtonChecked
GetDlgItemTextW
AllowSetForegroundWindow
CreateDialogParamW
DialogBoxParamW
LoadAcceleratorsW
CreateDialogIndirectParamW
EndPaint
DrawIcon
BeginPaint
MapWindowPoints
CharUpperW
CharNextW
SendDlgItemMessageW
ReleaseDC
SendMessageW
CheckDlgButton
EndDialog
GetDC
IsWindowEnabled
RedrawWindow
SetTimer
GetMenu
KillTimer
LoadImageW
DestroyIcon
ShowWindowAsync
EnumDisplaySettingsExW
SetCursorPos
GetTitleBarInfo
GetCursorPos
SendInput
EqualRect
EnableWindow
IsWindowVisible
AdjustWindowRectEx
LockWindowUpdate
UpdateWindow
InvalidateRect
SetWindowTextW
EnableMenuItem
CheckMenuItem
UnregisterClassW
GetClassInfoExW
LoadIconW
ShowWindow
MoveWindow
GetClientRect
SetWindowPos
SetWindowPlacement
AdjustWindowRect
IsZoomed
LoadCursorW
SetCursor
ModifyMenuW
GetSystemMenu
GetMenuItemInfoW
DeleteMenu
InsertMenuW
CreateMenu
AppendMenuW
PostQuitMessage
IsWindow
RegisterWindowMessageW
SetRect
CopyRect
GetDesktopWindow
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
GetSystemMetrics
SetForegroundWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
RegisterClassExW
IsChild
CreateWindowExW
DestroyWindow
GetDlgItem
SetFocus
SetDlgItemTextW

msvcrt

wctomb
__mb_cur_max
mbtowc
localeconv
_fileno
isleadbyte
isxdigit
isdigit
_controlfp
?terminate@@YAXXZ
memcpy
_onexit
__dllonexit
_unlock
_lock
srand
time
_wtoi
wcspbrk
iswspace
toupper
towlower
realloc
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
iswctype
ungetc
_CIpow
bsearch
__pioinfo
wcstombs
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
calloc
memset
_errno
_wcslwr
iswdigit
towupper
_wtol
wcstok
wcschr
_wcsnicmp
_vsnprintf
wcsstr
memmove
wcsrchr
wcsncmp
_wcsicmp
_read
__badioinfo
_vsnwprintf
_purecall
??2@YAPAXI@Z
??_U@YAPAXI@Z
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
memcmp

ole32

CoRevokeClassObject
CreateItemMoniker
GetRunningObjectTable
CLSIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize

oleaut32

SafeArrayCreate
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SafeArrayGetVartype
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantInit

shell32

ExtractIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
SHAddToRecentDocs
SHGetFolderPathW

comctl32

ImageList_Destroy
ord17
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_LoadImageW
ord413
ord412
ord410

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathStripPathW
PathFindExtensionW
SHStrDupW
ord388

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFindExtension
CryptDecodeObject
CryptUnprotectData
CryptProtectData
CryptMsgClose
CertOpenStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertVerifyCertificateChainPolicy
CertCloseStore
CryptVerifyDetachedMessageSignature
CryptSignMessage
CertGetCertificateContextProperty
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CryptStringToBinaryW
CryptBinaryToStringW

credui

CredUIParseUserNameW
CredUIPromptForWindowsCredentialsW
CredPackAuthenticationBufferW
CredUnPackAuthenticationBufferW

secur32

LsaDeregisterLogonProcess
GetUserNameExW
FreeContextBuffer
QuerySecurityPackageInfoW
LsaLookupAuthenticationPackage
LsaConnectUntrusted

cryptui

CryptUIDlgViewCertificateW

ntdll

RtlInitString
RtlUnwind

cfgmgr32

CM_Get_Sibling
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
CM_Get_Parent

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpen
WinHttpConnect
WinHttpQueryOption

netapi32

NetApiBufferFree
NetGetJoinInformation

winmm

timeSetEvent
timeGetTime
timeKillEvent

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ea63a0d1cc9c5f8c9cb023c6bfbd400

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

shell32

comctl32

comdlg32

shlwapi

crypt32

credui

secur32

cryptui

ntdll

cfgmgr32

winhttp

netapi32

winmm

Sections

.text Size: 400KB - Virtual size: 399KB

.data Size: 4KB - Virtual size: 8KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 574KB - Virtual size: 574KB

.reloc Size: 32KB - Virtual size: 32KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 400KB - Virtual size: 399KB

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 574KB - Virtual size: 574KB

.reloc
Size: 32KB - Virtual size: 32KB

.vmp0
Size: 500KB - Virtual size: 1.6MB