039478d73e7fa46c1dc46dafed1d6b9c648dd3f74ee4bab74fcd0e3369099bfe

Sharing

Copy URL Twitter E-mail

General

Target

039478d73e7fa46c1dc46dafed1d6b9c648dd3f74ee4bab74fcd0e3369099bfe
Size

123KB
MD5

09d9497c3cbc664510601ad3b4d55c48
SHA1

9b8b3a79be357d7d655d957864f76e06b797aafd
SHA256

039478d73e7fa46c1dc46dafed1d6b9c648dd3f74ee4bab74fcd0e3369099bfe
SHA512

83b7b5c87758ea234f15c3d05ac4dc3130848437ef022f847efdd909aba90b1626a7012723f471d4c42a592fb74df97f327110c6046c35866dcd3f24a6a0377f
SSDEEP

3072:a1OnnZnX3pJmmQpV11X9KReumNvLT2mx0U:a1mZnpJjQv1vKR/mxLKa0

Score

N/A

Malware Config

Signatures

Files

039478d73e7fa46c1dc46dafed1d6b9c648dd3f74ee4bab74fcd0e3369099bfe
.exe windows x86

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

ws2_32

gethostbyname
WSAStartup
gethostname
inet_ntoa

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipGetImageEncoders

kernel32

lstrcpyA
CreateFileA
GetFileSize
lstrcmpA
SetFilePointer
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
GetVolumeInformationA
Sleep
ReadFile
lstrcmpiA
CopyFileA
SetFileAttributesA
GetModuleFileNameA
CloseHandle
DeleteFileA
CreateThread
HeapCreate
FlushFileBuffers
GetSystemTime
ExitProcess
SetErrorMode
GetCurrentProcess
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
GetLastError
EnterCriticalSection
VirtualAllocEx
OpenMutexA
Process32Next
GetModuleHandleA
GetTempPathA
CreateToolhelp32Snapshot
WriteProcessMemory
GetComputerNameA
GetEnvironmentVariableA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
LoadLibraryW
RtlUnwind
GetStringTypeW
lstrcatA
GetTickCount
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapReAlloc
LeaveCriticalSection
CreateMutexA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
WriteConsoleW
VirtualAlloc
CreateFileW
GetStdHandle

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA

user32

GetWindowDC
PostQuitMessage
LoadStringA
LoadIconA
BeginPaint
TranslateMessage
MessageBoxA
CreateWindowExA
TranslateAcceleratorA
RegisterClassExA
DefWindowProcA
LoadAcceleratorsA
DispatchMessageA
UpdateWindow
LoadCursorA
DialogBoxParamA
GetKeyState
GetForegroundWindow
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
wvsprintfA
wsprintfA
GetMessageA
DestroyWindow
SwapMouseButton
EndPaint
GetSystemMetrics
EndDialog

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SaveDC
RestoreDC
BitBlt

advapi32

CryptReleaseContext
RegCloseKey
AdjustTokenPrivileges
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
LookupPrivilegeValueA
LookupAccountSidA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
OpenProcessToken
CryptAcquireContextA
RegOpenKeyExA
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
CryptDestroyHash
CryptHashData
CryptGetHashParam

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.injcd
Size: 1024B - Virtual size: 907B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ws2_32

gdiplus

kernel32

wininet

user32

gdi32

advapi32

shell32

Sections

.text Size: 78KB - Virtual size: 77KB

.injcd Size: 1024B - Virtual size: 907B

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 78KB - Virtual size: 77KB

.injcd
Size: 1024B - Virtual size: 907B

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB