18a4b75b971e6a8195a2afd3684e8f49f88429c2fde7cf7b593ea45b6b6d3096

Sharing

Copy URL Twitter E-mail

General

Target

18a4b75b971e6a8195a2afd3684e8f49f88429c2fde7cf7b593ea45b6b6d3096
Size

128KB
MD5

064bb30cf5a02354eb8b2cb383ee978a
SHA1

3a136c48e4ef3a8eea6e105f165bd7e95f00944e
SHA256

18a4b75b971e6a8195a2afd3684e8f49f88429c2fde7cf7b593ea45b6b6d3096
SHA512

4a6bfbe30f0291bf7a063e8d84f661dda2ccd18dc941ef8b1da40f47700d3cb77f6f23c4d6294163b04646acc47c7020aa5aadf005c1310c41126d7a3ce3894d
SSDEEP

3072:luZ1MRpafezoaZNTStA24aIzxH+J8Dk5:luZyafGoUlE49+l5

Score

N/A

Malware Config

Signatures

Files

18a4b75b971e6a8195a2afd3684e8f49f88429c2fde7cf7b593ea45b6b6d3096
.exe windows x86

4b0f4bab2c8e7ff627061aaea7d41dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
ReadFile
GetCurrentThread
CreateDirectoryW
MapViewOfFileEx
SetHandleCount
FileTimeToLocalFileTime
CreateThread
GetEnvironmentStringsW
ResetEvent
DeleteFileW
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
RtlUnwind
SetUnhandledExceptionFilter
GetDateFormatA
CreateEventA
OpenProcess
SuspendThread
FreeEnvironmentStringsW
EnterCriticalSection
GetStringTypeA
Sleep
lstrlenA
VirtualFree
VirtualAllocEx
DeviceIoControl
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleW
InitializeCriticalSection
GetThreadContext
InterlockedIncrement
GetLastError
FindNextFileW
ExpandEnvironmentStringsA
WaitForSingleObject
GetModuleFileNameA
SystemTimeToFileTime
TlsGetValue
FindClose
GetModuleHandleA
MoveFileExW
Process32FirstW
GetStartupInfoA
QueryPerformanceCounter
GetDriveTypeA
GlobalUnlock
LCMapStringW
GetStdHandle
OpenThread
VirtualFreeEx
CreateNamedPipeA
VirtualQuery
GetFileSizeEx
MultiByteToWideChar
Thread32Next
RaiseException
GetVersionExA
CreateProcessA
GetTimeFormatA
GetEnvironmentStrings
SetThreadContext
GetCurrentProcessId
TerminateProcess
IsValidLocale
GetCurrentThreadId
GetConsoleOutputCP
CreateEventW
SetEnvironmentVariableA
GetLocaleInfoW
SetEnvironmentVariableW
GlobalFree
LCMapStringA
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
GetOEMCP
InterlockedDecrement
DuplicateHandle
CopyFileW
GetFullPathNameW
VirtualAlloc
GetFullPathNameA
FatalAppExitA
FileTimeToSystemTime
TlsAlloc
WaitForSingleObjectEx
GetCPInfo
TryEnterCriticalSection
FlushInstructionCache
WriteFile
WriteProcessMemory
GetFileType
InterlockedExchange
FindFirstFileW
GetFileInformationByHandle
CreateMutexW
GetSystemInfo
SetFileAttributesW
OpenFileMappingA
GetStringTypeW
SetFilePointer
GetConsoleCP
CreateToolhelp32Snapshot
IsValidCodePage
HeapReAlloc
GetConsoleMode
HeapAlloc
VirtualProtect
GetProcessHeap
GetFileAttributesW
CompareStringW
LeaveCriticalSection
LoadLibraryA
ExitThread
WriteFileEx
GetCurrentDirectoryA
SetLastError
GetACP
SetEndOfFile
OutputDebugStringA
IsDebuggerPresent
WideCharToMultiByte
Thread32First
PeekNamedPipe
TlsSetValue
EnumSystemLocalesA
SetStdHandle
CreateProcessW
FindFirstFileA
RemoveDirectoryW
GlobalLock
CloseHandle
CompareStringA
GetCurrentDirectoryW
DeleteCriticalSection
GlobalAlloc
SetCurrentDirectoryW
GetPrivateProfileStringA
FreeLibrary
HeapFree
ResumeThread
FlushFileBuffers
InterlockedCompareExchange
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
DisconnectNamedPipe
GetLocaleInfoA
CreateFileA
TlsFree
UnmapViewOfFile
GetCommandLineA
WriteConsoleA
ConnectNamedPipe
SetConsoleCtrlHandler
ReadFileEx
Process32NextW
SetCurrentDirectoryA
SetEvent
LocalFree
VirtualProtectEx
GetProcAddress
HeapCreate
HeapDestroy
LoadLibraryW
GetUserDefaultLangID
GetTickCount
OutputDebugStringW
GetCommandLineW
ExitProcess
FormatMessageA
GetSystemDefaultLangID

user32

ScreenToClient
PostMessageW
SetForegroundWindow
SetWindowsHookExW
InvalidateRect
GetSystemMetrics
CloseClipboard
DefWindowProcW
CreateWindowExA
DefWindowProcA
CreateWindowExW
SendMessageW
InflateRect
OpenClipboard
SetClipboardData
GetWindowLongW
EndPaint
GetClientRect
FindWindowW
SetFocus
RegisterClassExA
EmptyClipboard
LoadCursorA
GetDC
SetWindowsHookExA
SetWindowLongW
MessageBoxA
LoadCursorW
TranslateMessage
TrackMouseEvent
LoadImageW
PostQuitMessage
UnregisterClassW
LoadIconA
IsZoomed
ScrollDC
UnhookWindowsHookEx
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
SetWindowRgn
wsprintfW
DispatchMessageW
LoadIconW
PtInRect
CallNextHookEx
ShowWindow
GetWindowLongA
GetMessageW
BringWindowToTop
BeginPaint
GetWindowThreadProcessId
RegisterClassExW
SetWindowLongA
MessageBoxW

gdi32

StretchBlt
DeleteObject
DeleteDC
GetObjectA
CreateCompatibleDC
SetTextColor
CreateRectRgn
SetBkMode
CreateCompatibleBitmap
CreatePen
Polygon
StretchDIBits
SelectClipRgn
GetStockObject
SelectObject
GetDeviceCaps
BitBlt
CreateDIBSection
TextOutA

advapi32

CryptAcquireContextW
RegOpenKeyExA
CryptDeriveKey
CryptCreateHash
SetSecurityDescriptorDacl
CryptDestroyKey
CryptDecrypt
RegQueryValueExW
OpenProcessToken
CryptReleaseContext
AdjustTokenPrivileges
CryptHashData
RegCloseKey
CryptDestroyHash
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
LookupPrivilegeValueA

shell32

ShellExecuteA
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

winmm

PlaySoundW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
PFXImportCertStore

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

secur32

AcceptSecurityContext
AcquireCredentialsHandleW
EncryptMessage
QueryContextAttributesA
FreeCredentialsHandle
InitializeSecurityContextW
DecryptMessage
QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextA

msvcrt

memset
_CIsin
_vsnwprintf

Sections

.text1
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b0f4bab2c8e7ff627061aaea7d41dfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winmm

crypt32

rpcrt4

secur32

msvcrt

Sections

.text1 Size: 101KB - Virtual size: 100KB

.itext Size: 17KB - Virtual size: 16KB

.data Size: - Virtual size: 30KB

.rsrc Size: 7KB - Virtual size: 7KB

.idat_0 Size: 2KB - Virtual size: 1KB

.text1
Size: 101KB - Virtual size: 100KB

.itext
Size: 17KB - Virtual size: 16KB

.data
Size: - Virtual size: 30KB

.rsrc
Size: 7KB - Virtual size: 7KB

.idat_0
Size: 2KB - Virtual size: 1KB