70f13ba37cb1b80cf48294ab923b5041a4aeb9e677be352869101d3139601186

Sharing

Copy URL

Twitter E-mail

General

Target

70f13ba37cb1b80cf48294ab923b5041a4aeb9e677be352869101d3139601186
Size

121KB
MD5

4858bf8d5cd326f799964f784a42bd10
SHA1

c2618be45ae2536f0dcc9981c5324234970326fb
SHA256

70f13ba37cb1b80cf48294ab923b5041a4aeb9e677be352869101d3139601186
SHA512

e55520a5990fd3218861f69e5e5118d09b7921ba940457ba6cf56da1cdf047e9978a492784321201b2cb1c9a0149c5bb58e74d9803be004e5b5ff10fc6a00a21
SSDEEP

3072:1isS7im8UeERWPeUgGtHwePbLH5ovId2aM2504:1NSGZUeERWmUgGxwaLH5oDac

Score

N/A

Malware Config

Signatures

Files

70f13ba37cb1b80cf48294ab923b5041a4aeb9e677be352869101d3139601186
.exe windows x86

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__CxxFrameHandler
calloc
strncpy
strtoul
sprintf
_snwprintf
wcsrchr
iswalpha
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_purecall
realloc
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit
_controlfp
swscanf
iswdigit
iswcntrl
_vsnprintf
wcsncmp
wcschr
_wtoi
wcscmp
towupper
wcsncpy
_strnicmp
strchr
wcscspn
wcsspn
__dllonexit
iswascii
_snprintf
_beginthreadex
_ultoa
_except_handler3
_stricmp
sscanf
malloc
free
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_ultow
wcslen

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegEnumValueW
RegDeleteValueW
GetTokenInformation
OpenProcessToken
GetAce
GetAclInformation
AddAce
AddAccessDeniedAce
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
AddAccessAllowedAce
EqualSid
DeleteAce
RegOpenKeyExW

kernel32

HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateThread
CreateSemaphoreA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
InterlockedDecrement
IsDBCSLeadByte
lstrcmpiA
lstrcatA
lstrcpynA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
CreateEventA
HeapSize
WaitForSingleObjectEx
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetEvent
InterlockedCompareExchange
LocalFree
LoadLibraryW
LocalAlloc
GetVersionExW
WaitForSingleObject
CreateEventW
GetSystemDirectoryA
GetModuleFileNameW
GetExitCodeProcess
OpenProcess
GetComputerNameW
GetModuleHandleA
SetThreadPriority
GetCurrentThread
lstrlenA
FreeLibraryAndExitThread

user32

CharNextA
PostThreadMessageA
CharPrevA
DispatchMessageA
GetMessageA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowLongA
DefWindowProcA
PostMessageA

ole32

CoInitialize
CoCreateInstance
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen

wininet

InternetOpenW
HttpOpenRequestW
InternetQueryDataAvailable
HttpSendRequestExW
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
InternetSetOptionA
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
InternetQueryOptionA

wsock32

connect
sendto
recv
WSASetLastError
getservbyport
ntohs
setsockopt
ntohl
WSAStartup
WSACleanup
inet_ntoa
getsockname
getpeername
WSAAsyncSelect
getsockopt
closesocket
shutdown
bind
socket
gethostbyaddr
htons
getservbyname
htonl
inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
send

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lgnkkem
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 29KB - Virtual size: 30KB

lgnkkem Size: - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 29KB - Virtual size: 30KB

lgnkkem
Size: - Virtual size: 4KB