f2371538b563202d26c8cb854c0888fb1eaaab570551dcb9bca267a65d195d4c

Sharing

Copy URL

Twitter E-mail

General

Target

f2371538b563202d26c8cb854c0888fb1eaaab570551dcb9bca267a65d195d4c
Size

1.2MB
MD5

1a68e573af09324b3fc3bacd9beeb442
SHA1

071cf88646a63365e3261f474dc61f43a346f536
SHA256

f2371538b563202d26c8cb854c0888fb1eaaab570551dcb9bca267a65d195d4c
SHA512

3322b917ff3d39f6e867e3a9506a912212273ec20f2bfb36eb0edb9812ac66a283e53b3872d4835be61ef85d00b8ca6182e188960217491048db4bb98bfee595
SSDEEP

24576:LGHAZGHtpCVFENiAzSngLOARai0kzBC88bC1mBW29aB4oOU9+uuiDgjw4BSn8P:LVFEbfZ688MmBWka7EIDgxu8P

Score

N/A

Malware Config

Signatures

Files

f2371538b563202d26c8cb854c0888fb1eaaab570551dcb9bca267a65d195d4c
.exe windows x86

67ccef4a3b04199d1dadf894a7d560da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetCrackUrlA
InternetQueryOptionW
InternetSetOptionW

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcesses

kernel32

MultiByteToWideChar
lstrlenA
CreateMutexW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
GetCommandLineW
GetModuleHandleW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetProcessTimes
GetSystemTimeAsFileTime
CreateProcessW
GetStartupInfoW
LoadLibraryExW
ReleaseMutex
WaitForSingleObject
FreeLibrary
TerminateProcess
OpenProcess
GetProcAddress
LoadLibraryW
GetVolumeInformationW
DeleteFileW
FindCloseChangeNotification
FindNextChangeNotification
ResetEvent
WaitForMultipleObjects
FindFirstChangeNotificationW
CreateEventW
GetFileAttributesW
lstrcpynW
GetFileInformationByHandle
GetStdHandle
LCMapStringW
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResumeThread
ExitThread
FindFirstFileExA
GetDriveTypeA
HeapSetInformation
ExitProcess
DecodePointer
EncodePointer
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
GlobalHandle
HeapDestroy
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateWaitableTimerW
SetWaitableTimer
PulseEvent
OpenEventW
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
HeapFree
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
PostQueuedCompletionStatus
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetVersionExA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
FlushFileBuffers
GetFileAttributesA
FormatMessageW
InitializeCriticalSection
FormatMessageA
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameA
GetFullPathNameW
ReadFile
GlobalFree
GetVersionExW
SetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
GetLastError
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
CreateThread
CloseHandle
Sleep
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
WriteFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileW
GetTempFileNameA
FindClose
CopyFileW
CreateDirectoryW
FindFirstFileW
RaiseException
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
PeekNamedPipe
CreateFileW
GetTickCount
InterlockedExchange
GetLocaleInfoW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
GetFileType
GetCurrentDirectoryW
SetCurrentDirectoryW
FatalAppExitA
HeapAlloc
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetConsoleCtrlHandler

user32

GetWindowRect
PostMessageW
UpdateLayeredWindow
GetWindowThreadProcessId
IsRectEmpty
GetWindowLongW
SetWindowLongW
DestroyWindow
UnregisterClassA
GetSystemMetrics
CreatePopupMenu
AppendMenuW
DestroyMenu
SetForegroundWindow
TrackPopupMenu
LoadIconW
PostQuitMessage
MessageBoxW
DialogBoxParamW
LoadStringW
SetDlgItemTextW
BringWindowToTop
IsZoomed
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
LoadImageW
SetWindowRgn
FindWindowW
GetCursorPos
ShowWindow
PostThreadMessageW
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetWindowContextHelpId
SendDlgItemMessageW
EndDialog
MapDialogRect
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsIconic
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextW
GetSysColor
GetForegroundWindow
GetWindow
DefWindowProcW
IsWindowVisible
SetWindowPos
EqualRect
SetParent
InvalidateRect
wvsprintfW

gdi32

CreateDCW
CreatePatternBrush
CreateICW
GetDIBits
ExtCreateRegion
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
CreateDIBSection

advapi32

LookupPrivilegeValueW
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
GetUserNameW

shell32

SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
SHGetFolderPathA
ShellExecuteExW

ole32

CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysStringLen
VariantChangeType
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString

ws2_32

ntohs
getsockname
gethostbyname
gethostname
WSASend
WSAWaitForMultipleEvents
WSARecv
WSAAccept
shutdown
connect
listen
bind
htons
WSACloseEvent
WSAGetLastError
WSACleanup
ntohl
WSAIoctl
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
socket
closesocket
htonl
WSAStartup
inet_ntoa

Sections

.text
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67ccef4a3b04199d1dadf894a7d560da

Headers

DLL Characteristics

File Characteristics

Imports

wininet

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 980KB - Virtual size: 980KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 17KB - Virtual size: 44KB

.rsrc Size: 46KB - Virtual size: 46KB

.yrdata Size: 72KB - Virtual size: 72KB

.text
Size: 980KB - Virtual size: 980KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 17KB - Virtual size: 44KB

.rsrc
Size: 46KB - Virtual size: 46KB

.yrdata
Size: 72KB - Virtual size: 72KB