1d2ba7c0d66f90988d157637e54a21a99c78d495eea9a3d09313f0afad2c9e0d

Sharing

Copy URL

Twitter E-mail

General

Target

1d2ba7c0d66f90988d157637e54a21a99c78d495eea9a3d09313f0afad2c9e0d
Size

570KB
MD5

34d72e433363b963087c0c48a6819b88
SHA1

62114d1afcb5744cecee18b1f05dc800bb2af8a7
SHA256

1d2ba7c0d66f90988d157637e54a21a99c78d495eea9a3d09313f0afad2c9e0d
SHA512

4d60b108f0262efadeab04466813a6012b5ffe2da541de01427ccf95b059d2d18b37f4300b6bb715e3fccbd3cc8eb815671bc1f1381f93cb7aa2a7fe45b76ad4
SSDEEP

12288:luBAivmmkyPVlBnSYc1AXJeObfpam6fP3g+nIxdLJ:QBAXRyhn3c6ZT6n7IxdLJ

Score

N/A

Malware Config

Signatures

Files

1d2ba7c0d66f90988d157637e54a21a99c78d495eea9a3d09313f0afad2c9e0d
.exe windows x86

a0b1bb52e667dfbbda5fd41fc5e41a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
WaitForSingleObject
TerminateThread
DeleteFileW
WaitForMultipleObjects
GlobalFree
LockResource
FindResourceExW
WideCharToMultiByte
GetCommandLineW
ResumeThread
CreateThread
ExpandEnvironmentStringsW
CompareStringA
CreateFileA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
ResetEvent
CreateDirectoryW
GetCurrentProcess
Sleep
CloseHandle
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
lstrlenW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFileAttributesW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualQuery
VirtualProtect
ExitThread
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetModuleHandleExW
TryEnterCriticalSection
GetSystemInfo
VirtualAlloc
VirtualFree
FindClose
GetModuleHandleA
FindFirstFileW
SetFileAttributesW
LoadLibraryW
CreateFileW
ReadFile
GetTempPathW
SystemTimeToFileTime
GetSystemTimeAsFileTime
WriteFile
SetLastError
SetFileTime

user32

CharUpperW
MessageBoxW
DispatchMessageW
PostThreadMessageW
LoadStringW
CharNextW
TranslateMessage
wvsprintfA
GetMessageW

advapi32

ReportEventW
RegisterEventSourceW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegQueryValueExW
OpenProcessToken
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
DeregisterEventSource

shell32

SHFileOperationW
ord165
ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateGuid
IIDFromString
StringFromIID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoDisconnectObject
CoInitializeEx
CoUninitialize
CoImpersonateClient
CoRevertToSelf
CoInitializeSecurity
CoCreateInstance
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoSuspendClassObjects

oleaut32

UnRegisterTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
SysAllocStringLen
VarUI4FromStr
VariantClear
LoadTypeLi

shlwapi

PathCanonicalizeW
PathMakePrettyW
PathRemoveArgsW
PathParseIconLocationW
SHCreateStreamOnFileW
PathIsUNCServerW
PathIsRootW
PathFindFileNameW
PathAddExtensionW
PathIsDirectoryW
PathCombineW
PathAddBackslashW
PathFindExtensionW
PathStripPathW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

msi

ord211
ord213
ord88
ord141
ord209
ord169
ord137

xmllite

CreateXmlWriter
CreateXmlReaderInputWithEncodingName
CreateXmlReader
CreateXmlWriterOutputWithEncodingName

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0b1bb52e667dfbbda5fd41fc5e41a3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

userenv

winhttp

msi

xmllite

version

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 17KB - Virtual size: 27KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 17KB - Virtual size: 27KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 33KB - Virtual size: 32KB