9c0904a263e7058ed641ed881de83a98861e9314e0d03d41d837a922afd7ff1b

Sharing

Copy URL Twitter E-mail

General

Target

9c0904a263e7058ed641ed881de83a98861e9314e0d03d41d837a922afd7ff1b
Size

4.4MB
MD5

fff7b4d453f3409c23ce08a2ba61eb42
SHA1

0e7378e229780dc2a512400f819dc45150e1b3ba
SHA256

9c0904a263e7058ed641ed881de83a98861e9314e0d03d41d837a922afd7ff1b
SHA512

bec68ee39f0202ed04516d9b0ccbbea650680117d4b88c3880af01e047fafa9aa89eff078679ec025736bf27834dc101112ee352c947c6706c93ed884406ff73
SSDEEP

98304:q3+lR1vG5ic1M2wU4VH/fM74zZBsPIfJZ9lOBED8/:flRYwdH/E7+pOBED8/

Score

N/A

Malware Config

Signatures

Files

9c0904a263e7058ed641ed881de83a98861e9314e0d03d41d837a922afd7ff1b
.exe windows x86

06384ad67b7d138489d601812f67b684

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
LocalFree
GetCurrentThreadId
CreateEventA
CreateProcessA
WaitForSingleObject
ReadFile
GetFileSize
CreateFileW
lstrcmpA
WriteFile
CreateFileA
RemoveDirectoryA
FindNextFileA
FindClose
FindFirstFileA
Process32NextW
OpenProcess
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
FileTimeToSystemTime
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
CreateDirectoryA
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
WriteConsoleW
SetEndOfFile
DeleteFileW
LoadLibraryA
SetFileAttributesA
SetCurrentDirectoryW
GetModuleFileNameW
GetProcAddress
OutputDebugStringA
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCurrentDirectoryW
GetFileAttributesExW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
HeapDestroy
DeleteFileA
CreateThread
CloseHandle
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
GetFileSizeEx
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
QueryPerformanceCounter
VerifyVersionInfoA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
IsDebuggerPresent
OutputDebugStringW
Sleep
HeapCreate
InitializeCriticalSection
FlushInstructionCache
FindFirstFileW
GetFullPathNameW
FreeResource
GetVersionExW
FreeLibrary
LoadLibraryW
GetLocalTime
GetVersionExA
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA

user32

PostThreadMessageW
SystemParametersInfoW
EnumWindows
GetWindowThreadProcessId
GetActiveWindow
UnregisterClassW
MessageBoxA
SendMessageW
InflateRect
SetWindowPos
MoveWindow
GetSystemMetrics
DestroyWindow
GetWindowTextW
GetForegroundWindow
MsgWaitForMultipleObjects
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
MessageBoxW
ShowWindow
UpdateLayeredWindow
SystemParametersInfoA
DrawTextW
GetDC
ReleaseDC
OffsetRect
DrawIconEx
GetIconInfo
IntersectRect
CharNextW
SetCursor
CopyRect
IsRectEmpty
PtInRect
DestroyIcon
SetTimer
KillTimer
SetRect
UnionRect
EqualRect
IsWindow
LoadCursorW
DestroyCursor
PostMessageW
PostQuitMessage
EnableWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
GetDlgItem
GetClientRect
GetWindowRect
MapWindowPoints
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
GetClassNameW
LoadBitmapW
CreateIconFromResource
LoadImageW
GetFocus
GetKeyState
CharLowerBuffW
MapVirtualKeyA
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ClientToScreen
EnableMenuItem
GetSysColor
IsWindowVisible

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA

ole32

OleUninitialize
CoCreateInstance
CreateStreamOnHGlobal
IIDFromString
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CoCreateGuid
OleInitialize
OleLockRunning

shlwapi

PathFileExistsA
StrToIntExW
PathFileExistsW

ws2_32

WSASetLastError
socket
WSAIoctl
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
send
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostname
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
ntohl
setsockopt

crypt32

CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenUrlW
InternetOpenA
InternetGetConnectedState

gdiplus

GdipCreateBitmapFromFile
GdipAlloc
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipGetPropertyItem
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipGetImageWidth
GdipDisposeImage
GdipSaveImageToFile
GdipGetPropertyItemSize
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

wldap32

ord200
ord301
ord143
ord30
ord79
ord35
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33

gdi32

SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
GetCurrentObject
GetViewportOrgEx
SelectClipRgn
EnumFontsW
CreateRoundRectRgn
CreateBitmap
GetDeviceCaps
IntersectClipRect
CreateFontIndirectW
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
StretchBlt
EnumFontFamiliesExW
GetRegionData
GetCharABCWidthsW
ExtCreateRegion
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
SetGraphicsMode

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA

oleaut32

SysFreeString
SysAllocString

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06384ad67b7d138489d601812f67b684

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

ws2_32

crypt32

wininet

gdiplus

imm32

wldap32

gdi32

advapi32

oleaut32

usp10

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 57KB - Virtual size: 146KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 121KB - Virtual size: 121KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 57KB - Virtual size: 146KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 121KB - Virtual size: 121KB