1e547163d71fab52408443b96afe24e4a3828ddb5e00647ab300af2275ae2f1c

Sharing

Copy URL Twitter E-mail

General

Target

1e547163d71fab52408443b96afe24e4a3828ddb5e00647ab300af2275ae2f1c
Size

501KB
MD5

298e98aafccd7b585e12a2ce72f11e81
SHA1

d7da045d0e85a7cffa9fb9293a78a08167c334f5
SHA256

1e547163d71fab52408443b96afe24e4a3828ddb5e00647ab300af2275ae2f1c
SHA512

60bdc68688e284e789bc8009c69a5884678f7232801e3a23bc591bcba43a26225e2ac6c02116f540dc146217dd5f1dbb5eaa1f1099745bd49c9262ddb583c7cf
SSDEEP

6144:Ai+pO+GvWWqkgc6oOmu6td/HYnVFfGydiZWuPRs4Qz8sa2jc:Yc/gaZKUu5z8sV

Score

N/A

Malware Config

Signatures

Files

1e547163d71fab52408443b96afe24e4a3828ddb5e00647ab300af2275ae2f1c
.exe windows x86

470fd4f20949f5f71685fc75ffb83d43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DecryptFileW
EncryptFileW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

kernel32

GetExitCodeThread
InterlockedDecrement
GlobalReAlloc
InterlockedIncrement
DeleteFileW
MoveFileExW
lstrcmpW
IsDBCSLeadByte
LoadLibraryW
GetACP
GetThreadLocale
GetModuleHandleA
HeapSetInformation
RegisterApplicationRestart
GetModuleHandleW
GetTickCount
lstrcmpiW
GetProcAddress
SetEndOfFile
FindFirstFileW
GlobalAddAtomW
GlobalDeleteAtom
LocalAlloc
LocalFree
SetErrorMode
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MulDiv
GetNumberFormatW
GetLocaleInfoW
SetFileAttributesW
SetFileTime
lstrlenW
GlobalAlloc
CloseHandle
DeviceIoControl
RaiseException
LoadLibraryA
FreeLibrary
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GlobalFree
GlobalUnlock
GetFileAttributesW
GetFileTime
FindFirstStreamW
FindNextStreamW
CreateFileW
GetLastError
ReadFile
WriteFile
GlobalLock
FindClose

gdi32

GetStockObject
CreatePalette
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
RestoreDC
GetLayout
Polyline
CreatePolygonRgn
SetROP2
PolyBezier
SetViewportOrgEx
EnumFontFamiliesExW
EnumFontFamiliesW
GetTextColor
GetBkMode
TranslateCharsetInfo
StretchDIBits
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateDCW
CreateFontIndirectW
GetRgnBox
CombineRgn
CreateRectRgn
RoundRect
ExtFloodFill
SetBrushOrgEx
UnrealizeObject
MoveToEx
LineTo
SetPixel
Ellipse
SetStretchBltMode
CreatePen
GetDIBits
CreateHalftonePalette
GetPixel
Polygon
OffsetRgn
StretchBlt
CreateDIBitmap
CreateDIBSection
SetDIBitsToDevice
GetObjectW
CreateRectRgnIndirect
CreateICW
CreateCompatibleDC
BitBlt
GetTextExtentPoint32W
GetTextMetricsW
SetTextAlign
SelectObject
PatBlt
SetBkColor
SetTextColor
SetBkMode
CreateCompatibleBitmap
RealizePalette
SelectPalette
DeleteDC
DeleteObject
SetDIBits
CreateBitmap
GetDeviceCaps
GetPaletteEntries
SetPaletteEntries
GetNearestPaletteIndex
ResizePalette
CreateSolidBrush
CreatePatternBrush
GetCurrentObject
GetDIBColorTable
FillRgn
Rectangle
SetDIBColorTable
GetNearestColor

user32

HideCaret
SetCaretPos
GetCaretPos
GetWindow
RedrawWindow
ValidateRect
GetUpdateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextW
TabbedTextOutW
SetWindowLongW
IsMenu
GetMenu
EnableMenuItem
DestroyIcon
SetProcessDPIAware
SystemParametersInfoW
IsWindowVisible
CheckMenuItem
GetClassInfoW
LoadIconW
GetSystemMenu
PostMessageW
RemoveMenu
SetCursor
GetWindowLongW
SetPropW
LoadCursorW
GetFocus
ShowCaret
SetActiveWindow
ClientToScreen
BringWindowToTop
LoadMenuW
ShowCursor
ReleaseCapture
GetSysColorBrush
KillTimer
SetTimer
EqualRect
IsRectEmpty
GetKeyState
GetCursorPos
WindowFromPoint
SetRectEmpty
InflateRect
LoadBitmapW
SendMessageW
GetWindowRect
UpdateWindow
InvalidateRect
EnableWindow
GetSysColor
IsWindow
GetSystemMetrics
SetRect
MessageBeep
GetParent
MessageBoxW
SetWindowTextW
ReleaseDC
DrawFocusRect
GetDC
CreateCaret
DestroyCaret
SetCapture
SetClassLongW
PtInRect
OffsetRect
FillRect
GetClientRect
FrameRect
GetCapture
IsClipboardFormatAvailable
RegisterClipboardFormatW
CopyRect
IntersectRect
GetKeyboardLayout
LoadStringW
DestroyWindow
EnableScrollBar
MsgWaitForMultipleObjectsEx
PeekMessageW
GetDlgItem
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SendDlgItemMessageW
GetSubMenu
UnionRect
ScreenToClient

mfc42u

ord2100
ord5677
ord3693
ord765
ord6006
ord6381
ord3313
ord5438
ord3971
ord996
ord3974
ord2767
ord5808
ord3570
ord287
ord6135
ord610
ord713
ord1258
ord6137
ord4292
ord4128
ord2105
ord6107
ord414
ord5142
ord3591
ord4491
ord1704
ord5855
ord1795
ord1644
ord2455
ord1259
ord2112
ord5879
ord3312
ord2079
ord4143
ord616
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord5076
ord1705
ord6049
ord327
ord642
ord4230
ord807
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord4263
ord5878
ord1809
ord1922
ord1560
ord3658
ord825
ord4260
ord4803
ord2606
ord2406
ord1569
ord6065
ord6211
ord3792
ord5035
ord3621
ord2385
ord268
ord2855
ord3566
ord1634
ord1143
ord3701
ord1633
ord5781
ord800
ord796
ord540
ord529
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2436
ord5254
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5275
ord4347
ord6365
ord5157
ord2377
ord5230
ord4398
ord1768
ord4073
ord6051
ord1702
ord5079
ord2381
ord4116
ord5467
ord4051
ord4359
ord6150
ord2577
ord640
ord2397
ord5785
ord323
ord1710
ord5047
ord4155
ord613
ord6063
ord3477
ord289
ord5996
ord2109
ord5777
ord3480
ord2522
ord2706
ord3289
ord1863
ord1081
ord2753
ord5601
ord6928
ord1184
ord823
ord861
ord350
ord3611
ord3122
ord5647
ord1165
ord1662
ord2644
ord415
ord958
ord1971
ord665
ord5180
ord354
ord6325
ord5787
ord2442
ord715
ord3785
ord538
ord1172
ord2859
ord4078
ord4219
ord1262
ord2810
ord858
ord4273
ord5679
ord1127
ord641
ord2879
ord1130
ord1834
ord2505
ord293
ord1257
ord5616
ord941
ord5568
ord2910
ord3568
ord324
ord3592
ord4419
ord2438
ord5257
ord5276
ord6370
ord5237
ord4401
ord1767
ord6048
ord2506
ord4992
ord4370
ord5261
ord2755
ord4229
ord535
ord6195
ord3087
ord6330
ord2634
ord4847
ord2933
ord1775
ord4704
ord4050
ord2854
ord2914
ord283
ord1771
ord2286
ord2354
ord755
ord470
ord2281
ord2362
ord2444
ord5869
ord6153
ord5147
ord4225
ord2371
ord5784
ord5790
ord5783
ord298
ord3578
ord5244
ord4358
ord620
ord4753
ord3687
ord3867
ord2066
ord4470
ord5947
ord5977
ord3090
ord4768
ord4532
ord922
ord5579
ord940
ord4124
ord5706
ord536
ord4199
ord5641
ord4315
ord816
ord562
ord4018
ord6115
ord6190
ord1941
ord4270
ord818
ord5286
ord3649
ord2576
ord4215
ord2430
ord2858
ord1637
ord3133
ord567
ord1230
ord3747
ord6124
ord6266
ord3490
ord6168
ord3016
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord1707
ord790
ord739
ord747
ord736
ord4421
ord5248
ord4430
ord1658
ord2641
ord5281
ord5233
ord4072
ord4149
ord2873
ord2874
ord3398
ord5472
ord975
ord5006
ord4298
ord4461
ord5097
ord5094
ord3054
ord2382
ord2715
ord4464
ord5000
ord1688
ord2433
ord3249
ord4940
ord4407
ord5728
ord3711
ord3397
ord5491
ord2096
ord4454
ord5652
ord5028
ord439
ord450
ord442
ord4237
ord4787
ord674
ord366
ord5278
ord4146
ord5468
ord3345
ord2084
ord4451
ord5048
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord748
ord4424
ord4617
ord3256
ord6171
ord6077
ord3193
ord3449
ord4381
ord2394
ord4417
ord5240
ord2502
ord6332
ord3061
ord3055
ord4691
ord3245
ord3782
ord3444
ord1003
ord5623
ord6340
ord3509
ord5019
ord3412
ord2986
ord4622
ord5497
ord4410
ord4994
ord4599
ord3101
ord5015
ord4485
ord4996
ord4910
ord4634
ord4511
ord2163
ord2429
ord4944
ord3182
ord4820
ord4855
ord4951
ord5650
ord4610
ord5014
ord6193
ord4488
ord1196
ord5734
ord4615
ord5573
ord1144
ord2776
ord4651
ord1255
ord2721
ord6466
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord4819
ord4854
ord4950
ord1740
ord456
ord4356
ord5082
ord4442
ord4675
ord1263
ord1229
ord3865
ord4493
ord4869
ord4904
ord4504
ord4589
ord5024
ord4989
ord5153
ord6191
ord4718
ord4609
ord3614
ord4269
ord743
ord815
ord3733
ord4616
ord5710
ord5285
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord2717
ord6371
ord1197
ord4604
ord459
ord561
ord5496
ord2550
ord942
ord5712
ord5713
ord2028
ord986
ord6133
ord520

msvcrt

_vsnwprintf
__CxxFrameHandler3
memset
_CxxThrowException
??_V@YAXPAX@Z
memcpy
??_U@YAPAXI@Z
_wsplitpath_s
_wtoi
_ltow
_wtol
free
_wgetdcwd
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
rand
_ftol2_sse
__wgetmainargs
_beginthreadex
_CIpow
_ltow_s
_wcsdup
__argc
__wargv
_purecall
_ftol2
_wcsicmp

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoCreateInstance
CLSIDFromString
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium
FreePropVariantArray
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

shell32

SHChangeNotify
SHGetFolderPathEx
SHParseDisplayName
SHCreateShellItem
SHBindToParent
ord155
ord75
ShellAboutW

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext

ntdll

WinSqmAddToStream

comctl32

ord345

shlwapi

StrRStrIW
PathRemoveFileSpecW
PathStripPathW

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bddiyvs
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

470fd4f20949f5f71685fc75ffb83d43

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comdlg32

ole32

oleaut32

shell32

imm32

ntdll

comctl32

shlwapi

Sections

.text Size: 259KB - Virtual size: 259KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 66KB - Virtual size: 67KB

bddiyvs Size: - Virtual size: 4KB

.text
Size: 259KB - Virtual size: 259KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 66KB - Virtual size: 67KB

bddiyvs
Size: - Virtual size: 4KB