b48b7a37f85f04a99467f7eb23262c944a46ee5c322badf4ad3ffaabdfd4b9cf

Sharing

Copy URL Twitter E-mail

General

Target

b48b7a37f85f04a99467f7eb23262c944a46ee5c322badf4ad3ffaabdfd4b9cf
Size

993KB
MD5

4d7ac75c6461e3172f0ddc9c42754b30
SHA1

b572e7e94084918ccd536c056d8569e78e4034a8
SHA256

b48b7a37f85f04a99467f7eb23262c944a46ee5c322badf4ad3ffaabdfd4b9cf
SHA512

5960fcc9ccc7720fba0bfee0d79453391553602e8262e6d23832f21a888918e7f4ade1d38160b8c202e1e71ff2b72ac17d2ea00ff90f21b218d72760e270a84a
SSDEEP

24576:+yOtjPXkMhWawLB1T9aB/5fb7+u4gOIDSeGcK5I0:Otjfk8WxLB1TcB/5j71aotY5

Score

N/A

Malware Config

Signatures

Files

b48b7a37f85f04a99467f7eb23262c944a46ee5c322badf4ad3ffaabdfd4b9cf
.exe windows x86

eb53f78544e7cf16fd0a3da30a13787a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AddAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegQueryValueExW
GetLengthSid
IsValidSid
CopySid
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumValueW
RegEnumKeyW
FreeSid
SetKernelObjectSecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
DeleteAce
EqualSid
AddAccessAllowedAceEx
GetAce
AllocateAndInitializeSid
GetKernelObjectSecurity

kernel32

FindResourceExW
AssignProcessToJobObject
OpenProcess
SetInformationJobObject
CreateJobObjectW
GetSystemTime
GetWindowsDirectoryW
UnregisterWait
RegisterWaitForSingleObject
OpenEventW
InitializeCriticalSection
TerminateJobObject
GetFileAttributesW
QueueUserWorkItem
SystemTimeToFileTime
DeleteTimerQueueTimer
InterlockedExchange
LockResource
CreateFileW
GetTempFileNameW
GetTempPathW
CreateTimerQueueTimer
DeleteFileW
CreateEventW
CreateTimerQueue
InterlockedIncrement
WideCharToMultiByte
LocalFree
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetExitCodeProcess
CreateProcessW
lstrlenA
WriteFile
GetCurrentThreadId
GetProcessHeap
HeapSetInformation
GetCommandLineW
CloseHandle
LoadLibraryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
CreateThread
Sleep
SetEvent
OpenJobObjectW
CompareFileTime
CompareStringA
CreateFileMappingW
MapViewOfFile
CreateMutexW
DuplicateHandle
ReleaseMutex
UnmapViewOfFile
GetVersionExW
GetUserGeoID
GetGeoInfoW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
ReadFile
FileTimeToLocalFileTime
lstrcmpA
LocalAlloc
SetFileAttributesW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetEndOfFile
SetFilePointer
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
lstrcmpiW
WaitForSingleObject
IsProcessorFeaturePresent
RtlUnwind
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
DeleteTimerQueueEx
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetStartupInfoW
DecodePointer
EncodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

gdi32

GetDeviceCaps

user32

CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
CharLowerBuffW
SystemParametersInfoW
GetWindowRect
SendMessageW
GetActiveWindow
GetDC
SetTimer
CreateWindowExW
RegisterClassW
SetWindowLongW
DefWindowProcW
GetWindowLongW
ReleaseDC

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoCreateInstance
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
StringFromCLSID
CoCreateGuid
CoDisconnectObject
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoInitializeEx
CoSuspendClassObjects
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

oleaut32

SafeArrayDestroy
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
VarUI4FromStr
SysStringLen
VariantChangeType
VarBstrCat
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
VariantInit
VarBstrCmp
SafeArrayGetVartype
LoadRegTypeLi

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
StrRChrW
PathFileExistsW
StrCmpIW
StrStrW

crypt32

CryptMsgClose
CryptUnprotectData
CryptProtectData
CryptDecodeObject
CryptMsgGetParam
CertFreeCertificateChain
CryptHashPublicKeyInfo
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CryptQueryObject

wininet

HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW
HttpSendRequestW

wsock32

recv
WSAAsyncGetHostByName
WSAStartup
send
socket
WSAGetLastError
WSAAsyncSelect
htons
connect
closesocket
shutdown

cabinet

ord22
ord21
ord20
ord23

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb53f78544e7cf16fd0a3da30a13787a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

shlwapi

crypt32

wininet

wsock32

cabinet

Sections

.text Size: 282KB - Virtual size: 281KB

.data Size: 26KB - Virtual size: 34KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 584KB - Virtual size: 2.3MB

.text
Size: 282KB - Virtual size: 281KB

.data
Size: 26KB - Virtual size: 34KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 584KB - Virtual size: 2.3MB