539ef9580573eb31f8fbc941d56365f1376d5161ec787840d5bb91f376bd3ecb

Sharing

Copy URL Twitter E-mail

General

Target

539ef9580573eb31f8fbc941d56365f1376d5161ec787840d5bb91f376bd3ecb
Size

810KB
MD5

75c9ab0aeb9daa6e2bb0b679400dc800
SHA1

7b2adbdd2cbcf876f29f49afc43c427e2791aae9
SHA256

539ef9580573eb31f8fbc941d56365f1376d5161ec787840d5bb91f376bd3ecb
SHA512

cb39fec7540e9aa87d75b12280f040dd23e8591e54a26c2e327f336a6cc69e9ecd7040ed19332118bbe85af3af0733dbb83d2367072fd5fdb26f01eb108ace42
SSDEEP

12288:niDMuFH7b5vYTd4AVL/uJeDuUlMKM57v6YqifwyV4ZJ5nB68aq7Gcr1D/:niY67ud4AV7iRKo6YHf8f5g0z1D/

Score

N/A

Malware Config

Signatures

Files

539ef9580573eb31f8fbc941d56365f1376d5161ec787840d5bb91f376bd3ecb
.exe windows x86

24c7c526cc963bbf51b5fd14bd522c6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedExchange
CompareStringA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ReadFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
lstrlenA
lstrcmpA
CompareStringW
InterlockedIncrement
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleHandleW
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalAlloc
QueryPerformanceFrequency
LocalFree
FormatMessageW
SearchPathW
GetLongPathNameW
GetFileAttributesExW
QueryPerformanceCounter
OutputDebugStringW
SetFilePointer
Sleep
GetCurrentProcessId
WriteFile
GetTempFileNameW
DeleteFileW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLCID
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GlobalMemoryStatusEx
GetStartupInfoW
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
PeekNamedPipe
OpenProcess
CreateFileW
GetFileSizeEx
GetCommandLineW
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
GetSystemTime
GetLocalTime
WaitForSingleObject
SetEvent
ResetEvent
OpenEventW
CreateEventW
TerminateThread
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
GetDiskFreeSpaceExW
GetTempPathW
GetTickCount
CloseHandle
InterlockedCompareExchange
CreateProcessW
GetCurrentThreadId
GetVersionExW
GetProcAddress
FreeLibrary
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
GetModuleFileNameA
GetLastError

user32

RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
GetSystemMetrics
MsgWaitForMultipleObjects
PeekMessageW
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetAsyncKeyState
WaitForInputIdle
MsgWaitForMultipleObjectsEx
SetMenuItemBitmaps
PostQuitMessage
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
SetWindowTextW
GetWindowRect
GetTopWindow

gdi32

PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetUserNameW
BackupEventLogW
CloseEventLog
OpenEventLogW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
CheckTokenMembership

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW

shlwapi

PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24c7c526cc963bbf51b5fd14bd522c6f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

psapi

version

ole32

oleaut32

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 10KB - Virtual size: 28KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 33KB - Virtual size: 33KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 10KB - Virtual size: 28KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 33KB - Virtual size: 33KB

.vmp0
Size: 500KB - Virtual size: 1.6MB