e9cf1b3e8934aa13f0260336cc91b545f70bb0993d2279f19d9a3777c51b0f9e

Sharing

Copy URL Twitter E-mail

General

Target

e9cf1b3e8934aa13f0260336cc91b545f70bb0993d2279f19d9a3777c51b0f9e
Size

4.3MB
MD5

683110304898bab1e162c05f7313307c
SHA1

6adfd9a9b16b0d5b2fccd949ecbd4e47471c6eac
SHA256

e9cf1b3e8934aa13f0260336cc91b545f70bb0993d2279f19d9a3777c51b0f9e
SHA512

c60e9bc9cfd83bf85fd32babcabe3879c14983898fdd50f0972ba949fcab814e1607ff94d0de5ac0defb6ca2e605c320995e1e80dc0b24dfd075aad493d0b419
SSDEEP

98304:DHk1+O4VHEjBDu7C5ms35bNRvfN8tFITl:DHkUO4eu+5TxNRvfOtol

Score

N/A

Malware Config

Signatures

Files

e9cf1b3e8934aa13f0260336cc91b545f70bb0993d2279f19d9a3777c51b0f9e
.exe windows x86

915a5be6a94f324fca6a7993df6e0f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
IsValidCodePage
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetEnvironmentStringsW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
HeapReAlloc
VirtualQuery
VirtualProtect
RaiseException
ExitThread
HeapFree
HeapAlloc
RtlUnwind
GetStartupInfoW
SetErrorMode
GetAtomNameW
GetFileSizeEx
GetFileAttributesExW
GetFullPathNameW
DuplicateHandle
UnlockFile
LockFile
lstrcmpiW
GetThreadLocale
GetStringTypeExW
MoveFileW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GlobalGetAtomNameW
GlobalFree
GlobalSize
FormatMessageW
GlobalUnlock
MulDiv
GetModuleHandleA
FreeResource
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetLastError
GlobalAddAtomW
SuspendThread
ResumeThread
GlobalDeleteAtom
GetSystemDirectoryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetComputerNameA
CreateDirectoryA
GetTempPathA
FormatMessageA
CopyFileA
MoveFileA
FindFirstFileA
FindNextFileA
SetCurrentDirectoryA
GetTempPathW
GetFullPathNameA
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GetACP
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
CompareFileTime
GetCurrentDirectoryA
GetOEMCP
LocalAlloc
LocalFree
FlushFileBuffers
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
GetTempFileNameW
IsBadWritePtr
IsBadReadPtr
GetSystemTimeAsFileTime
FileTimeToDosDateTime
CreateProcessW
GetExitCodeProcess
GetFileTime
GetTimeFormatA
GetDateFormatA
RemoveDirectoryA
GetModuleHandleW
GetCurrentProcess
RemoveDirectoryW
GetVersionExW
DeviceIoControl
SystemTimeToFileTime
SetFileTime
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetFileSize
SystemTimeToTzSpecificLocalTime
SetLocalTime
SetSystemTime
CreateFileA
DeleteFileA
SetFilePointer
FindFirstChangeNotificationW
WaitForSingleObject
FindNextChangeNotification
FindCloseChangeNotification
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
SetEvent
SetThreadPriority
GetProcAddress
CreateDirectoryW
ExpandEnvironmentStringsW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileW
GetModuleFileNameW
FileTimeToSystemTime
GetShortPathNameW
GlobalMemoryStatus
GetSystemTime
GetTimeFormatW
GetDateFormatW
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetCurrentThread
GetTimeZoneInformation
GetLogicalDrives
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
LoadResource
LockResource
SizeofResource
FindResourceW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetNamedPipeHandleState
ReadFile
MultiByteToWideChar
lstrlenA
InterlockedDecrement
WideCharToMultiByte
lstrlenW
SetPriorityClass
OpenProcess
GetPriorityClass
FreeLibrary
ExitProcess
GetExitCodeThread
TerminateThread
Sleep
GetCurrentThreadId
GetSystemInfo
CreateThread
GetCurrentProcessId
CreateFileW
GetLastError
WriteFile
CloseHandle
IsValidLocale

user32

GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
FindWindowW
UpdateWindow
LoadCursorW
EnableWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
LoadIconW
RegisterWindowMessageW
PostMessageW
GetSystemMetrics
LoadStringW
DrawIconEx
ReleaseDC
GetWindowDC
DestroyIcon
SendMessageW
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
ShowOwnedPopups
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
InsertMenuItemW
GetWindow
CheckDlgButton
CheckRadioButton
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
IsWindow
GetDlgCtrlID
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
BeginPaint
EndPaint
RemoveMenu
InsertMenuW
AppendMenuW
GetMenuStringW
TranslateAcceleratorW
GetDesktopWindow
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InvalidateRect
LoadAcceleratorsW
ReleaseCapture
GetMenuBarInfo
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
DeleteMenu
GetSysColorBrush
CharUpperW
InflateRect
GetMenuItemInfoW
SystemParametersInfoW
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
UnregisterClassW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
SetRect
WindowFromPoint
GetDCEx
SetWindowLongW
MoveWindow
LockWindowUpdate
SetCapture
GetDialogBaseUnits
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
SetTimer
KillTimer
WaitMessage
GetWindowTextLengthW
GetWindowTextW
SetWindowPos
ScrollWindowEx
SetFocus
ShowWindow

gdi32

GetBkColor
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontIndirectW
CreateDCW
CopyMetaFileW
CreateHatchBrush
ExtCreatePen
StretchDIBits
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
GetCharWidthW
CreateFontW
CreatePen
DPtoLP
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
GetDIBits
PatBlt
CreateSolidBrush
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
GetTextMetricsW
SetROP2

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueA
CryptGenRandom
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyW
FreeSid
GetUserNameA
CryptDestroyKey
CryptReleaseContext
CryptGenKey
CryptGetProvParam
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegSetValueW
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptEnumProvidersA
CryptExportKey
CryptImportKey
CryptDeriveKey
CryptGetUserKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA

shell32

ExtractIconExW
ShellExecuteExW
DragFinish
DragQueryFileW
ExtractIconW
SHGetFileInfoW
ExtractAssociatedIconW

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW

wsock32

gethostbyname
gethostname
closesocket
setsockopt
shutdown
ioctlsocket
WSAGetLastError
recv
send
inet_ntoa
connect
htons
listen
getservbyname
gethostbyaddr
getservbyport
socket
inet_addr
ntohs
getsockname
getpeername
WSAStartup
WSACleanup
htonl
accept
bind
WSASetLastError
sendto
recvfrom
WSAAsyncSelect
select
__WSAFDIsSet

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
SetConvertStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
WriteFmtUserTypeStg

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

ws2_32

WSAIoctl

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

dzip32

dzip

dunzip32

dunzip

crypt32

CryptSignMessage
CryptEncodeObject
CryptVerifyDetachedMessageSignature
CertDuplicateCertificateContext
CryptDecodeMessage
CryptDecryptMessage
CryptEncryptMessage
CryptVerifyMessageSignature
CertVerifyRevocation
CryptDecodeObject
CertGetIntendedKeyUsage
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
PFXExportCertStoreEx
CertStrToNameA
CertCreateSelfSignCertificate
CertGetCertificateContextProperty
CertCreateCertificateContext
CryptAcquireCertificatePrivateKey
CertSetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrA
CertDuplicateStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertSaveStore
CertDeleteCertificateFromStore
CertGetSubjectCertificateFromStore
PFXImportCertStore
PFXVerifyPassword
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CertVerifyCertificateChainPolicy
CertOpenSystemStoreA

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 781KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

915a5be6a94f324fca6a7993df6e0f70

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

wsock32

ole32

oleaut32

ws2_32

oleacc

dzip32

dunzip32

crypt32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 483KB - Virtual size: 483KB

.data Size: 781KB - Virtual size: 2.2MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 483KB - Virtual size: 483KB

.data
Size: 781KB - Virtual size: 2.2MB

.rsrc
Size: 4KB - Virtual size: 4KB