922109f885873b0f793d6d14ea73553eb9aeb53887ad05e9b828d5885dd1160b

Sharing

Copy URL Twitter E-mail

General

Target

922109f885873b0f793d6d14ea73553eb9aeb53887ad05e9b828d5885dd1160b
Size

19KB
MD5

7c42117fafaa15cc51d2b49f6e07c7c0
SHA1

f038e30f9653bc53b3ebe1efa1c70d4790e64bf8
SHA256

922109f885873b0f793d6d14ea73553eb9aeb53887ad05e9b828d5885dd1160b
SHA512

359d2cb61b3c890de86dd105fa3f3f27b513e697116c71c37298c69f5a16eab9accdda92d122ee24807511203f9d6c1aee5d90795c91a882e894882ad1a58570
SSDEEP

384:1WC5PKBIa4CPHqN2Hs2rcQx3Fidq4PeFpUxaXE6JnR1rminKx42:11KOQ42HsmQcR1I3

Score

N/A

Malware Config

Signatures

Files

922109f885873b0f793d6d14ea73553eb9aeb53887ad05e9b828d5885dd1160b
.exe windows x86

803bfa328755123efc0a56c024203d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfA
StrStrIW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
wvnsprintfW

wininet

DeleteUrlCacheEntryW
InternetCrackUrlA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
InternetConnectA

gdiplus

GdipFree
GdipDrawImageRectI
GdipLoadImageFromFile
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateFromHWND
GdiplusStartup
GdipDeleteGraphics

urlmon

URLDownloadToFileW

kernel32

lstrlenW
SetLastError
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
lstrcpyW
GetFileSize
WriteFile
ReadFile
GlobalAddAtomW
FreeLibrary
Process32FirstW
LoadLibraryA
GetProcAddress
ExitProcess
CreateDirectoryW
Sleep
CreateThread
GetTickCount
CreateFileW
GetFileTime
CloseHandle
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
GetVersionExW
GetLastError
GetVolumeNameForVolumeMountPointW
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
WaitForSingleObject
OpenMutexW
GetCurrentProcess
GetCurrentThread
OpenProcess
TerminateProcess
FlushFileBuffers

user32

EndPaint
DestroyWindow
DispatchMessageW
TranslateMessage
SetWindowPos
ReleaseDC
GetDC
FindWindowW
DefWindowProcW
RegisterHotKey
SetWindowTextW
SendMessageW
RegisterClassW
CreateWindowExW
ShowWindow
GetWindowTextW
InvalidateRect
LoadIconW
BeginPaint
SetFocus
LoadCursorW
GetMessageW
GetWindowTextLengthW

gdi32

CreateFontW
GetStockObject
GetDeviceCaps

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
RegSetValueExW
GetLengthSid

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CLSIDFromString

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

803bfa328755123efc0a56c024203d47

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

gdiplus

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB