8e369f513742053eee9f13f2b5a8e432a6606e341ce53f995ab047d5ad921565

Sharing

Copy URL Twitter E-mail

General

Target

8e369f513742053eee9f13f2b5a8e432a6606e341ce53f995ab047d5ad921565
Size

133KB
MD5

797228e0ce30c67d3550afc5f9bb6100
SHA1

26efc7f850db9efa7362a20d5e0bb9f7213128b7
SHA256

8e369f513742053eee9f13f2b5a8e432a6606e341ce53f995ab047d5ad921565
SHA512

6092ff5c29bf0d7b9ab9d793c2c0d68911cf4128cd1f3efc34c560f9add92c9f530d910b94e25786e0edbe0046e80259431253d06ebc9fcb45539bd28aad6f0f
SSDEEP

3072:BsUqeDPqlidKJKJInWGvUAWBfOh02qJVz/iqVR60BO5ZoEHbKk0QQaIB:BPqeDPb6LWGvUAWBfKqJVz/iqVR6vZoL

Score

N/A

Malware Config

Signatures

Files

8e369f513742053eee9f13f2b5a8e432a6606e341ce53f995ab047d5ad921565
.exe windows x86

a2a4e85817449f29a1e78b5f72a8012b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
CreateEventW
WaitForMultipleObjects
MoveFileExW
GetTickCount
GetModuleFileNameW
GetUserDefaultUILanguage
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
Process32NextW
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetThreadContext
SetThreadContext
GlobalLock
GlobalUnlock
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetProcessId
Process32FirstW
TerminateThread
VirtualFreeEx
OpenProcess
CreateRemoteThread
CreateProcessW
SetThreadPriority
GetCurrentThread
GetLocalTime
LocalFree
GetTimeZoneInformation
GetVersionExW
CloseHandle
GetSystemTime
CreateThread
WaitForSingleObject
GetModuleHandleW
GetPrivateProfileStringW
WriteFile
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetPrivateProfileIntW
GetProcAddress
GetNativeSystemInfo
WriteProcessMemory
LoadLibraryA
ResetEvent
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLogicalDrives
GetDriveTypeW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
Sleep
LoadLibraryW
SetEvent
CreateDirectoryW
FreeLibrary
ExitProcess
GetFileAttributesExW
lstrcmpiW
InitializeCriticalSection

user32

MsgWaitForMultipleObjects
GetClipboardData
TranslateMessage
CharLowerBuffA
GetCursorPos
GetIconInfo
CharLowerA
DrawIcon
ToUnicode
GetKeyboardState
CharLowerW
LoadImageW
CharToOemW
ExitWindowsEx
DispatchMessageW
CharUpperW
PeekMessageW

advapi32

ConvertSidToStringSidW
InitiateSystemShutdownExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsWellKnownSid
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
GetLengthSid
EqualSid

shlwapi

PathRenameExtensionW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
StrStrIW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
StrStrIA
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathRemoveBackslashW
PathQuoteSpacesW
PathIsURLW
StrCmpNIW
PathRemoveFileSpecW
PathSkipRootW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

listen
WSASetLastError
freeaddrinfo
socket
bind
setsockopt
recv
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
getsockname
accept
getpeername
WSASend
closesocket
send
WSAEventSelect

crypt32

CertOpenSystemStoreW
PFXExportCertStoreEx
PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a4e85817449f29a1e78b5f72a8012b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB