865e977009f9b25e82ce1228edbc79a2e3c1cd5a72782da80b398b360a25da6f

Sharing

Copy URL Twitter E-mail

General

Target

865e977009f9b25e82ce1228edbc79a2e3c1cd5a72782da80b398b360a25da6f
Size

128KB
MD5

670d23e3d16dea4815f1cac42ab29d9a
SHA1

0a01eb4808c49d074ae1ab5aa855c09b75548023
SHA256

865e977009f9b25e82ce1228edbc79a2e3c1cd5a72782da80b398b360a25da6f
SHA512

8bf1e5dddb9a946d4ee68d5930b14069f0f6acbdca2ef2a0e3bfea91185d9b581f02c191062b49b9da7caa22db11f0a736964992efd6a9b2f94f11f1dacdc225
SSDEEP

3072:klVfCZeFKPebOtDfMThvA1KbTVJWIGlaIfi3AarI7XxQ/Pwt7xsJ8A1txDk5:k/foQKPfDUxhbTPPP/5rIO/Pwt7JA1tY

Score

N/A

Malware Config

Signatures

Files

865e977009f9b25e82ce1228edbc79a2e3c1cd5a72782da80b398b360a25da6f
.exe windows x86

4b0f4bab2c8e7ff627061aaea7d41dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
ReadFile
GetCurrentThread
CreateDirectoryW
MapViewOfFileEx
SetHandleCount
FileTimeToLocalFileTime
CreateThread
GetEnvironmentStringsW
ResetEvent
DeleteFileW
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
RtlUnwind
SetUnhandledExceptionFilter
GetDateFormatA
CreateEventA
OpenProcess
SuspendThread
FreeEnvironmentStringsW
EnterCriticalSection
GetStringTypeA
Sleep
lstrlenA
VirtualFree
VirtualAllocEx
DeviceIoControl
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleW
InitializeCriticalSection
GetThreadContext
InterlockedIncrement
GetLastError
FindNextFileW
ExpandEnvironmentStringsA
WaitForSingleObject
GetModuleFileNameA
SystemTimeToFileTime
TlsGetValue
FindClose
GetModuleHandleA
MoveFileExW
Process32FirstW
GetStartupInfoA
QueryPerformanceCounter
GetDriveTypeA
GlobalUnlock
LCMapStringW
GetStdHandle
OpenThread
VirtualFreeEx
CreateNamedPipeA
VirtualQuery
GetFileSizeEx
MultiByteToWideChar
Thread32Next
RaiseException
GetVersionExA
CreateProcessA
GetTimeFormatA
GetEnvironmentStrings
SetThreadContext
GetCurrentProcessId
TerminateProcess
IsValidLocale
GetCurrentThreadId
GetConsoleOutputCP
CreateEventW
SetEnvironmentVariableA
GetLocaleInfoW
SetEnvironmentVariableW
GlobalFree
LCMapStringA
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
GetOEMCP
InterlockedDecrement
DuplicateHandle
CopyFileW
GetFullPathNameW
VirtualAlloc
GetFullPathNameA
FatalAppExitA
FileTimeToSystemTime
TlsAlloc
WaitForSingleObjectEx
GetCPInfo
TryEnterCriticalSection
FlushInstructionCache
WriteFile
WriteProcessMemory
GetFileType
InterlockedExchange
FindFirstFileW
GetFileInformationByHandle
CreateMutexW
GetSystemInfo
SetFileAttributesW
OpenFileMappingA
GetStringTypeW
SetFilePointer
GetConsoleCP
CreateToolhelp32Snapshot
IsValidCodePage
HeapReAlloc
GetConsoleMode
HeapAlloc
VirtualProtect
GetProcessHeap
GetFileAttributesW
CompareStringW
LeaveCriticalSection
LoadLibraryA
ExitThread
WriteFileEx
GetCurrentDirectoryA
SetLastError
GetACP
SetEndOfFile
OutputDebugStringA
IsDebuggerPresent
WideCharToMultiByte
Thread32First
PeekNamedPipe
TlsSetValue
EnumSystemLocalesA
SetStdHandle
CreateProcessW
FindFirstFileA
RemoveDirectoryW
GlobalLock
CloseHandle
CompareStringA
GetCurrentDirectoryW
DeleteCriticalSection
GlobalAlloc
SetCurrentDirectoryW
GetPrivateProfileStringA
FreeLibrary
HeapFree
ResumeThread
FlushFileBuffers
InterlockedCompareExchange
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
DisconnectNamedPipe
GetLocaleInfoA
CreateFileA
TlsFree
UnmapViewOfFile
GetCommandLineA
WriteConsoleA
ConnectNamedPipe
SetConsoleCtrlHandler
ReadFileEx
Process32NextW
SetCurrentDirectoryA
SetEvent
LocalFree
VirtualProtectEx
GetProcAddress
HeapCreate
HeapDestroy
LoadLibraryW
GetUserDefaultLangID
GetTickCount
OutputDebugStringW
GetCommandLineW
ExitProcess
FormatMessageA
GetSystemDefaultLangID

user32

ScreenToClient
PostMessageW
SetForegroundWindow
SetWindowsHookExW
InvalidateRect
GetSystemMetrics
CloseClipboard
DefWindowProcW
CreateWindowExA
DefWindowProcA
CreateWindowExW
SendMessageW
InflateRect
OpenClipboard
SetClipboardData
GetWindowLongW
EndPaint
GetClientRect
FindWindowW
SetFocus
RegisterClassExA
EmptyClipboard
LoadCursorA
GetDC
SetWindowsHookExA
SetWindowLongW
MessageBoxA
LoadCursorW
TranslateMessage
TrackMouseEvent
LoadImageW
PostQuitMessage
UnregisterClassW
LoadIconA
IsZoomed
ScrollDC
UnhookWindowsHookEx
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
SetWindowRgn
wsprintfW
DispatchMessageW
LoadIconW
PtInRect
CallNextHookEx
ShowWindow
GetWindowLongA
GetMessageW
BringWindowToTop
BeginPaint
GetWindowThreadProcessId
RegisterClassExW
SetWindowLongA
MessageBoxW

gdi32

StretchBlt
DeleteObject
DeleteDC
GetObjectA
CreateCompatibleDC
SetTextColor
CreateRectRgn
SetBkMode
CreateCompatibleBitmap
CreatePen
Polygon
StretchDIBits
SelectClipRgn
GetStockObject
SelectObject
GetDeviceCaps
BitBlt
CreateDIBSection
TextOutA

advapi32

CryptAcquireContextW
RegOpenKeyExA
CryptDeriveKey
CryptCreateHash
SetSecurityDescriptorDacl
CryptDestroyKey
CryptDecrypt
RegQueryValueExW
OpenProcessToken
CryptReleaseContext
AdjustTokenPrivileges
CryptHashData
RegCloseKey
CryptDestroyHash
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
LookupPrivilegeValueA

shell32

ShellExecuteA
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

winmm

PlaySoundW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
PFXImportCertStore

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

secur32

AcceptSecurityContext
AcquireCredentialsHandleW
EncryptMessage
QueryContextAttributesA
FreeCredentialsHandle
InitializeSecurityContextW
DecryptMessage
QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextA

msvcrt

memset
_CIsin
_vsnwprintf

Sections

.text1
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b0f4bab2c8e7ff627061aaea7d41dfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winmm

crypt32

rpcrt4

secur32

msvcrt

Sections

.text1 Size: 101KB - Virtual size: 100KB

.itext Size: 17KB - Virtual size: 16KB

.data Size: - Virtual size: 25KB

.rsrc Size: 7KB - Virtual size: 7KB

.idat_0 Size: 2KB - Virtual size: 1KB

.text1
Size: 101KB - Virtual size: 100KB

.itext
Size: 17KB - Virtual size: 16KB

.data
Size: - Virtual size: 25KB

.rsrc
Size: 7KB - Virtual size: 7KB

.idat_0
Size: 2KB - Virtual size: 1KB