abc79d3efd53b222a1bdff39fc38068b53ddaf622128dc27eb7fc3a92fb732ab

Sharing

Copy URL

Twitter E-mail

General

Target

abc79d3efd53b222a1bdff39fc38068b53ddaf622128dc27eb7fc3a92fb732ab
Size

209KB
MD5

7c79a4c178dcb857538ff4b10299a1e0
SHA1

4d03ce602241a6723ab5229dc5893bba201bc855
SHA256

abc79d3efd53b222a1bdff39fc38068b53ddaf622128dc27eb7fc3a92fb732ab
SHA512

91b60b04a03cbf8a3a7a9b67a9365381d13f5cc9dfa14b709dcf956685f86837c3a330b0c94099834fa7dc219886f0e6691e6b0bf343618cc507b8a49ee5ca5d
SSDEEP

6144:1uqqDLVdfl0jN0vqIzpPzhn0k8wTBLAthZQxBLdH301C7:1rqnVdfl0jmvZrn0STCPZu10s7

Score

N/A

Malware Config

Signatures

Files

abc79d3efd53b222a1bdff39fc38068b53ddaf622128dc27eb7fc3a92fb732ab
.exe windows x86

1b5a4e556c6fc68c5d0a6c621b9796b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
GlobalLock
GlobalUnlock
GetThreadContext
SetThreadContext
GetProcessId
GetLastError
CreateRemoteThread
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateProcessW
SetHandleInformation
ReadFile
CreatePipe
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
GetCurrentProcessId
Thread32First
WideCharToMultiByte
ReadProcessMemory
TlsFree
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
DuplicateHandle
GetFileAttributesExW
VirtualFreeEx
VirtualFree
GetComputerNameW
SetErrorMode
GetCommandLineW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
TlsAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetModuleHandleA
IsBadReadPtr
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
TlsGetValue
VirtualAlloc
HeapDestroy
WriteProcessMemory
LoadLibraryW
CreateDirectoryW
ExitProcess
GetUserDefaultUILanguage
GetModuleFileNameW
MoveFileExW
lstrcmpiW
LoadLibraryA
FreeLibrary
LocalFree
GetVersionExW
GetNativeSystemInfo
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
WriteFile
GetPrivateProfileStringW
GetSystemTime
GetModuleHandleW
OpenEventW
Sleep
SetEvent
WaitForMultipleObjects
CreateEventW
GetLocalTime
CreateThread
CloseHandle
ExitThread
GetCurrentProcess
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VirtualQueryEx

user32

GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
CallWindowProcA
EndMenu
CallWindowProcW
DefFrameProcW
RegisterClassA
SystemParametersInfoW
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
GetMenuItemID
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
ExitWindowsEx
MessageBoxA
TrackPopupMenuEx
GetMenuItemRect
RegisterClassExW
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
CharLowerBuffA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage
GetKeyboardState
ToUnicode
GetClipboardData
RegisterClassExA
RegisterWindowMessageW
GetShellWindow
GetThreadDesktop
GetKeyboardLayoutList
CharToOemW
DrawIcon
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
GetIconInfo
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
SendMessageTimeoutW
MenuItemFromPoint
ReleaseDC
GetMenu
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
CharLowerW
EndPaint

advapi32

ConvertSidToStringSidW
EqualSid
IsWellKnownSid
GetLengthSid
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
CreateProcessAsUserA
CreateProcessAsUserW
InitiateSystemShutdownExW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
SetSecurityInfo

shlwapi

SHDeleteValueW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathIsURLW
PathQuoteSpacesW
StrStrIW
StrStrIA
PathRemoveBackslashW
StrCmpNIW
PathRenameExtensionW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDeviceCaps
GetDIBits
CreateDIBSection
SaveDC

ws2_32

WSASend
getaddrinfo
inet_addr
getpeername
accept
getsockname
WSAEventSelect
freeaddrinfo
recv
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
closesocket
gethostbyname
send
select
recvfrom
WSAGetLastError
listen
WSASetLastError
socket
bind
sendto

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackA
HttpSendRequestExW
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
HttpSendRequestExA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b5a4e556c6fc68c5d0a6c621b9796b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 196KB - Virtual size: 196KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 196KB - Virtual size: 196KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB