e1df0606779992c3c27011d0c4042cf569faa6407f3c37d4b29cec37a88d23f3

Sharing

Copy URL Twitter E-mail

General

Target

e1df0606779992c3c27011d0c4042cf569faa6407f3c37d4b29cec37a88d23f3
Size

406KB
MD5

6d29b77e719dc6be28239c7c81bb834d
SHA1

8c34e838bdce145ed03e21859dd89c1909c67932
SHA256

e1df0606779992c3c27011d0c4042cf569faa6407f3c37d4b29cec37a88d23f3
SHA512

ab29940f698b500004026e650b2d1de7583853aab97c709093e0002a4f7cfe0ef73a31b8f46279dffbf4bd8dbcaaac3d7bd2bba77a5a49ac16aa50ad2743d084
SSDEEP

6144:Q6tp1X2l7Dv5wngTpnF6E5lLMFbLf6kXoGzM1OcXwNeY2758baea6qu8nM4:Q6v1wGgTpF6clLMFbF4GYwOPH1u8M4

Score

N/A

Malware Config

Signatures

Files

e1df0606779992c3c27011d0c4042cf569faa6407f3c37d4b29cec37a88d23f3
.exe windows x86

4dd25ad8e80351d8af3c4d0a0f9ddd4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetTempFileNameW
GetTempPathW
GetUserGeoID
GetSystemDefaultLangID
GetVersionExW
WideCharToMultiByte
WaitForSingleObject
CreateEventW
CreateProcessW
GetPrivateProfileIntW
TerminateProcess
OpenProcess
MoveFileExW
CopyFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetCurrentProcess
GetExitCodeProcess
OutputDebugStringW
ResetEvent
TerminateThread
SetEvent
GetLocalTime
WritePrivateProfileStringW
CreateMutexW
OpenEventW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcessHeap
SetEndOfFile
CreateFileA
GetPrivateProfileSectionW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
LCMapStringW
GetStartupInfoA
SetHandleCount
SetStdHandle
GetModuleFileNameA
GetStdHandle
ExitProcess
ReadFile
MultiByteToWideChar
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetUserDefaultUILanguage
GetShortPathNameW
FindFirstFileW
lstrcmpiW
GetFileAttributesW
FindNextFileW
FindClose
CreateFileW
GetFileTime
CloseHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FreeLibrary
LoadLibraryW
GetProcAddress
Sleep
GetTickCount
LocalFree
LocalAlloc
lstrlenW
CreateDirectoryW
GetLastError
SetEnvironmentVariableW
GetModuleFileNameW
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LeaveCriticalSection
CompareStringA
EnterCriticalSection
GetConsoleMode
GetConsoleCP
WriteFile
SetLastError
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
HeapAlloc
HeapFree

user32

SetActiveWindow
SetForegroundWindow
GetActiveWindow
wsprintfW
SendMessageW
PostMessageW
FindWindowW
MessageBoxW
ExitWindowsEx
GetWindowTextW
GetWindow
GetForegroundWindow
AttachThreadInput
SystemParametersInfoW
GetWindowThreadProcessId
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
IsWindow
EndDialog
DialogBoxParamW
DestroyWindow
BeginPaint
EndPaint
CreateWindowExW
ShowWindow
UpdateWindow
LoadIconW
LoadCursorW
RegisterClassExW
LoadStringW
LoadAcceleratorsW
wvsprintfW
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
PostQuitMessage
DefWindowProcW

advapi32

StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
ControlService

shell32

ord680
ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

oleaut32

VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayAccessData
VariantInit
VariantCopy
VariantChangeType
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathRenameExtensionW
PathRemoveFileSpecW
PathStripPathW
PathIsRelativeW
PathFileExistsW
PathGetArgsW
PathRemoveBackslashW
PathFindExtensionW
PathRemoveExtensionW

winmm

timeGetTime

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
CM_Get_Parent
SetupCopyOEMInfW
CMP_WaitNoPendingInstallEvents
CM_Reenumerate_DevNode
SetupUninstallOEMInfW
SetupPromptReboot
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiRemoveDevice
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status
SetupDiGetClassDevsW
CM_Locate_DevNodeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4dd25ad8e80351d8af3c4d0a0f9ddd4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

setupapi

version

newdev

Sections

.text Size: 217KB - Virtual size: 216KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 519KB

.rsrc Size: 81KB - Virtual size: 84KB

.text
Size: 217KB - Virtual size: 216KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 519KB

.rsrc
Size: 81KB - Virtual size: 84KB