c3a682b52ffbdca253a23d393cb9062b33501ade3f1272f1fbeaf668b0db9681

Sharing

Copy URL

Twitter E-mail

General

Target

c3a682b52ffbdca253a23d393cb9062b33501ade3f1272f1fbeaf668b0db9681
Size

431KB
MD5

62aa821f252841e5dafdd179000ced8e
SHA1

aa46798eb5fa2df1c0156e4eaff6b88740e737a1
SHA256

c3a682b52ffbdca253a23d393cb9062b33501ade3f1272f1fbeaf668b0db9681
SHA512

10debfa24d6af6a32541b417bc6197bc2d92f3a05b126e417bbbf2b5e8daed73bd68d32168d8b952afccce41d5af49cd7258316568f499d8363117bd8b01a200
SSDEEP

6144:k7u5c7D9yDPHAqDvZoOw8EUxPzZdxLhO5llMrAOj/DRAEJs/Jr/ZpchBcYH:k72MyD/Auc8EUtzxlgEper/3chF

Score

N/A

Malware Config

Signatures

Files

c3a682b52ffbdca253a23d393cb9062b33501ade3f1272f1fbeaf668b0db9681
.exe windows x86

27bb6883e5bfa97a7d14ea196e591cbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumValueW
RegQueryValueExW

kernel32

CreateThread
CloseHandle
InterlockedExchange
GetFileAttributesW
GetVersionExW
CreateFileMappingW
LeaveCriticalSection
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
LoadLibraryA
SetDllDirectoryW
SystemTimeToFileTime
GetSystemTime
GetCurrentProcessId
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
GetExitCodeThread
CompareStringOrdinal
WaitForSingleObject
GetUserDefaultUILanguage
EnumUILanguagesW
GetLocaleInfoW
VirtualAlloc
VirtualFree
EnterCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetLastError
lstrlenW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
FindResourceW
LoadResource
SizeofResource
LocalFree
LocalAlloc
GetCommandLineW
GetStartupInfoW
ExitProcess
GetSystemPowerStatus
FlushInstructionCache
FindResourceExW
IsProcessorFeaturePresent
GetVersionExA
GetVersion
CompareStringW
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
SetLastError
LockResource

user32

GetAncestor
FindWindowW
GetParent
SetWindowPos
PostMessageW
GetSystemMetrics
DestroyWindow
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
CharNextW
TrackMouseEvent
LoadIconW
RegisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
GetForegroundWindow
PeekMessageW
DialogBoxParamW
PostQuitMessage
SetCursor
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
ReleaseDC
GetSysColorBrush
FillRect
DrawTextW
GetDC
GetSysColor
EndPaint
BeginPaint
EnableWindow
SetFocus
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
GetDlgItem
SetWindowTextW
CallWindowProcW
GetCursorPos
SystemParametersInfoW
InvalidateRect
DefWindowProcW
CreateDialogParamW
AdjustWindowRectEx
GetClientRect
GetWindowRect
SendMessageW
IsWindow
EndDialog
UnregisterClassA
GetClassLongW
WindowFromDC
SetForegroundWindow
GetProcessDefaultLayout
GetActiveWindow
ShowWindow
GetFocus
IsWindowEnabled
IsWindowVisible
GetKeyState
EnumDisplayDevicesW
EnumDisplaySettingsW
MapWindowPoints
PtInRect
RegisterClipboardFormatW
UpdateWindow
NotifyWinEvent
GetWindowTextW
GetWindowTextLengthW
SetCapture
GetCapture
GetNextDlgTabItem
SetRect
ReleaseCapture
GetWindow

msvcrt

realloc
_errno
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_controlfp
__CxxFrameHandler3
_ftol2_sse
_ftol2
memcpy
memcpy_s
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
calloc
memset
memmove_s
_vsnwprintf
_purecall
memmove
free
malloc
wcsncpy_s
wcstok
swprintf_s
_vscwprintf
vswprintf_s
wcschr
towlower
ceil
rand
time
srand
wcspbrk
wcstol
??1type_info@@UAE@XZ
_CxxThrowException

ntdll

NtSetInformationProcess

shell32

SHCreateItemWithParent
ord155
ord102
SHAddToRecentDocs
ord4
ord644
ord645
ord2
SHParseDisplayName
SHCreateItemFromIDList
SHGetKnownFolderIDList
ord152
SHGetIDListFromObject
SHBrowseForFolderW
SHGetFolderPathW
SHBindToParent

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantCopy
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CLSIDFromString
PropVariantClear

comctl32

InitCommonControlsEx

gdi32

GetClipBox
GetStockObject
SelectObject
CreateFontIndirectW
SetTextColor
SetBkColor
DeleteObject
CreateRectRgnIndirect
CreateRectRgn
GetLayout
SetLayout
GetDeviceCaps
GetObjectA
CreateDIBSection
CreateCompatibleDC
SetDIBitsToDevice
GetObjectW
BitBlt
SelectPalette
RealizePalette
GetClipRgn
OffsetRgn
ExtCreateRegion
GetRegionData
DeleteDC

slc

SLGetWindowsInformationDWORD

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipMeasureString
GdiplusStartup
GdiplusShutdown
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipCreateMatrix
GdipSetRenderingOrigin
GdipGetWorldTransform
GdipSetWorldTransform
GdipCreateMatrix2
GdipMultiplyWorldTransform
GdipDrawString
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipCreateHatchBrush
GdipCreatePen2
GdipDrawRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipBitmapLockBits
GdipCreateHalftonePalette
GdipBitmapUnlockBits
GdipDeleteMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangleI
GdipGetDC
GdipReleaseDC
GdipGetImageWidth
GdipGetImageHeight
GdipGetPageUnit
GdipSetPageUnit
GdipDrawImageRectRectI
GdipFillRectangle
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImagePointsRectI
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateLineBrush
GdipSetLineSigmaBlend
GdipFillPath
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawPath
GdipDeletePath
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreatePath
GdipSetClipHrgn

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

shlwapi

PathFindExtensionW

windowscodecs

WICConvertBitmapSource

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleProxyW
LresultFromObject

dwmapi

DwmIsCompositionEnabled

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27bb6883e5bfa97a7d14ea196e591cbf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

oleaut32

ole32

comctl32

gdi32

slc

gdiplus

crypt32

shlwapi

windowscodecs

oleacc

dwmapi

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 213KB - Virtual size: 212KB

.reloc Size: 50KB - Virtual size: 51KB

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 213KB - Virtual size: 212KB

.reloc
Size: 50KB - Virtual size: 51KB