a791d3ec70b7072a162329c1a33ab0d167ae66e2ec243e9aba64c74f9ad32f38

Sharing

Copy URL Twitter E-mail

General

Target

a791d3ec70b7072a162329c1a33ab0d167ae66e2ec243e9aba64c74f9ad32f38
Size

678KB
MD5

4846d13db2904093c639b82a1f83ea30
SHA1

f9e56d55b8cc1749483836cf30ccf45f85812f48
SHA256

a791d3ec70b7072a162329c1a33ab0d167ae66e2ec243e9aba64c74f9ad32f38
SHA512

52c584de2763cb1672147c2929be0182845f819510179b90ce186bfa279daa5a87641fc624f02572027fb212b1d70c00475d35f5fb059bf42d430aa3126de8f4
SSDEEP

12288:DF95ahfNMgzqJZhEl9AfH9dKnwsUZV7ReybdTdKXdhfeowW:DxahfdqJZul9AfH9gwvVNeyxTdiGvW

Score

N/A

Malware Config

Signatures

Files

a791d3ec70b7072a162329c1a33ab0d167ae66e2ec243e9aba64c74f9ad32f38
.exe windows x86

1defb8505c16e94a541e7c72cf1e2c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CreateFileW
WriteFile
FindNextFileW
FindFirstFileW
ReadProcessMemory
VirtualQueryEx
OpenThread
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
Sleep
CreateFileA
DeviceIoControl
GlobalFree
GlobalAlloc
InterlockedExchange
InterlockedCompareExchange
WritePrivateProfileStringW
SystemTimeToFileTime
GetPrivateProfileStringW
ReadFile
GetFileSizeEx
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
lstrlenA
MapViewOfFile
CreateFileMappingW
Module32NextW
VirtualProtect
Module32FirstW
GetCurrentProcessId
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
TerminateProcess
IsValidCodePage
GetOEMCP
SetEvent
EnterCriticalSection
GetModuleHandleA
SetFilePointer
GetStartupInfoA
CreateProcessW
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileAttributesW
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FlushFileBuffers
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetACP
DeleteFileW
OpenProcess
LoadLibraryW
WaitForSingleObject
GetCommandLineW
LocalFree
CloseHandle
FreeLibrary
RaiseException
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetNativeSystemInfo
IsWow64Process
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetLastError
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
GetFileType
LeaveCriticalSection
GetCurrentThreadId
GetProcAddress
FindResourceExW
GetVersionExW
MultiByteToWideChar
lstrlenW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetLocaleInfoW
GetCPInfo
LCMapStringA
IsValidLocale

user32

GetClassNameW
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
CharNextW
GetWindowTextW
GetClassInfoExW
LoadImageW
RegisterClassExW
LoadMenuW
LoadAcceleratorsW
DestroyWindow
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
CreateWindowExW
SetWindowLongW
LoadStringA
GetParent
GetWindow
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
SetFocus
KillTimer
ReleaseDC
GetMenuItemInfoW
RemoveMenu
MapWindowPoints
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
GetClientRect
SetWindowTextW
GetWindowLongW
InvalidateRect
PeekMessageW
PtInRect
IsWindow
SendMessageW
LoadStringW
MessageBeep
SetWindowPos
DefWindowProcW
TranslateAcceleratorW
DestroyCursor
DrawTextW
GetWindowRect
GetWindowDC
UpdateLayeredWindow
GetCursorPos
ScreenToClient
SetCursor
TrackMouseEvent
GetFocus
PostMessageW
PostQuitMessage
LoadCursorW
CallWindowProcW
UnregisterClassA

gdi32

SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
SetBitmapBits
RestoreDC
DeleteObject
DeleteDC
CreateFontW
GetBitmapBits
CreateDIBSection

advapi32

AdjustTokenPrivileges
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
RevertToSelf
AllocateAndInitializeSid

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrStrIW
PathAppendW
SHDeleteKeyW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle

Sections

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1defb8505c16e94a541e7c72cf1e2c2c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

msimg32

iphlpapi

wtsapi32

winhttp

Sections

.text Size: 460KB - Virtual size: 459KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 7KB - Virtual size: 21KB

.rsrc Size: 127KB - Virtual size: 128KB

.text
Size: 460KB - Virtual size: 459KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 127KB - Virtual size: 128KB