0b63584f92613396dd513c838451cc2d777d217345d349fb65d52d06d3b8d5ba

Sharing

Copy URL

Twitter E-mail

General

Target

0b63584f92613396dd513c838451cc2d777d217345d349fb65d52d06d3b8d5ba
Size

1.7MB
MD5

5aa08757d8aaaecdc05cf6032112dc11
SHA1

2fe08727b86807c7264c50e46dcc0040035e006d
SHA256

0b63584f92613396dd513c838451cc2d777d217345d349fb65d52d06d3b8d5ba
SHA512

47a24891ddf70160f7b515bd4a7c267b46b7e1b03a1d5b25207bf2fe890b18d859728ae4feace0a837ec12b5d98ba1bb098dc215338dc3d02cedc1082b0e2a83
SSDEEP

49152:B8Qh7NKgXbvydA0fGmtrxLfBFcVTn+UbUnnghPWtXH4hGrbOzQYAGLw+nNy:B8Qh7NKgXbvydA0fGmRxVFcEhXsE4n

Score

N/A

Malware Config

Signatures

Files

0b63584f92613396dd513c838451cc2d777d217345d349fb65d52d06d3b8d5ba
.exe windows x86

41f94cfad38f0ea9443afee63b1d2a3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

sensapi

IsNetworkAlive

userenv

CreateEnvironmentBlock

wininet

InternetSetOptionW
HttpAddRequestHeadersW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
InternetConnectW
InternetReadFile

kernel32

LocalAlloc
GetSystemInfo
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
DeleteFileW
LocalFree
GetCommandLineA
GetFileSize
FindFirstFileW
SetFilePointer
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetFileAttributesExW
HeapAlloc
HeapFree
GetProcessHeap
CopyFileW
ReadFile
CopyFileA
GetTempPathW
LocalSize
DeleteFileA
CreateMutexW
OpenMutexW
ReleaseMutex
GlobalAlloc
GetSystemDirectoryA
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
ProcessIdToSessionId
GetFileAttributesA
FlushFileBuffers
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
SetEvent
CreateEventW
ResetEvent
DeviceIoControl
InterlockedIncrement
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetFileType
Process32FirstW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
ExitProcess
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
TlsSetValue
TlsFree
SetLastError
GetEnvironmentVariableA
TerminateProcess
GetExitCodeProcess
GetVersionExW
FormatMessageW
Sleep
LoadLibraryW
GetSystemDirectoryW
OpenProcess
WriteFile
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
CreateProcessW
FreeLibrary
GetEnvironmentVariableW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CloseHandle
CreateFileW
GetCommandLineW
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedDecrement
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableW
lstrlenW
FindFirstFileA
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetStartupInfoA
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
VirtualFree
HeapCreate
GetCurrentThreadId
WriteConsoleW
GetLocaleInfoW
TlsGetValue
SetEnvironmentVariableA
LeaveCriticalSection
TlsAlloc

user32

MessageBoxW
wsprintfW
PostMessageW
EnumWindows
GetClassNameW
IsWindow
GetSystemMetrics

advapi32

CryptHashData
RegOpenKeyExW
RegSetValueExW
RegFlushKey
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
CryptGetHashParam
AdjustTokenPrivileges
RegSetKeySecurity
FreeSid
SetEntriesInAclW
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
GetNamedSecurityInfoW
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptDeriveKey
RegEnumKeyExW
GetLengthSid
DuplicateTokenEx
CreateProcessAsUserW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoCreateGuid
CLSIDFromString
CoInitialize

shell32

ShellExecuteExW
ord680
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi

shlwapi

UrlUnescapeW
PathFileExistsW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgClose
CryptProtectData
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW

wintrust

WinVerifyTrust

Sections

.text
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41f94cfad38f0ea9443afee63b1d2a3f

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

version

sensapi

userenv

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

crypt32

wintrust

Sections

.text Size: 792KB - Virtual size: 791KB

.rdata Size: 287KB - Virtual size: 286KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 600KB - Virtual size: 2.3MB

.text
Size: 792KB - Virtual size: 791KB

.rdata
Size: 287KB - Virtual size: 286KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 600KB - Virtual size: 2.3MB