fd0f4221267f76911a0ffbe63d11a4aedb3259c5c2a45724e84af6fce3addf06

Sharing

Copy URL Twitter E-mail

General

Target

fd0f4221267f76911a0ffbe63d11a4aedb3259c5c2a45724e84af6fce3addf06
Size

1.5MB
MD5

60dd04d34b24197e757401bf8f604454
SHA1

082868d327e11a5456e8534f2618968a573d9030
SHA256

fd0f4221267f76911a0ffbe63d11a4aedb3259c5c2a45724e84af6fce3addf06
SHA512

aa75a93ff632af32e387a9ceae8b7eaec14f6be5d3b5a4e1261117a9c223eb635164a205e6c0a774106dcbdf7f89fa83683f1f52da7b79aa32fbc08b0e2bd089
SSDEEP

24576:cYOcQuROZZMnuQP3ZTyPhaBOZNvbsNYprle691KtykndyHJdJK+STPITCMa7qhb9:BdROZBogPhaBOZpsNYprle691Ktykndo

Score

N/A

Malware Config

Signatures

Files

fd0f4221267f76911a0ffbe63d11a4aedb3259c5c2a45724e84af6fce3addf06
.exe windows x86

6883bf826dcf44f21555b70e1d567e75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

sensapi

IsNetworkAlive

userenv

CreateEnvironmentBlock

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetOpenW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetSetOptionW

user32

MessageBoxW
SendMessageTimeoutW
RegisterWindowMessageW
wsprintfW
PostMessageW
EnumWindows
GetClassNameW
IsWindow
GetSystemMetrics

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantClear
SysAllocString
SysFreeString

kernel32

InterlockedIncrement
InterlockedExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitProcess
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetCurrentProcess
InterlockedDecrement
WaitForSingleObject
LocalFree
CloseHandle
GetModuleFileNameW
Sleep
FindFirstFileW
FindClose
LoadLibraryW
GetProcAddress
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateToolhelp32Snapshot
GetLastError
Process32FirstW
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32NextW
GetEnvironmentVariableW
GetModuleHandleW
lstrlenW
lstrlenA
GetVersionExW
MultiByteToWideChar
GetFileAttributesExW
DeleteFileW
GetCommandLineA
WideCharToMultiByte
CreateProcessW
CreateDirectoryW
GetEnvironmentStringsW
GetSystemDirectoryW
FormatMessageW
CreateFileW
GetEnvironmentVariableA
SetLastError
ProcessIdToSessionId
LocalAlloc
GetSystemInfo
GetModuleHandleA
CopyFileW
GetTempPathW
LocalSize
ReadFile
FindNextFileW
CopyFileA
RemoveDirectoryW
SetFileAttributesW
SetEvent
CreateEventW
CreateThread
GetFileSize
SetFilePointer
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAlloc
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
SetEnvironmentVariableA
FormatMessageA
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesA
FlushFileBuffers
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
ResetEvent
GetSystemDirectoryA
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexW
OpenMutexW
ReleaseMutex
DeviceIoControl
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
WriteFile
GetSystemTimeAsFileTime

advapi32

SetNamedSecurityInfoW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegSetKeySecurity
GetNamedSecurityInfoW
InitializeAcl
AddAccessAllowedAce

shell32

ord680
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

shlwapi

PathFileExistsW
UrlUnescapeW

crypt32

CryptProtectData

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6883bf826dcf44f21555b70e1d567e75

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

version

sensapi

userenv

wininet

user32

ole32

oleaut32

kernel32

advapi32

shell32

shlwapi

crypt32

Sections

.text Size: 692KB - Virtual size: 692KB

.rdata Size: 237KB - Virtual size: 236KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 37KB - Virtual size: 36KB

.vmp1 Size: 540KB - Virtual size: 1.6MB

.text
Size: 692KB - Virtual size: 692KB

.rdata
Size: 237KB - Virtual size: 236KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 37KB - Virtual size: 36KB

.vmp1
Size: 540KB - Virtual size: 1.6MB