653bbe1b0828cfad4dba58d4cee5b101a6c6e1e4676639c0c0fa3b565007ebc1

Sharing

Copy URL Twitter E-mail

General

Target

653bbe1b0828cfad4dba58d4cee5b101a6c6e1e4676639c0c0fa3b565007ebc1
Size

1012KB
MD5

6017cc9e5a6a78bfb3baa732c81c2a56
SHA1

4b8cf64f737ed29f2d9e540a7d40e94f67af7510
SHA256

653bbe1b0828cfad4dba58d4cee5b101a6c6e1e4676639c0c0fa3b565007ebc1
SHA512

293db1e0137e914e2a4401c96160b762f72cdc0c5d7e1f93e41d9722980dcd17863ee752a850778ea8526357961cb26b636addc509dee10c4a5d5fb9c8ffa157
SSDEEP

24576:xeOdO+2IQHKia9ys5ftFUTbHT2Cd+ndJFoqryo04yMjYi4c7fK0:xeOdO+2LKJ9ys5ftFUTjT2CodJFbryRH

Score

N/A

Malware Config

Signatures

Files

653bbe1b0828cfad4dba58d4cee5b101a6c6e1e4676639c0c0fa3b565007ebc1
.exe windows x86

b8bb74c375d4af22f5419527728cca35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FindFirstFileW
ExpandEnvironmentStringsW
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
CreateMutexW
GetSystemInfo
InterlockedCompareExchange
TerminateProcess
GetSystemTimeAsFileTime
Process32NextW
GetProcessTimes
Process32FirstW
CreateToolhelp32Snapshot
GetTempPathW
GetSystemTime
ProcessIdToSessionId
GetUserDefaultUILanguage
SetThreadLocale
CompareFileTime
EnumResourceLanguagesW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
RtlUnwind
VirtualQuery
VirtualProtect
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
ReadFile
LCMapStringW
FormatMessageW
GlobalFree
EnumResourceNamesW
WriteFile
FindNextFileW
DeleteFileW
MoveFileExW
GetTempFileNameW
GetFileAttributesExW
OpenFileMappingW
LocalFree
OpenEventW
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
WideCharToMultiByte
ResetEvent
SetEvent
CreateEventW
OpenProcess
WaitForMultipleObjects
GetTickCount
SetThreadPriority
ResumeThread
GetCurrentProcess
FlushInstructionCache
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
GetCommandLineW
CreateProcessW
SystemTimeToFileTime
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetFileType
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrlenW
GetCurrentThreadId
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
SetEndOfFile
CreateFileA
SetEnvironmentVariableA
FlushFileBuffers
FindClose
GetStartupInfoA
QueryPerformanceCounter
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetCurrentProcessId
GetVersionExW
LCMapStringA

user32

GetActiveWindow
DestroyWindow
CharNextW
SendMessageW
SetWindowLongW
GetWindowLongW
SetTimer
EndDialog
MessageBoxIndirectW
LoadImageW
IsWindowEnabled
IsWindowVisible
FindWindowExW
EnumChildWindows
PostMessageW
GetShellWindow
GetWindowThreadProcessId
RegisterClassW
BeginPaint
EndPaint
SetWindowRgn
MessageBoxW
BringWindowToTop
CallWindowProcW
DefWindowProcW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
LoadCursorW
IsWindow
GetClassNameW
EnableWindow
DialogBoxParamW
GetSystemMetrics
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
UnregisterClassA

advapi32

GetSecurityDescriptorOwner
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptAcquireContextW
DuplicateTokenEx
CreateProcessAsUserW
ConvertSidToStringSidW
AllocateAndInitializeSid
FreeSid
RegNotifyChangeKeyValue
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
OpenProcessToken
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
EqualSid
CopySid
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
RegFlushKey
RegEnumValueW
CryptDestroyKey
CryptDestroyHash
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoCreateGuid
OleRun
CoUninitialize

shell32

ShellExecuteW
SHGetFolderPathW
ord165
ShellExecuteExW

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VarUI4FromStr
VariantInit

shlwapi

PathMatchSpecW
PathIsDirectoryW
PathFindFileNameW
PathRemoveExtensionW
SHCreateStreamOnFileW
StrCatBuffA
PathAppendW
PathFileExistsW
SHDeleteValueW
SHSetValueW
SHGetValueW
PathCombineW

gdi32

CreateRectRgn

urlmon

CreateURLMonikerEx
CreateAsyncBindCtx
RegisterBindStatusCallback

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

wintrust

WinVerifyTrust

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

crypt32

CryptImportPublicKeyInfo
CertFreeCertificateContext
CertNameToStrW
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptQueryObject
CryptProtectData
CryptUnprotectData
CertCreateContext
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b8bb74c375d4af22f5419527728cca35

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

urlmon

userenv

psapi

wtsapi32

wintrust

wininet

crypt32

Sections

.text Size: 286KB - Virtual size: 285KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 20KB - Virtual size: 19KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 286KB - Virtual size: 285KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 20KB - Virtual size: 19KB

.vmp0
Size: 500KB - Virtual size: 1.6MB