0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c

Sharing

Copy URL

Twitter E-mail

General

Target

0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c
Size

510KB
MD5

6a527509124125bed8c6ae6dba165902
SHA1

5ab1f9820c5d95dc6973b16ed1cee580a86ee449
SHA256

0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c
SHA512

b76ab77a7b0dec818268677e0ebb1cda8e15c8b7619efead295dd979142a711e74eeda7b3aa841288c188ce48d81af96c13321c8764720bb379a8fd90281e4e8
SSDEEP

12288:qujL7K6wQiurgzw6wVzxzz7MagBqNVWQ+RQhzkyu:qujmQiurgz0zxzvgI/WQ+RQdkyu

Score

N/A

Malware Config

Signatures

Files

0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c
.exe windows x86

e892bb8a18faa109bb2fc6c837b93e41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLocaleInfoW
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapCreate
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
GetModuleFileNameA
IsProcessorFeaturePresent
SetLastError
TlsFree
GetCurrentThreadId
ReadFile
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetFileType
CreateFileW
GetStdHandle
SetHandleCount
GetCPInfo
LCMapStringW
WideCharToMultiByte
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
IsBadReadPtr
HeapValidate
IsDebuggerPresent
lstrcpyA
LocalFree
CloseHandle
LocalSize
GetModuleHandleA
EnumDateFormatsA
GlobalMemoryStatusEx
LocalAlloc
lstrcmpiA
GetLastError
GlobalUnlock
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
Sleep
OpenProcess
FormatMessageA
GetProcessHeap
GlobalLock
GetCurrentProcess
HeapAlloc
lstrlenA
SetFilePointer
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetEndOfFile
CreateFileA
GetEnvironmentVariableW
TlsSetValue
ExitProcess

user32

CheckMenuItem
GetWindowThreadProcessId
DefWindowProcA
GetCursorPos
LoadAcceleratorsA
ShowWindow
SetDlgItemTextA
EndDeferWindowPos
GetDlgItemTextA
EndDialog
GetDlgItem
FindWindowA
OpenClipboard
DeferWindowPos
CreateWindowExA
UpdateWindow
GetClipboardData
GetDlgItemTextW
SetWindowTextA
IsWindowVisible
GetSystemMetrics
EndPaint
DestroyWindow
CloseClipboard
DestroyAcceleratorTable
GetWindowRect
IsIconic
GetSubMenu
LoadBitmapA
GetClipboardFormatNameA
wsprintfA
GetClientRect
SetFocus
SendMessageA
EnumClipboardFormats
BeginPaint
GetWindowTextA
MessageBoxA
GetWindowLongA
BeginDeferWindowPos

gdi32

SelectObject
GetTextExtentPoint32A
DeleteDC
CreateFontA
GetDeviceCaps
StretchBlt
DeleteObject
TextOutA
CreateCompatibleDC
SaveDC
GetObjectA
RestoreDC

winspool.drv

EnumJobsA
GetPrinterA
ClosePrinter
OpenPrinterA
EnumPrintersA

advapi32

RegCreateKeyExA
CloseServiceHandle
OpenProcessToken
RegCloseKey
RegOpenKeyExW
OpenSCManagerA
QueryServiceStatus
ConvertSecurityDescriptorToStringSecurityDescriptorA
OpenServiceA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegSetValueExA
GetTokenInformation
DeleteService

shell32

SHGetFolderPathA
SHGetFileInfoA
SHGetFolderPathW
DragFinish
DragQueryFileA

oleaut32

RegisterActiveObject

wininet

FtpSetCurrentDirectoryA

psapi

GetProcessMemoryInfo

winmm

waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveOutWrite

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAppendA
PathFindFileNameA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create

gdiplus

GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

mswsock

EnumProtocolsA

setupapi

SetupCloseInfFile
SetupDiRegisterDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupInitDefaultQueueCallback
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupOpenInfFileA
SetupDiGetDeviceInstallParamsA
SetupOpenAppendInfFileA
SetupGetIntField
SetupDiSetSelectedDriverA
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupGetStringFieldA
SetupFindFirstLineA
SetupDiInstallDevice

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

Start

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.corn
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e892bb8a18faa109bb2fc6c837b93e41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

wininet

psapi

winmm

version

shlwapi

comctl32

gdiplus

mswsock

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 6KB - Virtual size: 14KB

.corn Size: 45KB - Virtual size: 45KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 14KB

.corn
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 23KB - Virtual size: 23KB