a93e81769988febc6e2e6693e22eae432113e1aa7119285adc335207c2ccac7c

Sharing

Copy URL Twitter E-mail

General

Target

a93e81769988febc6e2e6693e22eae432113e1aa7119285adc335207c2ccac7c
Size

572KB
MD5

1960f81f4fae9a41bc8c78f57f0f1830
SHA1

a8583696c319a2b70fae06be4bd29ced18bb734f
SHA256

a93e81769988febc6e2e6693e22eae432113e1aa7119285adc335207c2ccac7c
SHA512

fa156ba2427f42aa47c51b4a4bb873a6669370d86546a01acfed458e05ba862068d9d454997feee4a898892fe05590ef3230f1044c64858bda8a76a719f64f24
SSDEEP

12288:kURPls01S/mScHvIiajOIq4vIv3t2vp8SIGPh3rcVi7J0:jRGRuScP/aCt1v9+8s3rA4

Score

N/A

Malware Config

Signatures

Files

a93e81769988febc6e2e6693e22eae432113e1aa7119285adc335207c2ccac7c
.exe windows x86

a48afe2a294e35ea57670c37e460e4d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
ShowWindow
GetAsyncKeyState
SendMessageW
UnhookWindowsHookEx
GetClassNameW
GetMenuItemInfoW
LoadStringW
MessageBoxW

shlwapi

SHRegQueryInfoUSKeyA
wvnsprintfA
SHGetValueW
PathSkipRootA

mpr

WNetCancelConnectionA

mscms

SetColorProfileElement
DisassociateColorProfileFromDeviceA
EnumColorProfilesA
GetStandardColorSpaceProfileA

esent

JetGetDatabaseInfo
JetTruncateLog
JetGetObjectInfo

crypt32

CertCreateContext
CryptMemRealloc

ntdll

RtlUnwind

shell32

SHInvokePrinterCommandW
SHQueryRecycleBinW
ord179

urlmon

CreateAsyncBindCtx

pdh

PdhBrowseCountersW
PdhUpdateLogA
PdhGetDefaultPerfCounterA

kernel32

GetTimeZoneInformation
VirtualQuery
GetSystemInfo
CompareStringW
GetCurrentProcess
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InterlockedExchange
CreateFileA
GetLocaleInfoW
TerminateProcess
CompareStringA
SetEnvironmentVariableA
UnhandledExceptionFilter
FreeLibrary
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
VirtualAlloc
Sleep
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
BackupSeek
GetShortPathNameA
TlsAlloc
FillConsoleOutputAttribute
InterlockedFlushSList
GetPriorityClass
SetNamedPipeHandleState
OpenThread
GetBinaryTypeA
HeapSetInformation
GetDiskFreeSpaceExW
LockResource
LoadLibraryExW
EnumDateFormatsExW
CreateActCtxW
EnumLanguageGroupLocalesW
VirtualLock
DebugActiveProcess
VirtualProtect
CreateToolhelp32Snapshot
SetVolumeMountPointA
CreateDirectoryExW
GetTempFileNameW
GetComputerNameA
FindResourceA
FindActCtxSectionStringA
VirtualFree
SetCurrentDirectoryA
GetPrivateProfileStringA
GetFirmwareEnvironmentVariableW
Module32First
LocalCompact
AddAtomA
GetCPInfoExA
SetFirmwareEnvironmentVariableW
ReadConsoleOutputA
ConvertThreadToFiber
TerminateThread
GetPrivateProfileStructA
EnumDateFormatsA
Module32NextW
lstrcatW
ContinueDebugEvent
lstrlenW
GetStringTypeA
GetDateFormatW
CreateNamedPipeW
InterlockedExchangeAdd
FillConsoleOutputCharacterW
SleepEx
GetCurrentThreadId
DeactivateActCtx
QueryPerformanceFrequency
GetCommProperties
FindFirstFileExW
WriteFileGather
GetSystemDefaultUILanguage
lstrlenA
GetTickCount
GetConsoleTitleW
GetConsoleWindow
GetCommandLineA
FindAtomW
GetLastError
DeleteFileA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
OutputDebugStringA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapAlloc
MultiByteToWideChar
ReadFile
SetFilePointer
HeapReAlloc
HeapSize
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
GetModuleHandleW
LCMapStringA
LCMapStringW
GetStringTypeW
GetTimeFormatA

clusapi

AddClusterResourceNode
GetClusterResourceKey
PauseClusterNode

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

!
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bN3
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

k[}
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

f;
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

M~
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a48afe2a294e35ea57670c37e460e4d5

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

mpr

mscms

esent

crypt32

ntdll

shell32

urlmon

pdh

kernel32

clusapi

Sections

.text Size: 132KB - Virtual size: 130KB

.textbss Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 12KB

! Size: 12KB - Virtual size: 8KB

CODE Size: 12KB - Virtual size: 9KB

bN3 Size: 20KB - Virtual size: 17KB

.crt Size: 132KB - Virtual size: 131KB

.reloc Size: 60KB - Virtual size: 56KB

k[} Size: 68KB - Virtual size: 65KB

.erloc Size: 12KB - Virtual size: 11KB

7 Size: 28KB - Virtual size: 26KB

f; Size: 60KB - Virtual size: 56KB

M~ Size: 12KB - Virtual size: 8KB

DATA Size: 4KB - Virtual size: 2KB

.text
Size: 132KB - Virtual size: 130KB

.textbss
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 12KB

!
Size: 12KB - Virtual size: 8KB

CODE
Size: 12KB - Virtual size: 9KB

bN3
Size: 20KB - Virtual size: 17KB

.crt
Size: 132KB - Virtual size: 131KB

.reloc
Size: 60KB - Virtual size: 56KB

k[}
Size: 68KB - Virtual size: 65KB

.erloc
Size: 12KB - Virtual size: 11KB

7
Size: 28KB - Virtual size: 26KB

f;
Size: 60KB - Virtual size: 56KB

M~
Size: 12KB - Virtual size: 8KB

DATA
Size: 4KB - Virtual size: 2KB