742eba8061ccd7915e1aeb25549efa263ab878d4689ff979be0e4cb758037eb4

Sharing

Copy URL Twitter E-mail

General

Target

742eba8061ccd7915e1aeb25549efa263ab878d4689ff979be0e4cb758037eb4
Size

564KB
MD5

43dee6e504d464b1bcdb0ee34d62ae60
SHA1

4fb56259d037d745112ec8c22d8e03c29844e71f
SHA256

742eba8061ccd7915e1aeb25549efa263ab878d4689ff979be0e4cb758037eb4
SHA512

1748679d56edc4b8b76bb30432881ab972d9fc7bd4e3627302b7a546a519d93b71c2c842dbb6d2a2c5d18628c5cc10832927511b6ca24a1ef45811e88c36dad3
SSDEEP

12288:bYRsQxkyrWwM8LeZbRY6xrL0PER+WDlbDFBCOnnFvwdPKxxfoofvItigJ+slGA:cbxkKWVyjgrL0gfRCOnnFIdPkfoViU

Score

N/A

Malware Config

Signatures

Files

742eba8061ccd7915e1aeb25549efa263ab878d4689ff979be0e4cb758037eb4
.exe windows x86

ea4fc355a3730a9ef515924bb430fa0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarCyFromI1
VarUI4FromBool
BSTR_UserFree

urlmon

CoInternetCreateSecurityManager
CompareSecurityIds
GetClassURL
WriteHitLogging

clusapi

GetClusterKey
ClusterEnum

user32

MessageBoxW
DrawEdge
SetPropW
RemovePropW
ShowWindow
GetLastActivePopup
OpenInputDesktop

ntdll

RtlUnwind
VerSetConditionMask

kernel32

SetConsoleCtrlHandler
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualQuery
GetSystemInfo
TlsGetValue
GetBinaryTypeW
GetVolumePathNamesForVolumeNameW
GetQueuedCompletionStatus
lstrlenA
Heap32ListNext
GlobalAddAtomA
QueryDepthSList
VerLanguageNameA
ConvertFiberToThread
PeekNamedPipe
GlobalDeleteAtom
GlobalAlloc
GetBinaryTypeA
CancelTimerQueueTimer
WaitForMultipleObjectsEx
FindClose
GetTimeFormatA
CreateProcessW
ReleaseMutex
CreateEventW
DosDateTimeToFileTime
GetCPInfoExA
FoldStringW
GetProcAddress
TransmitCommChar
GetLongPathNameW
SearchPathA
GetThreadIOPendingFlag
TryEnterCriticalSection
SetEvent
OpenEventW
SetConsoleActiveScreenBuffer
CallNamedPipeA
FlushConsoleInputBuffer
GetVersionExA
AttachConsole
WriteConsoleOutputCharacterA
GetEnvironmentStrings
EnumSystemGeoID
AddVectoredExceptionHandler
GetLargestConsoleWindowSize
GetConsoleFontSize
GetModuleFileNameW
GlobalUnfix
HeapSize
SizeofResource
VirtualAllocEx
WriteTapemark
ScrollConsoleScreenBufferW
lstrlenW
lstrcpynW
FlushInstructionCache
GetFileAttributesExA
WTSGetActiveConsoleSessionId
CreateProcessA
GetOEMCP
OpenFileMappingA
SetFileShortNameW
CreateDirectoryW
EndUpdateResourceW
GetTickCount
GetConsoleTitleW
GetConsoleWindow
FreeConsole
FindAtomW
FlushFileBuffers
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
GetCurrentThreadId
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
OutputDebugStringA
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapFree
CloseHandle
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
FatalAppExitA
HeapAlloc
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
GetModuleHandleW
VirtualAlloc
HeapReAlloc
SetStdHandle
VirtualProtect

pdh

PdhGetDataSourceTimeRangeA
PdhGetRawCounterValue
PdhUpdateLogA

mprapi

MprConfigInterfaceTransportSetInfo
MprAdminMIBEntryGet
MprConfigTransportCreate
MprAdminMIBBufferFree

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

98e
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VtC
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

nCp
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

w/qyA]B5
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

]wrBt
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Tpf[wu
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

V
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

=IFpvq
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H!P9[PV
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

m{R%j~/u
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea4fc355a3730a9ef515924bb430fa0e

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

urlmon

clusapi

user32

ntdll

kernel32

pdh

mprapi

Sections

.text Size: 168KB - Virtual size: 166KB

.textbss Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 12KB

98e Size: 48KB - Virtual size: 44KB

VtC Size: 20KB - Virtual size: 16KB

CODE Size: 24KB - Virtual size: 23KB

nCp Size: 32KB - Virtual size: 28KB

w/qyA]B5 Size: 16KB - Virtual size: 12KB

]wrBt Size: 12KB - Virtual size: 11KB

.qdata Size: 28KB - Virtual size: 24KB

Tpf[wu Size: 28KB - Virtual size: 24KB

V Size: 36KB - Virtual size: 32KB

=IFpvq Size: 32KB - Virtual size: 30KB

H!P9[PV Size: 24KB - Virtual size: 21KB

.reloc Size: 16KB - Virtual size: 12KB

m{R%j~/u Size: 60KB - Virtual size: 56KB

.text
Size: 168KB - Virtual size: 166KB

.textbss
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 12KB

98e
Size: 48KB - Virtual size: 44KB

VtC
Size: 20KB - Virtual size: 16KB

CODE
Size: 24KB - Virtual size: 23KB

nCp
Size: 32KB - Virtual size: 28KB

w/qyA]B5
Size: 16KB - Virtual size: 12KB

]wrBt
Size: 12KB - Virtual size: 11KB

.qdata
Size: 28KB - Virtual size: 24KB

Tpf[wu
Size: 28KB - Virtual size: 24KB

V
Size: 36KB - Virtual size: 32KB

=IFpvq
Size: 32KB - Virtual size: 30KB

H!P9[PV
Size: 24KB - Virtual size: 21KB

.reloc
Size: 16KB - Virtual size: 12KB

m{R%j~/u
Size: 60KB - Virtual size: 56KB