0800d29fec964bf410c7ea75e21ea522d914a1ec591669c9cdc236a3a380d35a

Sharing

Copy URL

Twitter E-mail

General

Target

0800d29fec964bf410c7ea75e21ea522d914a1ec591669c9cdc236a3a380d35a
Size

809KB
MD5

62b68454c7f4df115c79acd8f1b417f0
SHA1

665a7a1feb21731a9a4b871aac1b30e2d5d48e7a
SHA256

0800d29fec964bf410c7ea75e21ea522d914a1ec591669c9cdc236a3a380d35a
SHA512

07fb448a36f2793766ae7a2c046c94382cba7c9702b5fc8e2fa0efd457efddb50452348beee7c65a36488ca7429e4a144e609a13cf659a0e2091e39d238b209c
SSDEEP

24576:V023oBxRmoHJlU00ZXgcz+0d5jZQo5sEw6Y7LzNGdeVN:V04oxdHJlceAPPZh5sEw66LzNGK

Score

N/A

Malware Config

Signatures

Files

0800d29fec964bf410c7ea75e21ea522d914a1ec591669c9cdc236a3a380d35a
.exe windows x64

68e56344cab250384904953e978b70a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventWrite
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
EventRegister
EventUnregister
RevertToSelf
GetTokenInformation
CreateWellKnownSid
IsValidSid
SetTokenInformation
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
OpenSCManagerW
StartServiceW
ControlService
OpenThreadWaitChainSession
GetThreadWaitChain
CloseThreadWaitChainSession

kernel32

CallbackMayRunLong
OpenProcess
TrySubmitThreadpoolCallback
IsWow64Process
GetPriorityClass
GetTimeFormatW
GetExitCodeThread
GetTempPathW
CreateFileW
DuplicateHandle
GetModuleFileNameW
LocalFree
GetLogicalProcessorInformationEx
GetNumaHighestNodeNumber
SetEvent
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
Sleep
lstrcmpW
GetComputerNameW
GetCommandLineW
LoadLibraryExA
DelayLoadFailureHook
ReadProcessMemory
lstrcmpiW
CompareStringW
lstrlenW
GetLocaleInfoW
GetNumberFormatW
GetTickCount
HeapSize
MulDiv
HeapReAlloc
FormatMessageW
CloseThreadpoolCleanupGroup
SetProcessShutdownParameters
CreateEventW
CreateThreadpoolCleanupGroup
GetErrorMode
SetErrorMode
GetCurrentProcessId
ProcessIdToSessionId
SetPriorityClass
DeviceIoControl
SetLastError
LockResource
LoadResource
FindResourceExW
HeapSetInformation
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW
CreateThread
CloseHandle
ReleaseMutex
CloseThreadpoolCleanupGroupMembers
GetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
QueryFullProcessImageNameW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW

gdi32

SetBkMode
GetCurrentObject
GetObjectW
CreateFontIndirectW
GetCharWidth32W
CreateCompatibleBitmap
SetBkColor
DeleteDC
CreateCompatibleDC
SetTextColor
GetDeviceCaps
Rectangle
BitBlt
LineTo
MoveToEx
SelectObject
DeleteObject
GetStockObject
CreatePen

user32

SendMessageTimeoutW
SetProcessDPIAware
RegisterWindowMessageW
MessageBoxW
CreateDialogParamW
ChangeWindowMessageFilterEx
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadMenuW
RemoveMenu
DestroyMenu
CreateWindowExW
DrawTextW
InvalidateRect
UpdateWindow
GetWindowLongPtrW
GetSysColor
GetDlgCtrlID
EnableMenuItem
AppendMenuW
DialogBoxParamW
SetScrollInfo
GetScrollInfo
SetScrollPos
EndDialog
GetSystemMetrics
GetGuiResources
EnableWindow
TrackPopupMenuEx
GetWindowTextW
SetDlgItemTextW
IsHungAppWindow
SetThreadDesktop
IsWindowVisible
EndTask
AllowSetForegroundWindow
EnumDesktopsW
GetProcessWindowStation
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
InternalGetWindowText
ShowWindowAsync
SetMenuDefaultItem
GetLastActivePopup
IsWindow
SwitchToThisWindow
TileWindows
GetDesktopWindow
CascadeWindows
PeekMessageW
GetCursorPos
CheckDlgButton
IsDlgButtonChecked
GetWindowTextLengthW
SetCursor
LoadCursorW
SetRect
MsgWaitForMultipleObjects
FindWindowW
SetFocus
GetNextDlgTabItem
GetClassNameW
GetFocus
GetParent
GetMonitorInfoW
MonitorFromPoint
LoadAcceleratorsW
PostQuitMessage
MessageBeep
RedrawWindow
MoveWindow
GetClassLongPtrW
GetWindowThreadProcessId
DefWindowProcW
GetMenuItemID
GetSubMenu
IsZoomed
IsIconic
SetForegroundWindow
OpenIcon
KillTimer
DestroyWindow
PostMessageW
LoadImageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ShowWindow
GetShellWindow
SetWindowLongPtrW
GetMenuItemInfoW
SetTimer
LoadIconW
GetThreadDesktop
GetDialogBaseUnits
GetWindowRect
PostThreadMessageW
GetForegroundWindow
SendMessageW
MapWindowPoints
GetDlgItem
SetMenu
SetWindowPos
DeleteMenu
CheckMenuItem
CheckMenuRadioItem
GetMenu
SetWindowTextW
LoadStringW
RegisterClassW
GetClassInfoW
ReleaseDC
GetDC
SystemParametersInfoW
GetKeyState
CallWindowProcW
GetSysColorBrush
FillRect
GetClientRect
GhostWindowFromHungWindow
HungWindowFromGhostWindow
SetWindowLongW
GetWindowLongW
DestroyIcon

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_XcptFilter
__C_specific_handler
__wgetmainargs
_wtol
??3@YAXPEAX@Z
swscanf_s
memmove
_ui64tow_s
wcsstr
_i64tow_s
_wcsicmp
wcsrchr
_vsnwprintf
_wcsdup
??2@YAPEAX_K@Z
memset
_exit
memcpy
free
towlower

iphlpapi

GetIfEntry2
NhGetInterfaceNameFromDeviceGuid
GetAdaptersAddresses

comctl32

CreateStatusWindowW
ord17
ord345
ord334
ord336
ord338
ord328
ord329
ord331
ImageList_Remove
ImageList_ReplaceIcon
ord337
ImageList_SetIconSize
ImageList_Create

pcwum

PcwCollectData
PcwAddQueryItem
PcwCreateQuery

shlwapi

StrFormatByteSizeW
ord16
PathAddExtensionW
PathRemoveExtensionW
PathAppendW
StrStrW
ord348
ord618
ord437
ord158

shell32

ord61
ShellAboutW
ShellExecuteExW
ord245
ord75
SHParseDisplayName
SHOpenFolderAndSelectItems
CommandLineToArgvW
ord100
DuplicateIcon
Shell_NotifyIconW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlTryEnterCriticalSection
NtSetInformationFile
NtSetInformationProcess
NtOpenProcessToken
NtOpenThreadToken
NtOpenFile
RtlTimeToElapsedTimeFields
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtQueryInformationProcess
NtQueryTimerResolution
RtlInitUnicodeString
RtlNtStatusToDosError
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQuerySystemInformation
WinSqmAddToStream
NtQueryInformationToken
NtClose

secur32

GetUserNameExW

uxtheme

IsThemeActive
SetWindowTheme

wevtapi

EvtSubscribe
EvtClose

credui

CredUIPromptForCredentialsW

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 560KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

68e56344cab250384904953e978b70a9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

iphlpapi

comctl32

pcwum

shlwapi

shell32

ntdll

secur32

uxtheme

wevtapi

credui

Sections

.text Size: 152KB - Virtual size: 152KB

.data Size: 2KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 560KB - Virtual size: 2.5MB

.text
Size: 152KB - Virtual size: 152KB

.data
Size: 2KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 560KB - Virtual size: 2.5MB