843e3922170c2ef0b4b5ee8fd07d468c59763b8f7c7b4b690a3228d439c1e0d8

Sharing

Copy URL Twitter E-mail

General

Target

843e3922170c2ef0b4b5ee8fd07d468c59763b8f7c7b4b690a3228d439c1e0d8
Size

454KB
MD5

610211d9e645808808d3f20c8af1e4fa
SHA1

5a99f8cb27d564af16ca73d3da6dd29a6543a397
SHA256

843e3922170c2ef0b4b5ee8fd07d468c59763b8f7c7b4b690a3228d439c1e0d8
SHA512

4ec7f38c6ae4c6cd390e397d9972ab4c6bf10710ce629dc07dfa6127ad8204756d4b2042f90723eef724ce1b4cde4d7b61188dd7df7a041c5718b41671fca888
SSDEEP

6144:f24GsRhNBC0BD/7GrQI8/JImgC6bwvkgL3KPvz63OSPbKImDjvuzr3:LhnC0BD7VIGgC6b2kgL3h3OSPbKIsvu

Score

N/A

Malware Config

Signatures

Files

843e3922170c2ef0b4b5ee8fd07d468c59763b8f7c7b4b690a3228d439c1e0d8
.exe windows x86

b0f968d6ed1a73bcaba7c8017d0b58c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueExW
RegEnumValueW
RegEnumKeyW

kernel32

GetProcessHeap
WaitForSingleObject
SetEvent
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
LockResource
FindResourceExW
SetInformationJobObject
CreateJobObjectW
GetSystemTime
GetWindowsDirectoryW
QueueUserWorkItem
UnregisterWait
RegisterWaitForSingleObject
OpenProcess
InitializeCriticalSection
TerminateJobObject
HeapSetInformation
SystemTimeToFileTime
DeleteTimerQueueTimer
InterlockedExchange
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
CreateTimerQueueTimer
DeleteFileW
OpenJobObjectW
AssignProcessToJobObject
CreateTimerQueue
DeleteTimerQueueEx
WideCharToMultiByte
LocalFree
FileTimeToSystemTime
GetDateFormatW
CloseHandle
lstrlenA
GetFileAttributesW
GetCommandLineW
LoadLibraryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
CompareFileTime
CompareStringA
CreateFileMappingW
MapViewOfFile
CreateMutexW
DuplicateHandle
CreateProcessW
ReleaseMutex
UnmapViewOfFile
GetVersionExW
GetUserGeoID
GetGeoInfoW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
ReadFile
FileTimeToLocalFileTime
lstrcmpA
LocalAlloc
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
RtlUnwind
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetFileAttributesW
FlushFileBuffers
WriteConsoleW
lstrlenW
GetTimeFormatW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetStartupInfoW
DecodePointer
EncodePointer
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
SetStdHandle

gdi32

GetDeviceCaps

user32

DefWindowProcW
SetWindowLongW
CharNextW
DispatchMessageW
TranslateMessage
GetWindowLongW
PostThreadMessageW
CharUpperW
CharLowerBuffW
SystemParametersInfoW
GetWindowRect
SendMessageW
GetActiveWindow
RegisterClassW
SetTimer
CreateWindowExW
ReleaseDC
GetDC
GetMessageW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoResumeClassObjects
CoTaskMemFree
CoReleaseServerProcess
StringFromCLSID
CoCreateGuid
CoInitialize
CoDisconnectObject
CoMarshalInterThreadInterfaceInStream
CoSuspendClassObjects
CoAddRefServerProcess
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoRegisterClassObject

oleaut32

VariantChangeType
VarBstrCat
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VarBstrCmp
SafeArrayGetVartype
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrRChrW

crypt32

CryptMsgGetAndVerifySigner
CryptUnprotectData
CryptProtectData
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject
CryptMsgGetParam
CertFreeCertificateChain
CryptHashPublicKeyInfo
CryptQueryObject

wininet

HttpSendRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW

defmgr

SetDefaultInfo

wsock32

WSAAsyncSelect
WSAGetLastError
socket
send
recv
WSAAsyncGetHostByName
WSAStartup
htons
connect
shutdown
closesocket

cabinet

ord21
ord22
ord23
ord20

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0f968d6ed1a73bcaba7c8017d0b58c5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

shlwapi

crypt32

wininet

defmgr

wsock32

cabinet

Sections

.text Size: 256KB - Virtual size: 256KB

.data Size: 26KB - Virtual size: 33KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 71KB - Virtual size: 72KB

.text
Size: 256KB - Virtual size: 256KB

.data
Size: 26KB - Virtual size: 33KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 71KB - Virtual size: 72KB