e17a4f632dceffc1b08039332377ac5dddf6ee037fc23be85102468be25c31e6

Sharing

Copy URL

Twitter E-mail

General

Target

e17a4f632dceffc1b08039332377ac5dddf6ee037fc23be85102468be25c31e6
Size

107KB
MD5

4f88705cc681c07fce17a21a59cb97a0
SHA1

c0799e5de3b78b7db439645932163999d81e138d
SHA256

e17a4f632dceffc1b08039332377ac5dddf6ee037fc23be85102468be25c31e6
SHA512

f90c6b1dd8385020e44c0582fb6ca70804e9dc2a6abdf47bda77563b5c765f770605c0632e739936f70ebfc40d601f442eb66fd400b58cf0b2a04c823ad74db7
SSDEEP

1536:/eCVTd5dCDHDOnq3h9DtcjXIrPzc4pSttMTiQHApfdhtp2+jNyI60fi8WpAQphdC:2AdMqqED0I1ttnjX2kNydGxWpAUhs

Score

N/A

Malware Config

Signatures

Files

e17a4f632dceffc1b08039332377ac5dddf6ee037fc23be85102468be25c31e6
.exe windows x86

4b0349cb5dde091c2fb0e50a02be5440

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetDeviceCaps
D3DKMTSetProcessSchedulingPriorityClass
GetRandomRgn
GetStockObject
CreateCompatibleBitmap
DeleteObject
GetDIBits
BitBlt
DeleteDC
GetRgnBox
SelectObject
SelectClipRgn
CreateCompatibleDC
CombineRgn
OffsetRgn
GdiAlphaBlend
CreateRectRgn
CreateDIBSection

user32

GetClassNameW
UpdateWindow
SetWindowTextW
DestroyIcon
GetWindowThreadProcessId
GetWindowRect
OffsetRect
SetClassLongW
MonitorFromWindow
AdjustWindowRectEx
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
GetSystemMetrics
MsgWaitForMultipleObjectsEx
PostMessageW
RegisterErrorReportingDialog
RegisterGhostWindow
HungWindowFromGhostWindow
InternalGetWindowIcon
GhostWindowFromHungWindow
RegisterFrostWindow
OpenThreadDesktop
GetWindow
CloseDesktop
GetPropW
UnregisterSessionPort
RegisterSessionPort
CheckDesktopByThreadId
DwmStopRedirection
DwmStartRedirection
SetForegroundWindow
IsHungAppWindow
MessageBeep
IsWindowEnabled
EnumWindows
FlashWindowEx
SendMessageTimeoutW
IsWindow
GetCaretBlinkTime
EndTask
OpenDesktopW
IsDialogMessageW
GetAncestor
SetThreadDesktop
EndPaint
ClientToScreen
InternalGetWindowText
GetUpdateRgn
SetTimer
IsIconic
FillRect
KillTimer
IsZoomed
GetTitleBarInfo
GetWindowInfo
LogicalToPhysicalPoint
GetClientRect
BeginPaint
ChangeWindowMessageFilterEx
InvalidateRect
GetWindowLongW
GetWindowTextW
GetDCEx
SetWindowLongW
ShowWindow
GetSysColorBrush
CreateDialogParamW
PostThreadMessageW
IsWindowVisible
GetGuiResources
SetWindowPos
LoadStringW
LoadIconW
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterPowerSettingNotification
ReleaseDC
GetDC
PostQuitMessage
DestroyWindow
UnregisterPowerSettingNotification
DefWindowProcW
CreateWindowExW
RegisterClassExW
GetThreadDesktop
GetUserObjectInformationW
SystemParametersInfoW
SendMessageW

msvcrt

memset
_unlock
__dllonexit
_wcsnicmp
_onexit
_except_handler4_common
_CIsqrt
memcpy
_wcsupr_s
wcschr
wcsncpy_s
wcsrchr
??_U@YAPAXI@Z
??_V@YAXPAX@Z
rand
srand
_wcsicmp
_purecall
_lock
_vsnwprintf
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
memmove
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
_ftol2

ntdll

DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlCaptureStackBackTrace
WinSqmAddToStreamEx
WinSqmIsOptedIn
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtRequestPort
NtConnectPort
NtRequestWaitReplyPort
RtlUpcaseUnicodeChar
WinSqmIncrementDWORD
RtlNtStatusToDosError
EtwEventWriteNoRegistration
NtClose
NtWaitForSingleObject
NtOpenEvent
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtQueryInformationProcess
NtReplyPort
NtCreateWaitablePort
RtlInitUnicodeString
RtlInsertElementGenericTable
RtlIsGenericTableEmpty
RtlLookupElementGenericTable
RtlInitializeGenericTable
EtwEventEnabled
EtwEventRegister
EtwEventUnregister
RtlEnumerateGenericTableWithoutSplaying
RtlDeleteElementGenericTable
WinSqmAddToStream
EtwEventWrite

uxtheme

CloseThemeData
OpenThemeData

imm32

ImmDisableIME

dwmredir

DwmRedirectionManagerLockMemoryAllocations
DwmRedirectionManagerEnableMMCSS
DwmRedirectionManagerPlayingVideo
DwmInitializeTransport
DwmShutdownTransport
DwmRedirectionManagerShutdown
DwmRedirectionManagerShouldRemainOnHibernate
DwmRedirectionManagerDispatchMessage
DwmRedirectionManagerFailMessage
DwmRedirectionManagerWaitForMultipleObjects
DwmVersionCheck

dwmcore

MilChannel_CommitChannel
MilComposition_WaitForNextMessage
MilCompositionEngine_UpdateSchedulerSettings
MilResource_SendCommand
MilChannel_GetMarshalType
MilConnection_CreateChannel
MilConnection_HandleSfmEventOnPartition
MilConnection_ClearSfmEventOnPartition
MilConnection_DestroyChannel
MilComposition_PeekNextMessage

kernel32

InterlockedExchange
GetStartupInfoA
GetModuleHandleA
LocalAlloc
LocalFree
ResumeThread
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
WaitForMultipleObjectsEx
IsWow64Process
RegSetValueExW
RegCreateKeyExW
QueryPerformanceCounter
SetThreadPriority
CreateThread
OpenProcess
ReleaseMutex
CreateMutexW
SetEvent
OpenEventW
SignalObjectAndWait
UnhandledExceptionFilter
GetCurrentThread
TerminateThread
TerminateProcess
DebugBreak
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
IsDebuggerPresent
GetModuleHandleW
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
DelayLoadFailureHook
Sleep
GetUserDefaultLangID
FormatMessageW
GetExitCodeThread
WaitForSingleObject
RegisterWaitForSingleObject
GetThreadId
GetTickCount
ProcessIdToSessionId
CreateEventW
GetCurrentProcessId
SetProcessWorkingSetSize
GetSystemTimeAsFileTime
RegGetValueW
GetSystemInfo
GetCurrentProcess
GetProcAddress
LoadLibraryW
SetErrorMode
QueryFullProcessImageNameW
ExitProcess
GetCurrentThreadId
SetProcessShutdownParameters
SetUnhandledExceptionFilter
HeapSetInformation
WerSetFlags
SetLastError
CloseHandle
GetLastError
GetTickCount64
DeleteCriticalSection
InitializeCriticalSection
QueueUserWorkItem
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b0349cb5dde091c2fb0e50a02be5440

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

ntdll

uxtheme

imm32

dwmredir

dwmcore

kernel32

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 21KB - Virtual size: 24KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 21KB - Virtual size: 24KB