e587d829a051e98450c3d1aeb0a65037dbd4c9d44f944a2c1b4fb622658a75b0

Sharing

Copy URL

Twitter E-mail

General

Target

e587d829a051e98450c3d1aeb0a65037dbd4c9d44f944a2c1b4fb622658a75b0
Size

156KB
MD5

05c233c5a1a4342f1c19f72028118e76
SHA1

2263b502166719c80b9310bc7340b106e78cb7c6
SHA256

e587d829a051e98450c3d1aeb0a65037dbd4c9d44f944a2c1b4fb622658a75b0
SHA512

af61e4122499680a216162803fed09e133341326dea5c0c3fbd46baacf659422060cc973f33fc0ae3823abb7b94a28a1dcf6be1834f23dfde5dacd7e3adf1b06
SSDEEP

3072:BAx+feo6RSH+/C+J6b0BaaDDkjcZ2qx5IR64sRUDhwf:BAUd6RgGC2BBaaDDkjiIc4sWdw

Score

N/A

Malware Config

Signatures

Files

e587d829a051e98450c3d1aeb0a65037dbd4c9d44f944a2c1b4fb622658a75b0
.exe windows x86

dff48738bc056b7aaf1d6db663a2144b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

wininet

InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

shlwapi

StrPBrkA
StrChrW
PathFindFileNameW
PathMatchSpecW
PathUnquoteSpacesW
StrStrIA
StrChrIA
StrCpyNW
StrToIntA
StrChrA
StrCmpNIW
PathSkipRootW
StrCmpIW
PathRemoveExtensionW
StrToInt64ExA
StrSpnA
PathCombineW
StrStrIW
StrCmpNIA
StrCmpNW

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

imagehlp

CheckSumMappedFile

ws2_32

inet_ntoa
inet_addr
htonl
shutdown
closesocket
gethostbyname
WSAStartup
socket
sendto
htons

kernel32

GetLastError
GetVolumeInformationW
GetModuleHandleW
GetSystemWindowsDirectoryW
SetErrorMode
LockResource
GetSystemDirectoryW
lstrcatW
lstrlenW
GetProcAddress
GetDateFormatW
SetFilePointer
SetFilePointerEx
WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
Sleep
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
CreateEventW
SizeofResource
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
CreateThread
OpenMutexW
FindResourceW
FreeResource
LocalFree
ExitProcess
CreateDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
GetSystemWow64DirectoryW
lstrcpynW
TerminateProcess
FlushInstructionCache
FlushFileBuffers
GetTempPathW
VirtualAllocEx
CreateFileMappingW
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
LoadResource
CreateMutexW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
TlsAlloc
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
IsBadWritePtr
lstrcpynA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcpyA
GetEnvironmentVariableW
GetVersionExW
lstrcmpiA
GetTickCount
IsBadStringPtrW
GetModuleFileNameA
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
QueryDosDeviceW
FindNextFileW
IsBadReadPtr
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
GetComputerNameA
IsBadCodePtr
IsBadStringPtrA
GetCurrentThreadId
WaitForMultipleObjects
SearchPathW
CreateToolhelp32Snapshot
VirtualProtect
OpenProcess
GetModuleHandleA
lstrcmpiW
GetHandleInformation
Process32NextW
GetSystemInfo
CreateFileW
Process32FirstW
RtlUnwind
ReadProcessMemory

advapi32

RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
CryptDestroyKey
CryptAcquireContextW
CryptGetKeyParam
SetKernelObjectSecurity
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
RegFlushKey
RegEnumValueW
RegDeleteValueW
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
GetLengthSid
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
CryptEncrypt
ConvertSidToStringSidW
RegQueryValueExW

user32

CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfA
GetForegroundWindow
CharLowerBuffA
GetLastInputInfo
wsprintfW
GetSystemMetrics
GetKeyboardLayoutList
RegisterClassExW
UnregisterClassW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoInitialize

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
ShellExecuteW

ntdll

memcpy
_aullshr
isspace
_chkstk
_alldiv
ZwQueryInformationProcess
memmove
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlFreeUnicodeString
ZwOpenSection
ZwQuerySystemInformation
ZwOpenDirectoryObject
ZwClose
ZwOpenProcess
_allmul
_allshl
_allshr
memset
_aulldvrm
NtQueryVirtualMemory

oleaut32

SysAllocString
SysFreeString

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dff48738bc056b7aaf1d6db663a2144b

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

kernel32

advapi32

user32

ole32

shell32

ntdll

oleaut32

netapi32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 29KB