c76e4231871affc70a7d362ee3a27585246a2d1bf85f2a1a0431fd69403b5535

Sharing

Copy URL Twitter E-mail

General

Target

c76e4231871affc70a7d362ee3a27585246a2d1bf85f2a1a0431fd69403b5535
Size

174KB
MD5

9169ec804241b4d9011ebbf73497d5d0
SHA1

45a5b800281fe7615810276c5b1744494b918b26
SHA256

c76e4231871affc70a7d362ee3a27585246a2d1bf85f2a1a0431fd69403b5535
SHA512

213f1a93af0fc595f9291a62e2675f910548a62dd0ea5748754cfbd4143f58763aa14585eaa65075447152cdc7bc66beedf8797ec1d18192e744c16853ddfd83
SSDEEP

3072:3Us1iIS93DXPmkHLDhCdRuIIEHp0apF568IqHeJBVZaASRyM:3UsLSBTPxHsRuIIKuapFbIdvaJRb

Score

N/A

Malware Config

Signatures

Files

c76e4231871affc70a7d362ee3a27585246a2d1bf85f2a1a0431fd69403b5535
.exe windows x86

a20df50035e4771ac68c769241c6d0e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapSize
OpenEventW
GetFileAttributesA
GetSystemDefaultUILanguage
SetFileAttributesW
WriteFile
GetCurrentDirectoryA
FindNextChangeNotification
UnhandledExceptionFilter
GetModuleHandleW
TlsSetValue
SetThreadLocale
DeleteCriticalSection
WideCharToMultiByte
CreateProcessA
InterlockedDecrement
GetFileType
EnumCalendarInfoW
EnterCriticalSection
GetStringTypeW
RtlUnwind
GetVolumeInformationA
FormatMessageW
DeleteVolumeMountPointW
GetExitCodeThread
VirtualQuery
GetFileSizeEx
InterlockedIncrement
GetTickCount
VirtualProtect
GetStartupInfoA
GetUserDefaultLCID
SetVolumeMountPointW
MultiByteToWideChar
GetVolumeNameForVolumeMountPointW
HeapDestroy
lstrlenA
SuspendThread
Process32NextW
CreateToolhelp32Snapshot
EnumSystemLocalesW
LCMapStringA
GetCPInfo
GetVersionExW
GlobalAlloc
CompareStringW
GetTempPathA
ReleaseMutex
GetStartupInfoW
lstrcpyW
GetFileSize
GetCurrentThread
CompareStringA
lstrcmpiW
SetHandleCount
GetCPInfoExW
LCMapStringW
HeapFree
GetModuleHandleA
InterlockedExchange
GetSystemDefaultLangID
ExpandEnvironmentStringsA
SleepEx
LoadLibraryExW
FindFirstFileW
ResetEvent
GetStdHandle
RemoveDirectoryA
ReadFile
ResumeThread
GetEnvironmentStrings
SetFilePointer
GetSystemDefaultLCID
GetModuleFileNameW
OpenThread
HeapAlloc
lstrlenW
GetSystemDirectoryW
GetLocalTime
LocalAlloc
GetStringTypeA
CreateFileW
GetCurrentProcess
GetComputerNameExA
WaitForSingleObject
LoadResource
SetFileAttributesA
GetFullPathNameW
CopyFileW
Process32FirstW
TryEnterCriticalSection
OpenProcess
lstrcpyA
GlobalFree
RemoveDirectoryW
VirtualQueryEx
SetLocalTime
OutputDebugStringW
CreateEventW
LockResource
CreateFileA
TlsAlloc
GetLastError
FileTimeToSystemTime
OpenMutexA
FindFirstChangeNotificationW
FindNextFileW
DeviceIoControl
VirtualAlloc
GetWindowsDirectoryA
GetVersionExA
TlsGetValue
GetThreadLocale
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetProcessHeap
GetSystemDirectoryA
CreateDirectoryA
GetThreadPriority
TerminateProcess
IsDebuggerPresent
GetExitCodeProcess
SetEndOfFile
DeleteFileW
ExitProcess
GetWindowsDirectoryW
lstrcpynW
MoveFileExW
SetConsoleCtrlHandler
Sleep
CreateProcessW
IsDBCSLeadByteEx
GetTempFileNameA
FindResourceA
GetTempPathW
GetModuleFileNameA
GetDiskFreeSpaceW
GetOEMCP
WaitForMultipleObjects
GetCommandLineW
FindResourceW
MoveFileExA
LoadLibraryA
CreateDirectoryW
CreateThread
GetLocaleInfoW
GetProcAddress
GetSystemInfo
FindClose
DeleteFileA
GetSystemTimeAsFileTime
SetThreadPriority
GetLocaleInfoA
SizeofResource
RaiseException
HeapCreate
GetVersion
FindNextFileA
LocalFree
FindFirstFileA
GetDateFormatW
GetACP
VirtualFree
CreateMutexW
TlsFree
GetCommandLineA
GetCurrentThreadId
IsValidLocale
SwitchToThread
GetUserDefaultUILanguage
FreeLibrary
GetTimeZoneInformation
GetFileInformationByHandle
CloseHandle
GetFileAttributesW
SetLastError
TerminateThread
CreateEventA
QueryPerformanceCounter
SetEvent

user32

RegisterWindowMessageA
SystemParametersInfoA
PostThreadMessageA
GetMessageA
ExitWindowsEx
KillTimer
MessageBoxA
CharNextW
CharUpperW
CreateWindowExW
DispatchMessageA
TranslateMessage
wsprintfW
LoadStringW
PeekMessageW
wsprintfA
SetTimer
ShowWindow
MessageBoxW
CallWindowProcA
MsgWaitForMultipleObjects
FindWindowA
CharUpperBuffW
GetWindowLongA
SetWindowLongA
EnumThreadWindows
GetWindowThreadProcessId
CharLowerBuffW
GetThreadDesktop

advapi32

RegCloseKey
RegEnumValueW
DuplicateTokenEx
LsaClose
RegDeleteValueA
IsTextUnicode
RegCreateKeyExW
SetTokenInformation
CryptEncrypt
ImpersonateLoggedOnUser
LsaEnumerateAccountsWithUserRight
StartServiceA
FreeSid
LogonUserA
CryptHashData
SetServiceStatus
LsaOpenPolicy
AllocateAndInitializeSid
GetTokenInformation
CryptDestroyKey
SetThreadToken
RegisterServiceCtrlHandlerExW
InitiateSystemShutdownA
CreateProcessAsUserW
RevertToSelf
ConvertSidToStringSidW
RegOpenCurrentUser
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
StartServiceCtrlDispatcherW
AdjustTokenPrivileges
RegDeleteKeyW
LookupAccountNameA
RegEnumValueA
RegCreateKeyExA
DuplicateToken
RegOpenKeyExA
RegQueryValueExW
OpenProcessToken
EqualSid
LsaFreeMemory
OpenThreadToken
CreateProcessAsUserA
CryptCreateHash
CryptReleaseContext
CryptDecrypt
RegQueryValueExA
RegDeleteValueW
LookupPrivilegeValueA
CryptAcquireContextA
CryptDeriveKey
RegSetValueExA
RegOpenKeyExW
RegSetValueExW
LsaRemoveAccountRights

ole32

IsEqualGUID
CoImpersonateClient
CoCreateInstance
CoSetProxyBlanket
CoRevertToSelf
CoInitialize
CoCreateGuid
CoUninitialize
CoInitializeSecurity
StringFromCLSID
CoInitializeEx

oleaut32

SafeArrayGetUBound
VariantCopy
SysStringLen
SysAllocString
SafeArrayGetLBound
GetErrorInfo
SafeArrayCreate
SafeArrayPtrOfIndex
SysAllocStringLen
SysReAllocStringLen
VariantChangeType
SysFreeString
SysStringByteLen
VariantClear
VariantInit

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

iphlpapi

GetAdaptersInfo

wsock32

htonl
sendto
ioctlsocket
recvfrom
ntohl
recv
socket
WSAGetLastError
bind
WSAStartup
ntohs
htons
inet_addr
setsockopt
connect
closesocket
getsockname
shutdown
WSACleanup
getpeername
send

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaGetInfo
NetUserAdd
NetLocalGroupAddMembers
NetUserDel

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSSendMessageW
WTSEnumerateSessionsA
WTSEnumerateSessionsW

msvcrt

__getmainargs
_i64tow
_iob
strtol
sscanf
sprintf
strtoul
strlen
fclose
fgets
puts
_CIsin
atoi
remove
strchr
strcpy
fgetc
memcpy
putchar
getenv
exit
_isctype
ungetc
memset
fwrite
strcspn
_onexit
fputc
_cexit
free
strncpy
signal
__mb_cur_max
_pctype
memmove
atexit
__set_app_type
realloc
__p__environ
_vsnprintf
fputs
abort
fopen
__p__fmode
fflush
_setmode
_assert
fread
malloc
strcmp
fprintf

userenv

GetProfileType
LoadUserProfileA
DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a20df50035e4771ac68c769241c6d0e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

comctl32

version

iphlpapi

wsock32

netapi32

wtsapi32

msvcrt

userenv

Sections

.text Size: 123KB - Virtual size: 122KB

.data3 Size: 4KB - Virtual size: 4KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 123KB - Virtual size: 122KB

.data3
Size: 4KB - Virtual size: 4KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 18KB - Virtual size: 18KB