a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247

Sharing

Copy URL

Twitter E-mail

General

Target

a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
Size

380KB
MD5

a2481f0e6e6ba5262846a3c9919fc3f0
SHA1

ea7f82eb961fe7846d9d50ac256c005722cbdd93
SHA256

a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
SHA512

c130d91021a55836a07cce65bb545f86f3a309ff8545646bdf49430eae6d2729f217878fd9bf6e08d40223cf5de97474a054eb3dd274e24fa244721df5ad3603
SSDEEP

6144:dhdo9xPW/afhV3ceWu5e2Rio6AMqXv+/WgTO3x5N22vWvLRKKAX5l++SyVI:Twsafhege+6AMq/+bT85I2vCMX5l+Zn

Score

N/A

Malware Config

Signatures

Files

a8ff366f374462d0dfda4205b58c93f2c98b0fecf7e81de4b12725cd3e938247
.exe windows x86

399222cc49e94a8a9ac383f67a0e86d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
memcpy
memmove
_vsnprintf
_vsnwprintf
_purecall
memset

kernel32

MultiByteToWideChar
lstrcmpA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
FormatMessageW
CreateMutexW
ReleaseMutex
FindResourceExW
LoadResource
SizeofResource
LockResource
GetEnvironmentVariableW
CreateProcessW
CreateThread
GetFileTime
ResumeThread
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
GetNativeSystemInfo
GetVersionExW
GetCurrentThreadId
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
CopyFileExW
GetUserDefaultUILanguage
SetLastError
GetFileSizeEx
FlushFileBuffers
ReadFile
WriteFile
SetFileTime
SetFilePointerEx
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
GetSystemTime
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
SetFileAttributesW
CreateFileW
GetFileAttributesW
Sleep
MoveFileExW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
WaitForMultipleObjects
ResetEvent
GetTempPathW
GetTickCount
GetLogicalDrives
GetDriveTypeW
LocalFree
CloseHandle
CreateEventW
GetLastError
GetHandleInformation
SetThreadPriority
GetModuleFileNameW
GetTimeFormatW
GetCurrentThread
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetDateFormatW
GetCommandLineW
ExitProcess

user32

IsDialogMessageW
MessageBoxW
MessageBoxIndirectW
InSendMessage
ClientToScreen
GetWindowLongW
GetClassNameW
GetCaretPos
TrackPopupMenu
AppendMenuW
GetCursorPos
CreatePopupMenu
SetMenuDefaultItem
DestroyMenu
LoadIconW
CloseClipboard
EmptyClipboard
SetClipboardData
GetScrollInfo
SystemParametersInfoW
ScrollWindowEx
GetForegroundWindow
UpdateWindow
ReplyMessage
InvalidateRect
SetForegroundWindow
UnregisterClassW
MonitorFromPoint
SetScrollInfo
GetKeyState
EndPaint
ScreenToClient
GetWindowRect
DrawTextW
GetParent
GetClientRect
BeginPaint
DrawFocusRect
IntersectRect
GetDlgItem
SendMessageW
GetDlgCtrlID
SetWindowTextW
MoveWindow
GetDC
ReleaseDC
CharLowerW
CreateDialogParamW
EndDialog
SetWindowLongW
DialogBoxParamW
DefWindowProcW
GetMonitorInfoW
IsWindowVisible
AdjustWindowRectEx
CreateWindowExW
ShowWindow
SetWindowPos
MonitorFromWindow
DestroyWindow
GetWindowTextLengthW
GetWindowTextW
PostMessageW
KillTimer
SetFocus
RegisterClassExW
FlashWindowEx
GetSystemMetrics
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
OpenClipboard
SetTimer

advapi32

CryptDecrypt
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptExportKey
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
DuplicateToken
CheckTokenMembership
CreateWellKnownSid
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegSetValueExW
InitializeSecurityDescriptor
CryptDestroyKey
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptGenKey
CryptEncrypt
CryptImportKey
CryptAcquireContextW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteExW

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
DeleteDC
SetTextColor
GetObjectA
CreateFontIndirectW

comctl32

InitCommonControlsEx
ord413
ord410

shlwapi

PathUnquoteSpacesW
ord12
StrCmpNW
PathFindFileNameW
StrCmpW
StrChrW
StrCmpIW
PathMatchSpecW
PathRemoveBackslashW
PathAddBackslashW
PathGetArgsW
PathRemoveFileSpecW
PathQuoteSpacesW
PathAddExtensionW

msimg32

AlphaBlend

wininet

InternetWriteFile
InternetReadFile
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusStartup
GdipDeleteBrush
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipGetImageEncoders
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateLineBrushFromRectI
GdipCreateBitmapFromHICON
GdipSetTextRenderingHint
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipFlush
GdipDeleteFontFamily
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipFillRectangleI
GdiplusShutdown
GdipSaveImageToStream
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdipCreateSolidFill

ole32

CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

399222cc49e94a8a9ac383f67a0e86d1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

uxtheme

gdi32

comctl32

shlwapi

msimg32

wininet

gdiplus

ole32

crypt32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 8KB - Virtual size: 8KB