a11d18764891c899130fa8e7bb976d363578cc185b661909d601d33898dad4eb

Sharing

Copy URL Twitter E-mail

General

Target

a11d18764891c899130fa8e7bb976d363578cc185b661909d601d33898dad4eb
Size

1.4MB
MD5

90c9396e5abb07c11dc6034b9a614030
SHA1

b927fbc47e86dcf428f179e4a67de06f8a6611c5
SHA256

a11d18764891c899130fa8e7bb976d363578cc185b661909d601d33898dad4eb
SHA512

916b40e4a609a556a8810b6ecb85c5b4f5ae0555826240c543bdcdd3934caea582daa480e6558de8ed94a315fb07dc83a669b62ccc0a2f43654674f14a18e589
SSDEEP

24576:jE3F/BPheMaGfw/U8FEs3PYvZ8CQTaGg72yu6GkUWi8abPEgK/Xzwi1VQiPS57jd:MP7aGfeV39BTar2zWOEgK/Xzw085PtLf

Score

N/A

Malware Config

Signatures

Files

a11d18764891c899130fa8e7bb976d363578cc185b661909d601d33898dad4eb
.exe windows x86

29417fcd7822e1b215f93bf006eadc95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetTempPathW
GetFileAttributesW
CreateDirectoryW
IsWow64Process
CreateFileW
GetFileTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetLocalTime
SystemTimeToFileTime
GetModuleFileNameW
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexW
OpenFileMappingW
SetErrorMode
GetExitCodeProcess
OpenMutexW
WideCharToMultiByte
CopyFileW
GetSystemInfo
GetLocaleInfoW
GetTimeZoneInformation
GlobalMemoryStatusEx
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FreeLibrary
GlobalFree
TerminateProcess
WaitForSingleObjectEx
FindResourceW
SizeofResource
LoadResource
LockResource
SetFilePointer
WriteFile
InitializeCriticalSection
DeviceIoControl
SetEndOfFile
DeleteFileW
lstrcmpiW
LoadLibraryExW
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileSize
FlushFileBuffers
GetFileType
LoadLibraryW
GetSystemDirectoryW
OutputDebugStringW
MoveFileExW
GetTickCount
GetProcessTimes
CompareFileTime
GetFileAttributesExW
GetTempFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalAlloc
DebugBreak
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
SetStdHandle
ReadConsoleW
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineW
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
GetStringTypeW
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
MulDiv
OpenEventW
lstrcpyW
WaitForMultipleObjects
GetModuleHandleW
DuplicateHandle
GetCurrentProcess
CreateThread
SetEnvironmentVariableW
ExitThread
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
TerminateThread
ResetEvent
CreateEventW
LocalAlloc
FileTimeToSystemTime
lstrcmpA
GetCurrentProcessId
DeleteCriticalSection
CreatePipe
DecodePointer
GetCurrentThreadId
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
SetHandleInformation
CreateProcessW
FormatMessageW
LocalFree
GetLastError
GetComputerNameW
lstrlenA
lstrlenW
SetLastError
MultiByteToWideChar
OpenProcess
Sleep
Thread32Next
Thread32First
InterlockedExchange
CloseHandle
Process32NextW
Process32FirstW
GetEnvironmentVariableW
CreateToolhelp32Snapshot

user32

GetClassNameW
SendMessageTimeoutW
FindWindowExW
FindWindowW
IsWindowVisible
GetParent
DdeInitializeW
GetWindowThreadProcessId
EnumThreadWindows
ScreenToClient
GetWindowTextW
DdeCreateStringHandleW
GetWindowLongW
LoadImageW
DialogBoxParamW
DdeUninitialize
DdeClientTransaction
DdeGetData
DdeFreeStringHandle
DestroyWindow
DdeDisconnect
GetWindow
DefWindowProcW
PostMessageW
MoveWindow
MessageBoxW
EnumChildWindows
wsprintfW
UnregisterClassW
GetDlgItem
SendMessageW
SetWindowTextW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
LoadIconW
ShowWindow
SetTimer
SetForegroundWindow
GetActiveWindow
CharNextW
EnableWindow
CreateDialogParamW
InvalidateRect
IsWindow
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
EndDialog
GetMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
IsDialogMessageW
SetWindowLongW
LoadStringW
GetDlgCtrlID
ReleaseDC
GetDC
DdeConnect

ws2_32

WSAStartup
socket
getaddrinfo
ntohs
WSAGetLastError
WSACleanup
closesocket
send
connect
htons

gdi32

CreateFontW
CreateSolidBrush
SetBkMode
GetDeviceCaps
SetLayout
GetStockObject

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegOpenKeyW
RegQueryValueW
RegEnumValueW
RegNotifyChangeKeyValue
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ord680

ole32

CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VarUI4FromStr
VariantClear
SysAllocString

oleacc

AccessibleChildren
AccessibleObjectFromWindow

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose
CryptQueryObject
CertGetNameStringW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetNetworkParams
GetExtendedTcpTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

rpcrt4

UuidToStringA
RpcStringFreeA

wininet

InternetSetOptionW
HttpSendRequestW
InternetWriteFile
HttpAddRequestHeadersW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestExW
InternetOpenW
HttpOpenRequestW
HttpQueryInfoW
InternetGetLastResponseInfoW
HttpEndRequestW
InternetCloseHandle
InternetConnectW

Sections

.text
Size: 858KB - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29417fcd7822e1b215f93bf006eadc95

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

advapi32

shell32

ole32

oleaut32

oleacc

comctl32

psapi

crypt32

version

iphlpapi

winhttp

rpcrt4

wininet

Sections

.text Size: 858KB - Virtual size: 858KB

.rdata Size: 256KB - Virtual size: 255KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 238KB - Virtual size: 238KB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 858KB - Virtual size: 858KB

.rdata
Size: 256KB - Virtual size: 255KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 238KB - Virtual size: 238KB

.reloc
Size: 42KB - Virtual size: 42KB