422ed02db4e9b11e5a3a38553ca4e18e0e28253506aaebb3ab8735159e65e9ff

Sharing

Copy URL

Twitter E-mail

General

Target

422ed02db4e9b11e5a3a38553ca4e18e0e28253506aaebb3ab8735159e65e9ff
Size

248KB
MD5

91a294043f2a60fa0cd526327bf09e00
SHA1

d7443517a69a81e9e31ecef73393880609ee4801
SHA256

422ed02db4e9b11e5a3a38553ca4e18e0e28253506aaebb3ab8735159e65e9ff
SHA512

1ae4877d6a43f06ef17f2dc30dadcd30e0c183a67be34b5aa75995d4d4a4e66329c07dc7eb8bc043486dcc6b8adba46e089e5a48ba3c2c75271eb593b6567dee
SSDEEP

6144:Dtb8TsWD2MVA8vn6N8jb38SbY4sTYUZuTrGt:DSTsWD2Mm8vb3XbYZ9ZMrGt

Score

N/A

Malware Config

Signatures

Files

422ed02db4e9b11e5a3a38553ca4e18e0e28253506aaebb3ab8735159e65e9ff
.exe windows x86

9271a55fb6e2cf5425f59fd98bf2ba7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

advapi32

AdjustTokenPrivileges
CloseServiceHandle
GetUserNameA
ImpersonateSelf
InitializeSecurityDescriptor
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RevertToSelf
SetSecurityDescriptorDacl

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageA
FreeLibrary
GetACP
GetCommandLineW
GetComputerNameA
GetDateFormatA
GetModuleHandleA
GetProcessHeap
GetShortPathNameA
GetTempFileNameA
GetTempPathA
GetThreadLocale
GetTimeFormatA
GetTimeZoneInformation
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapFree
LeaveCriticalSection
LoadLibraryExA
LocalFree
MulDiv
OpenEventA
OpenMutexA
OutputDebugStringA
ReleaseMutex
ResetEvent
SetErrorMode
SetFileAttributesA
SetLastError
SystemTimeToTzSpecificLocalTime
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA
lstrcpynA
lstrlenA
GetModuleHandleW
GetProcAddress

netapi32

NetServerEnum

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
ioctlsocket
inet_addr
recv
send
socket

comctl32

ImageList_Draw
ImageList_GetIconSize

comdlg32

GetOpenFileNameW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
GetClipBox
GetDCOrgEx
GetDeviceCaps
GetObjectW
GetTextExtentExPointW
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SetBkMode
StretchDIBits

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteW
SHGetPathFromIDListA

user32

BeginPaint
BringWindowToTop
CharPrevA
CharToOemA
CharUpperA
ClientToScreen
CloseClipboard
DestroyIcon
DrawTextExW
DrawTextW
EndPaint
EqualRect
ExitWindowsEx
FindWindowExW
GetCursorPos
GetDC
GetForegroundWindow
GetLastActivePopup
GetSystemMetrics
GetWindowInfo
GetWindowPlacement
GetWindowRect
InflateRect
IntersectRect
InvalidateRect
IsIconic
IsZoomed
KillTimer
MessageBoxA
OffsetRect
OpenClipboard
PostMessageA
PtInRect
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SendMessageW
SetCapture
SetFocus
SetForegroundWindow
SetTimer
SetWindowPos
SystemParametersInfoA
WinHelpA

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
IsEqualGUID
RegisterDragDrop
RevokeDragDrop

oleaut32

OleLoadPicture
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

w32topl

ToplListCreate

mssign32

PvkPrivateKeyAcquireContextA
SignerSign

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hyrw
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LXkP
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VRczt
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mhgjD
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AMEkpF
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9271a55fb6e2cf5425f59fd98bf2ba7a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

kernel32

netapi32

version

wsock32

comctl32

comdlg32

gdi32

shell32

user32

ole32

oleaut32

w32topl

mssign32

Sections

.text Size: 18KB - Virtual size: 18KB

.hyrw Size: 1KB - Virtual size: 1KB

.LXkP Size: 512B - Virtual size: 302B

.rdata Size: 5KB - Virtual size: 4KB

.VRczt Size: 1KB - Virtual size: 2KB

.mhgjD Size: 1KB - Virtual size: 2KB

.data Size: 213KB - Virtual size: 213KB

.Wz Size: 1KB - Virtual size: 1KB

.AMEkpF Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.hyrw
Size: 1KB - Virtual size: 1KB

.LXkP
Size: 512B - Virtual size: 302B

.rdata
Size: 5KB - Virtual size: 4KB

.VRczt
Size: 1KB - Virtual size: 2KB

.mhgjD
Size: 1KB - Virtual size: 2KB

.data
Size: 213KB - Virtual size: 213KB

.Wz
Size: 1KB - Virtual size: 1KB

.AMEkpF
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB