8742586e2c2eb996cdc6d7678983e24f03b41543788616314303309f3efaa63a

Sharing

Copy URL Twitter E-mail

General

Target

8742586e2c2eb996cdc6d7678983e24f03b41543788616314303309f3efaa63a
Size

65KB
MD5

a158ef712f05ff926744193fc6a11920
SHA1

05107ba73de6e03a68ed607afc0a4a7b78e94738
SHA256

8742586e2c2eb996cdc6d7678983e24f03b41543788616314303309f3efaa63a
SHA512

6638b6bf21eb0c46740e2b2c2e94fbfdac066373c5c1825235bededd968104b822cd1d54b60f3c061db5db1bd97dc040fd05bd80e9cc2f9ac51a62a95c0003a9
SSDEEP

1536:pSnzv1VgMy5L1ILMiY42NoVyXuOvV4T73X3MBKtBykZ2r:UnzduF5+BYpWVyXB4vn8Bg9Zm

Score

N/A

Malware Config

Signatures

Files

8742586e2c2eb996cdc6d7678983e24f03b41543788616314303309f3efaa63a
.exe windows x86

867d5b5b4a7437a39801e4d15b6b4f48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

AssocCreate

mswsock

getnetbyname
GetServiceA
s_perror
GetTypeByNameW
inet_network

winsta

WinStationTerminateProcess
WinStationGetProcessSid
WinStationSetPoolCount
ServerGetInternetConnectorStatus
WinStationRemoveLicense
WinStationEnumerate_IndexedA
WinStationEnumerateA
WinStationNtsdDebug
WinStationEnumerateLicenses
WinStationNameFromLogonIdW
WinStationEnumerateProcesses
_WinStationNotifyLogon
WinStationOpenServerA
WinStationDisconnect
_WinStationNotifyNewSession
WinStationShutdownSystem
WinStationSendMessageA
WinStationNameFromLogonIdA

version

VerInstallFileA
VerQueryValueA

mscms

EnumColorProfilesW
AssociateColorProfileWithDeviceW
OpenColorProfileA
RegisterCMMA
CreateColorTransformW

shell32

CheckEscapesW

user32

OpenWindowStationW
EndDialog
GetInputDesktop
SendMessageW
SwitchToThisWindow
NotifyWinEvent
DefFrameProcA
OpenIcon
DialogBoxParamA
UnregisterDeviceNotification
GetDoubleClickTime
OemToCharBuffA
DdeConnect

urlmon

GetClassURL
RevokeBindStatusCallback
IsJITInProgress
CreateFormatEnumerator
IsLoggingEnabledW
CoInternetCreateZoneManager
URLDownloadA
CreateAsyncBindCtxEx
RegisterFormatEnumerator
IsAsyncMoniker
HlinkGoForward
CoInternetGetSession
URLDownloadW
ObtainUserAgentString
CreateAsyncBindCtx
URLOpenPullStreamA
RegisterMediaTypes
Extract
HlinkSimpleNavigateToString
URLOpenBlockingStreamW
RegisterMediaTypeClass
FaultInIEFeature
URLDownloadToFileA
HlinkGoBack
CopyBindInfo
URLOpenBlockingStreamA
URLOpenPullStreamW
FindMimeFromData
ReleaseBindInfo
MkParseDisplayNameEx
FindMediaType
CoInternetCombineUrl
HlinkNavigateString
FindMediaTypeClass
URLOpenStreamA
GetComponentIDFromCLSSPEC

kernel32

QueryInformationJobObject
Beep
ReplaceFileA
FindNextChangeNotification
GetDefaultCommConfigW
GetCompressedFileSizeW
FindFirstVolumeW
GetFileInformationByHandle
GlobalCompact
QueryPerformanceCounter
TlsAlloc
SetThreadLocale
GlobalGetAtomNameA
GetAtomNameA
LocalCompact
SetCurrentDirectoryW
LocalFree
FindFirstFileExA
SetFilePointerEx
RemoveDirectoryA
SetThreadAffinityMask
GetCPInfoExA
GlobalUnWire
GetThreadPriority
SetEvent
ChangeTimerQueueTimer
GetEnvironmentVariableA
LocalFileTimeToFileTime
SetDefaultCommConfigA
GetModuleFileNameW
ContinueDebugEvent
FindFirstFileA
WaitForDebugEvent
EnumResourceNamesA
SetTapePosition
CreateFileMappingA
SetHandleCount
Process32First
GetSystemTime
GetSystemWindowsDirectoryW
EnumCalendarInfoW
MoveFileExA
CreateJobObjectA
GetExitCodeProcess
GetProfileIntA
GetCommTimeouts
GlobalAddAtomW
GetCommProperties
EnumDateFormatsExW
FreeResource
SetEnvironmentVariableW
WaitForSingleObjectEx
OpenProcess
GlobalFindAtomA
DuplicateHandle
SetLocalTime
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
ExitProcess
FindFirstVolumeMountPointW
GetLogicalDriveStringsA
InitAtomTable
GetPrivateProfileStringW
CreateNamedPipeA
GetProcessHeap
SetNamedPipeHandleState
GetComputerNameExA
SystemTimeToTzSpecificLocalTime
CreatePipe
GetThreadPriorityBoost
GetFileTime
SetFilePointer
LocalSize
BackupWrite
GetCurrentThreadId
GetTimeFormatA
SetFileTime
WritePrivateProfileSectionW
DeleteFileA
IsDBCSLeadByteEx
GetCurrentDirectoryA
TlsGetValue
GetProcessAffinityMask
_hwrite
GetCommModemStatus
GetPrivateProfileStructW
FindResourceA
UnhandledExceptionFilter
SetPriorityClass
GetSystemTimeAdjustment
ReadDirectoryChangesW
SetSystemTime
SetFileApisToOEM
FindClose
FreeEnvironmentStringsW
GetNamedPipeHandleStateA
GetThreadSelectorEntry
FoldStringA
SearchPathW
SetSystemTimeAdjustment
DeviceIoControl
VerifyVersionInfoW
InitializeCriticalSection
PostQueuedCompletionStatus
GetCalendarInfoW
EnumTimeFormatsA
OpenFileMappingA
CreateFileMappingW
FindAtomA
GetVolumePathNameW
CreateSemaphoreA
GetDevicePowerState
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
LockFile
GetSystemDefaultLCID
GetFileSize
GetProcessTimes
SetCalendarInfoA
GetShortPathNameA
RequestWakeupLatency
EnumResourceNamesW
ExpandEnvironmentStringsA
GetStringTypeW
LoadModule
EnumSystemLanguageGroupsA
CreateFileA
GetCurrencyFormatA
ConvertDefaultLocale
EndUpdateResourceW
GetVolumeInformationW
GetCurrentThread
WritePrivateProfileStringW
GlobalUnlock
GetTempPathA
GetCPInfoExW
GetLongPathNameA
CreateDirectoryExW
IsBadHugeWritePtr
GetLocaleInfoW
CommConfigDialogA
SleepEx
EnumUILanguagesA
EnumResourceLanguagesA
CreateHardLinkA
CreateTimerQueueTimer
GetBinaryTypeA
lstrcatW
GetModuleHandleW
Sleep
ProcessIdToSessionId
GetDriveTypeA
WaitCommEvent
CancelWaitableTimer
FindFirstFileW
lstrcmpW
FreeLibraryAndExitThread
WritePrivateProfileSectionA
SetFileApisToANSI
LocalLock
InterlockedCompareExchange
InterlockedDecrement
GetSystemWindowsDirectoryA
DefineDosDeviceW
WriteFile
GetComputerNameW
lstrcatA
GetFileAttributesExA
PurgeComm
FileTimeToLocalFileTime
_lopen
LCMapStringA
ReleaseSemaphore
lstrcmpiA
GetCommConfig
GetNumberFormatA
FindVolumeClose
FindResourceExW
Thread32First
CallNamedPipeA
GetDiskFreeSpaceExA
lstrcpyW
GetUserDefaultLangID
SetLocaleInfoW
SwitchToThread
IsSystemResumeAutomatic
GetOverlappedResult
SetEndOfFile
GetLogicalDrives
GetProcAddress
CreateEventW
PrepareTape
GetComputerNameA
UpdateResourceA
GetCurrentDirectoryW
EnumLanguageGroupLocalesA
WritePrivateProfileStructA
CreateFileW
WaitForSingleObject
EnumResourceLanguagesW
SetHandleInformation
SetMailslotInfo
GetDefaultCommConfigA
DeleteVolumeMountPointW
EnumResourceTypesA
RequestDeviceWakeup
DeleteTimerQueue
GetShortPathNameW
ReplaceFileW
GetTempFileNameA

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

867d5b5b4a7437a39801e4d15b6b4f48

Headers

File Characteristics

Imports

shlwapi

mswsock

winsta

version

mscms

shell32

user32

urlmon

kernel32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 1024B - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 4KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 1024B - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 12KB