90cb473fb1bb1d3e42351f17f6a39e1392aedfd40c65061be410dd20d5e82ca5

Sharing

Copy URL Twitter E-mail

General

Target

90cb473fb1bb1d3e42351f17f6a39e1392aedfd40c65061be410dd20d5e82ca5
Size

524KB
MD5

a220ce75b0cd9f79a649714f4842cb35
SHA1

1f4d9c08f9387d2143a4123f8e865f3531513b75
SHA256

90cb473fb1bb1d3e42351f17f6a39e1392aedfd40c65061be410dd20d5e82ca5
SHA512

820b46bb835c7d7978126eefc456f1ea131501835e02afbbe224f747b68ddf0580bb0ac720c8a6fe8dad1abcd3d45415ae6845a31c71a592f4e6b66d852537b3
SSDEEP

12288:7gN/AWMDbgI04Pm9UFk4tu9d6OFAQn/Y34htSqaFhvHT:7gRAZbgR4Pm9UFvOFAQn/Y/qarvHT

Score

N/A

Malware Config

Signatures

Files

90cb473fb1bb1d3e42351f17f6a39e1392aedfd40c65061be410dd20d5e82ca5
.exe windows x86

ac6441f190e4816930af0f515f0cfff9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

HeapReAlloc
HeapAlloc
SetHandleCount
SetLastError
GetModuleHandleW
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
WideCharToMultiByte
GetStartupInfoW
HeapSize
GetCommandLineA
CloseHandle
RtlUnwind
RaiseException
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsBadReadPtr
HeapValidate
GetFileType
SetStdHandle
InitializeCriticalSectionAndSpinCount
DecodePointer
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapQueryInformation
HeapFree
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CreateFileW
SetEndOfFile
HeapSetInformation
GetLastError
InterlockedDecrement
InterlockedIncrement
LocalAlloc
CreateNamedPipeA
CreateThread
lstrlenA
GetCommandLineW
HeapCreate
GetModuleFileNameA
lstrcpyA
lstrcatA
LoadLibraryA
FindFirstFileA
lstrcmpiA
CopyFileA
FindNextFileA
FindClose
GetCurrentProcess
SetErrorMode
GetVolumeInformationA
ExitProcess
GetProcAddress
CreateFileA
WriteFile
GetCurrentThread
GetCurrentDirectoryA
LocalFree
GetConsoleWindow
Sleep
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
EncodePointer
ConnectNamedPipe
MultiByteToWideChar
GetProcessHeap

user32

SendMessageA
GetSystemMenu
DestroyWindow
GetUserObjectInformationA
CloseWindowStation
CreateAcceleratorTableA
SetThreadDesktop
CreateDesktopA
SetProcessWindowStation
GetProcessWindowStation
InvalidateRect
GetDlgItem
GetClientRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetWindowRect
CloseDesktop
GetWindowTextLengthA
GetNextDlgTabItem
GetSysColor
DrawTextA
CopyRect
OffsetRect
GetSystemMetrics
BeginDeferWindowPos
DeferWindowPos
SetActiveWindow
EndDeferWindowPos
CreateWindowExA
LoadBitmapA
SendDlgItemMessageA
MessageBoxA
EndDialog
GetDlgItemTextA
SetDlgItemTextA
LoadStringA
RealChildWindowFromPoint
GetIconInfo
GetWindow
IsWindowVisible
GetWindowTextA
PostMessageA
GetDC
ReleaseDC
LoadImageA
DrawStateA
LoadIconA
LoadCursorA
RegisterClassA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcA
CreateDialogParamA
IsDialogMessageA
RegisterClassExA
PeekMessageA
IsWindow
SetWindowRgn
SetWindowPos
SetFocus
SetWindowTextA

gdi32

SelectObject
GetPixel
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleBitmap
BitBlt
GetObjectA
CreatePen
SetROP2
Rectangle
MoveToEx
LineTo
CreateDCA
GetDIBits
DeleteDC
CreateDIBSection
StretchBlt
GetStockObject
SetTextColor
TextOutA
SetBkColor
SetBkMode
CreateSolidBrush
FrameRgn
CreateRoundRectRgn
CreateEllipticRgnIndirect
Polyline
CreateFontIndirectA
CreateCompatibleDC

winspool.drv

ClosePrinter
GetPrinterA
EnumPrintersA
OpenPrinterA
EnumJobsA

advapi32

GetLengthSid
DeregisterEventSource
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
DeleteService
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
IsValidSecurityDescriptor
ImpersonateNamedPipeClient
OpenThreadToken
GetTokenInformation
CopySid
LookupAccountNameW
DuplicateTokenEx
RegisterEventSourceA
ReportEventA

shell32

SHGetFileInfoA
ShellExecuteA
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize

oleaut32

SysAllocString
SysFreeString

netapi32

NetShareGetInfo
NetWkstaUserGetInfo
NetGetDCName
NetApiBufferFree

avicap32

capCreateCaptureWindowA

msimg32

AlphaBlend

version

GetFileVersionInfoW

shlwapi

StrChrA
PathFindFileNameA
PathCompactPathA

comctl32

ord17
ImageList_Add
ImageList_Create
ImageList_ReplaceIcon

rpcrt4

NdrContextHandleSize

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize

setupapi

SetupDiSetDeviceInstallParamsA
SetupDiSetSelectedDriverA
SetupDiEnumDriverInfoA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetClassInstallParamsA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateProcessesA

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac6441f190e4816930af0f515f0cfff9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

netapi32

avicap32

msimg32

version

shlwapi

comctl32

rpcrt4

gdiplus

setupapi

wtsapi32

Sections

.text Size: 332KB - Virtual size: 331KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 30KB - Virtual size: 29KB

.text
Size: 332KB - Virtual size: 331KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 30KB - Virtual size: 29KB