91aab5348a36b09c08738f6dd6cd31d1ae367b0a474ae4e78c64df235439e115

Sharing

Copy URL Twitter E-mail

General

Target

91aab5348a36b09c08738f6dd6cd31d1ae367b0a474ae4e78c64df235439e115
Size

64KB
MD5

91493be7cc1f38470d9f4686a169bce0
SHA1

d395b1aaff63212980868bca6e09d62d4d9d7887
SHA256

91aab5348a36b09c08738f6dd6cd31d1ae367b0a474ae4e78c64df235439e115
SHA512

0938f27f3cfb5cb7456d0cfa3d7dd24dafc2b9d6e8c48ddc1322a9f12ccf07fcc940b7e8036ff06890c2343e9a81eb39cd6ea1eeb8269dc5b1a5c3c8bfd58fd4
SSDEEP

1536:cDFTTwgoogltziurQUOrDNcosTLXoenznrX2D:y1Twgo/ziuUUOHSXTLRnrXU

Score

N/A

Malware Config

Signatures

Files

91aab5348a36b09c08738f6dd6cd31d1ae367b0a474ae4e78c64df235439e115
.exe windows x86

284c2ed58322f440f4e13335de1e7ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
CloseHandle
GetVolumeNameForVolumeMountPointW
DeleteFileW
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
HeapCreate
GetTimeZoneInformation
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
SetEvent
GetVersionExW
GetModuleFileNameW
CreateEventW
GetFileAttributesExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetThreadContext
SetThreadContext
GetProcessId
CreateRemoteThread
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
LoadLibraryExW
GetNativeSystemInfo
MoveFileExW
GetUserDefaultUILanguage
GlobalLock
InitializeCriticalSection
LeaveCriticalSection
GlobalUnlock
EnterCriticalSection
ReadFile
Thread32Next
ReadProcessMemory
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
OpenProcess
WriteFile
WaitForSingleObject
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetTickCount
GetModuleHandleW
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetEnvironmentVariableW
lstrcmpiA
SetThreadPriority
GetCurrentThread
CreateThread

user32

TranslateMessage
CharToOemW
ExitWindowsEx
CharLowerA
ToUnicode
GetClipboardData
GetKeyboardState
CharLowerBuffA
CharUpperW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
IsWellKnownSid
GetLengthSid
EqualSid
ConvertSidToStringSidW
InitiateSystemShutdownExW

shlwapi

PathIsURLW
StrCmpNIW
PathQuoteSpacesW
PathRenameExtensionW
wvnsprintfA
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathRemoveFileSpecW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathRemoveBackslashW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CLSIDFromString
StringFromGUID2

ws2_32

setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAIoctl
sendto
recvfrom
getpeername
WSAEventSelect
accept
recv
bind
socket
freeaddrinfo
WSASetLastError
closesocket
send
connect
listen

crypt32

PFXImportCertStore

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
InternetQueryOptionA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

284c2ed58322f440f4e13335de1e7ab0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB