d97e5698549121e47f4c4ceb9a660860422ac0f4764407a986a801fe47f13341

Sharing

Copy URL Twitter E-mail

General

Target

d97e5698549121e47f4c4ceb9a660860422ac0f4764407a986a801fe47f13341
Size

104KB
MD5

90f50cc13328c88993aea29b800c6c68
SHA1

bd096713efdf5427f88c4d7e3073d1618d85a180
SHA256

d97e5698549121e47f4c4ceb9a660860422ac0f4764407a986a801fe47f13341
SHA512

b206c280f9c3bcdeddab37bc0101c460cfaceef33d8895e2135de01cca4f72620f9ba733abab2126c09f068dc037ab5637400638a0dc72ab8fd8163c7de8f144
SSDEEP

1536:8LEBo+wSiZiNzkurrHMPAEsEMxlQtqIkMt0UtoRqlojvyxw56RDFadKQAk5sfYD6:EA2ZiBkKr/AcIXIRQQae5YadKQoQQMy

Score

N/A

Malware Config

Signatures

Files

d97e5698549121e47f4c4ceb9a660860422ac0f4764407a986a801fe47f13341
.exe windows x86

3a5becb6276a661602230cfc6ed630b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

ddraw

DirectDrawCreate
DirectDrawEnumerateA
DirectDrawCreateEx

shlwapi

UrlCanonicalizeW
UrlCombineW
PathCombineW
UrlGetPartW
UrlApplySchemeW
PathAppendW

shell32

SHGetFolderPathW
CommandLineToArgvW
FindExecutableW
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteExW

ole32

CoUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
OleLockRunning
CoSetProxyBlanket
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoAllowSetForegroundWindow
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoInitializeSecurity
StringFromCLSID
OleUninitialize
CoCreateGuid

crypt32

CryptUnprotectData
CryptProtectData

gdi32

GetStockObject
CreateSolidBrush
DeleteObject
BitBlt
DeleteDC
CreateCompatibleBitmap
SelectObject
GetDeviceCaps
CreateCompatibleDC
GetObjectW

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetWkstaUserGetInfo
NetUserEnum
NetUserDel
NetUserAdd
NetLocalGroupAddMembers
NetGetJoinInformation

kernel32

ResetEvent
HeapAlloc
FindResourceExW
FlushInstructionCache
InterlockedDecrement
SetLastError
OpenProcess
HeapFree
lstrlenA
GetProcessHeap
QueryPerformanceCounter
GetLastError
HeapReAlloc
GetProcAddress
InterlockedIncrement
ProcessIdToSessionId
GetThreadLocale
DeleteCriticalSection
CloseHandle
InterlockedCompareExchange
WideCharToMultiByte
GetSystemDirectoryW
GetProcessVersion
GetSystemTimeAsFileTime
GetSystemInfo
VirtualFree
EnterCriticalSection
CreateMutexW
InitializeCriticalSection
HeapDestroy
GetTickCount
RaiseException
FindResourceW
WaitForSingleObject
ReleaseMutex
GlobalAlloc
SetUnhandledExceptionFilter
GetLocaleInfoW
ExitProcess
GlobalLock
GetLocaleInfoA
LoadLibraryExW
LeaveCriticalSection
FreeLibrary
CreateFileW
GlobalUnlock
CreateThread
GetModuleFileNameW
CreateEventW
VirtualAlloc
MultiByteToWideChar
GlobalFree
SetEvent
InterlockedExchange
IsDebuggerPresent
HeapSetInformation
UnhandledExceptionFilter
VirtualUnlock
LocalFree
GetTempPathW
GetCurrentProcess
LockResource
GetComputerNameW
MulDiv
HeapSize
LoadResource
SizeofResource
lstrlenW
LoadLibraryW
TerminateProcess
GetACP
lstrcmpW
GetStartupInfoW
GetProcessId
GlobalHandle
LoadLibraryA
GetVersionExW
FormatMessageW
IsProcessorFeaturePresent
GetCurrentThreadId
LCMapStringW
LocalAlloc
VirtualLock
Sleep
GetVersionExA
WaitForMultipleObjects
GetModuleHandleW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

InvalidateRect
IsWindow
FillRect
PtInRect
EndPaint
EndDialog
CharNextW
SetWindowPos
UpdateLayeredWindow
CloseClipboard
GetWindowThreadProcessId
GetWindow
CallWindowProcW
PeekMessageW
GetDC
ClientToScreen
GetFocus
RedrawWindow
SendDlgItemMessageW
CreateWindowExW
TranslateMessage
MonitorFromWindow
ScreenToClient
GetDesktopWindow
SetWindowsHookExW
DefWindowProcW
GetClientRect
OpenClipboard
GetWindowTextLengthW
CreateAcceleratorTableW
ShowWindow
PostQuitMessage
AppendMenuW
PostMessageW
GetSysColor
SetCursor
CreatePopupMenu
GetWindowLongW
ReleaseDC
DestroyMenu
PostThreadMessageW
SetWindowLongW
GetMessageW
GetWindowRect
DialogBoxIndirectParamW
GetClassNameW
UnhookWindowsHookEx
CallNextHookEx
SetWindowTextW
GetKeyState
SendMessageW
RegisterClassExW
GetForegroundWindow
MoveWindow
SetClipboardData
BeginPaint
FindWindowW
SetFocus
LoadCursorW
GetWindowTextW
MapDialogRect
UnregisterClassA
SetProcessDefaultLayout
LoadIconW
KillTimer
DestroyWindow
RegisterWindowMessageW
SystemParametersInfoW
SetTimer
AllowSetForegroundWindow
DispatchMessageW
DestroyIcon
GetClassInfoExW
InvalidateRgn
ReleaseCapture
GetMonitorInfoW
GetCursorPos
IsChild
GetParent
SetCapture
TrackPopupMenu
DestroyAcceleratorTable
SetForegroundWindow
AttachThreadInput
GetDlgItem
SetWindowContextHelpId

wtsapi32

WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

gdiplus

GdiplusStartup
GdipAlloc
GdipDisposeImage
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipFree
GdipCloneImage
GdipCreateBitmapFromFileICM

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a5becb6276a661602230cfc6ed630b6

Headers

File Characteristics

Imports

secur32

ddraw

shlwapi

shell32

ole32

crypt32

gdi32

netapi32

kernel32

version

user32

wtsapi32

gdiplus

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 29KB - Virtual size: 28KB

.rsrc Size: 1024B - Virtual size: 52KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 1024B - Virtual size: 52KB