5b4866d72a563ac612641cfb72a1d9aba8193a7e6f1ecb3bce2eea4cfe0ad445

Sharing

Copy URL

Twitter E-mail

General

Target

5b4866d72a563ac612641cfb72a1d9aba8193a7e6f1ecb3bce2eea4cfe0ad445
Size

907KB
MD5

91a8c846dbaa2a9e8dd50d9f7a3d8710
SHA1

a82b3a92f9cb2720a455a655fe9a011f7c3f5fdf
SHA256

5b4866d72a563ac612641cfb72a1d9aba8193a7e6f1ecb3bce2eea4cfe0ad445
SHA512

32f9d33edcc55c546655e013d5d61cdfb47a2af11b5f4bef3bea8479190ceba7b37c0f3cf08bec3ccc6f191b84279dd3e4d6354b4eddc5178f91f44c9b7f8ee9
SSDEEP

12288:I7mVddDsWj2BXWqGPpl3JHHvFbgu47fHV2lMTtt9/z95HTghn5s:I7mVddEBGq4pl5tbgugkWt9L9O2

Score

N/A

Malware Config

Signatures

Files

5b4866d72a563ac612641cfb72a1d9aba8193a7e6f1ecb3bce2eea4cfe0ad445
.exe windows x86

8b33bc81db9966697cb5a7f40ad720d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
IsValidSid
CopySid
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
ChangeServiceConfigW
StartServiceW
RegDeleteKeyW
SetSecurityInfo
RegEnumKeyExW
GetAce
GetSecurityInfo
EqualSid
SetSecurityDescriptorControl
RegGetKeySecurity
RegQueryInfoKeyW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
TraceEvent
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
RemoveDirectoryW
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
RegisterWaitForSingleObject
QueueUserWorkItem
FormatMessageW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
DebugBreak
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrlenA
GetVersionExW
GetTempPathW
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetLastError
WaitForSingleObject
Sleep
GetTickCount
GetLastError
CompareStringW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
lstrlenW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCommandLineW
GetStartupInfoW
GetLocalTime
MultiByteToWideChar
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleA
OpenMutexW
CreateMutexW
ReleaseMutex
GetCurrentThread
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
GetTempFileNameW
GlobalFree
GetModuleHandleW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
VirtualAlloc
VirtualFree
GetFileAttributesExW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
FreeLibraryAndExitThread
GetFileSize
ReadFile
DuplicateHandle
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
LocalAlloc
ResetEvent
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx
InterlockedExchange
SetThreadExecutionState
GetCurrentProcess
IsWow64Process
GlobalMemoryStatus
DelayLoadFailureHook
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersion
QueryPerformanceCounter
LocalFree

msvcrt

??1type_info@@UAE@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_callnewh
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
__CxxFrameHandler
_time64
strncmp
_ultoa
_strlwr
_wtol
_wcsicmp
wcsstr
iswdigit
wcstol
_wcsnicmp
wcsncmp
_wcslwr
_wcstoui64
_errno
wcstoul
towupper
_CxxThrowException
memset
calloc
malloc
_purecall
free
_wputenv
memmove
memcpy
_vsnwprintf
ceil
_vsnprintf
wcschr
bsearch
towlower
_CIsqrt
_ftol
_CIpow
_cexit
_initterm
__set_app_type
??0exception@@QAE@ABV0@@Z

user32

UnregisterClassA
MsgWaitForMultipleObjects
wvsprintfA
CharUpperBuffW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CharUpperW
wvsprintfW
TranslateMessage

oleaut32

VariantTimeToSystemTime
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCopy
SystemTimeToVariantTime
VariantChangeType
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString

ole32

CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUnmarshalInterface
IIDFromString
CoUninitialize
PropVariantClear
StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance

winhttp

WinHttpWriteData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpTimeFromSystemTime
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpOpenRequest

wsock32

WSAGetLastError

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW

iphlpapi

NotifyAddrChange
GetBestInterfaceEx
GetAdaptersAddresses
SendARP
CancelIPChangeNotify
GetIpAddrTable

httpapi

HttpInitialize
HttpTerminate
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration

ws2_32

GetAddrInfoW
getnameinfo
FreeAddrInfoW

shlwapi

StrCmpNW
PathFindFileNameW
ord437
StrStrIW
PathFileExistsW
PathAppendW

ntdll

strchr
RtlUnwind

wmpmde

MFCreateNetVRoot
MFCreateWMPMDEOpCenter

mfplat

MFShutdown
MFStartup
MFInvokeCallback
MFCreateAsyncResult
CreatePropertyStore

userenv

UnregisterGPNotification
RegisterGPNotification

faultrep

ReportFault

Sections

.text
Size: 710KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b33bc81db9966697cb5a7f40ad720d4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

winhttp

wsock32

shell32

iphlpapi

httpapi

ws2_32

shlwapi

ntdll

wmpmde

mfplat

userenv

faultrep

Sections

.text Size: 710KB - Virtual size: 709KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 122KB - Virtual size: 124KB

Size: 59KB - Virtual size: 59KB

.text
Size: 710KB - Virtual size: 709KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 122KB - Virtual size: 124KB