f2e8a797cf392f5098c50d1c44e32146126018c9693c1f80db722646ccedb82f

Sharing

Copy URL Twitter E-mail

General

Target

f2e8a797cf392f5098c50d1c44e32146126018c9693c1f80db722646ccedb82f
Size

838KB
MD5

922fe38815892954d17a53c7c081aa3f
SHA1

aae8d769c1ac2310957acc2acf2561489044c54f
SHA256

f2e8a797cf392f5098c50d1c44e32146126018c9693c1f80db722646ccedb82f
SHA512

140a0728869d2443baa5d70cc6cb175f06474ab128cdbd837d3b8355c7683d790eb06d10ae4dbf5fdd0df943cad6cb0270ae2fb9bb203d31070593be76435f03
SSDEEP

24576:P/nHUC5Jw9hsKMHbSrcADrBl+MnywyNe9u1cfppXF:PcWYFMHGFl+twyN6CcBt

Score

N/A

Malware Config

Signatures

Files

f2e8a797cf392f5098c50d1c44e32146126018c9693c1f80db722646ccedb82f
.exe windows x86

e61294e17770a850e339b5b9f52d1315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryEmptyA
PathUnmakeSystemFolderW
ColorRGBToHLS
UrlGetPartW
PathCombineA
UrlCanonicalizeA
IntlStrEqWorkerA
StrCmpIW
SHRegCreateUSKeyA
PathRelativePathToW
StrCmpLogicalW
UrlCompareW
SHOpenRegStreamW
PathUnquoteSpacesA
PathQuoteSpacesW
SHRegEnumUSValueA
SHIsLowMemoryMachine
StrRetToBufW
SHRegDeleteUSValueW
StrCpyNW
SHOpenRegStreamA
StrCSpnA
SHDeleteOrphanKeyW
SHRegDeleteUSValueA
wnsprintfA

kernel32

IsValidLocale
GetLocaleInfoA
DeleteTimerQueueTimer
SetLocalTime
HeapFree
LoadLibraryA
LZCopy
SetConsoleIcon
SearchPathW
GetEnvironmentVariableA
GetStartupInfoA
GetHandleInformation
WriteFileGather
GetNumberOfConsoleInputEvents
GetCurrentConsoleFont
RegisterWaitForSingleObjectEx
WriteConsoleInputVDMW
IsProcessorFeaturePresent
SystemTimeToFileTime
GetCurrentThread
SetVolumeLabelA
InitializeCriticalSection
DuplicateConsoleHandle
GetProcessAffinityMask
CreateDirectoryA
FindFirstVolumeMountPointA
GetPrivateProfileStringA
lstrlen
LZDone
OpenMutexA
WriteConsoleOutputCharacterA
LoadLibraryExW
WaitForMultipleObjects
ReadConsoleInputExW
GlobalHandle
GetVDMCurrentDirectories
lstrcmpA
ProcessIdToSessionId
LocalFlags
FindNextVolumeW
ReadConsoleInputExA
UnmapViewOfFile
RequestWakeupLatency
WaitForSingleObjectEx
Process32Next
WritePrivateProfileStructA
CancelDeviceWakeupRequest
GetConsoleAliasesA
VirtualAlloc
GetCPInfoExW
SetThreadIdealProcessor
GetNextVDMCommand
GetConsoleOutputCP
GetProcessPriorityBoost
GetUserDefaultLCID
lstrcpyW
GetLogicalDriveStringsW
LZRead
RemoveLocalAlternateComputerNameA
GetPrivateProfileStructA
FindAtomW
EnumDateFormatsExW
IsBadHugeWritePtr
FindNextVolumeA
GetThreadPriorityBoost
EnumDateFormatsA
SetFileAttributesW
GlobalDeleteAtom

polstore

IPSecFreeMulNegPolData
IPSecFreeMulNFAData
IPSecImportPolicies
IPSecEnumPolicyData
IPSecEnumNFAData
IPSecCopyFilterSpec
IPSecFreePolStr
IPSecGetFilterData
IPSecSetNegPolData
IPSecEnumNegPolData
IPSecDeleteFilterData
IPSecSetISAKMPData
IPSecDeletePolicyData
IPSecCreateFilterData

msctfp

GetProxyDllInfo

msvcrt

exit

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 338KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e61294e17770a850e339b5b9f52d1315

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

polstore

msctfp

msvcrt

Sections

.text Size: 493KB - Virtual size: 493KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 338KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 493KB - Virtual size: 493KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 338KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 276B