473227a5cdef58bf378799f34ed357f8fab225f530e40364ed61d118bf81e2e5

Sharing

Copy URL Twitter E-mail

General

Target

473227a5cdef58bf378799f34ed357f8fab225f530e40364ed61d118bf81e2e5
Size

2.9MB
MD5

4efc349984ce5570715205fbd1e9b73e
SHA1

5c183b1ebb4f88f3fe3552107b7845235f791ffe
SHA256

473227a5cdef58bf378799f34ed357f8fab225f530e40364ed61d118bf81e2e5
SHA512

bb40a52d50c4eaa4a5f94f04b61168bee3de04b025bc064deab9ea025425d8550313c2ee275acc75c3136f6a78d7efb7ebde7dbb1eda41726eef4baeffae7ff0
SSDEEP

49152:zUUt7FhpFzfYTPV9jzDqog5eyVieVG3XlWu6GjYBk5La8OCEF/rSUZFXr4EYgElo:z9lFhp+x9jqEyViecQuLjYB6a4W2KFso

Score

N/A

Malware Config

Signatures

Files

473227a5cdef58bf378799f34ed357f8fab225f530e40364ed61d118bf81e2e5
.zip
MultiHack 3.3V.exe
.exe windows x86

eb783ca9301fdf5d89967ccbb07729b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlInterlockedPushEntrySList
RtlReAllocateHeap
RtlAllocateHeap
RtlRaiseStatus
NtDebugActiveProcess
NtCreateDebugObject
NtCreateJobObject
NtPowerInformation
NtTestAlert
NtIsProcessInJob
RtlTimeToSecondsSince1980
RtlSecondsSince1980ToTime
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreatePort
NtCompleteConnectPort
RtlSelfRelativeToAbsoluteSD2
RtlValidRelativeSecurityDescriptor
RtlLengthRequiredSid
RtlAbsoluteToSelfRelativeSD
NtRequestWaitReplyPort
NtConnectPort
NtResetEvent
NtQueryMutant
NtSetLowEventPair
NtPulseEvent
NtQuerySemaphore
NtSetHighEventPair
NtQueryEvent
NtQueryTimer
NtCancelTimer
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlSecondsSince1970ToTime
RtlDestroyHeap
NtProtectVirtualMemory
NtSetSystemInformation
NtCreateMutant
NtTerminateJobObject
NtAssignProcessToJobObject
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
RtlSetHeapInformation
RtlQueryEnvironmentVariable_U
RtlGUIDFromString
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtWaitForMultipleObjects
NtInitiatePowerAction
NtDelayExecution
NtSetInformationDebugObject
NtRemoveProcessDebug
RtlCreateSecurityDescriptor
RtlCreateProcessParameters
RtlGetFullPathName_U
NtFilterToken
NtQueryValueKey
NtDuplicateToken
RtlInitializeSid
RtlRandomEx
RtlDestroyProcessParameters
RtlFreeUnicodeString
RtlAddAccessAllowedAce
RtlFindMessage
RtlSetDaclSecurityDescriptor
RtlCreateAcl
RtlAddAce
NtQueryAttributesFile
RtlCreateUserProcess
RtlExpandEnvironmentStrings_U
RtlStringFromGUID
RtlGetAce
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlFirstEntrySList
NtReleaseKeyedEvent
RtlLeaveCriticalSection
NtWaitForKeyedEvent
NtCreateKeyedEvent
RtlEnterCriticalSection
NtSetTimer
NtAlertThread
NtCreateTimer
NtSuspendThread
NtAdjustPrivilegesToken
NtOpenProcess
NtGetContextThread
NtQueryInformationJobObject
NtQueryVirtualMemory
NtOpenProcessToken
NtSetInformationProcess
NtOpenDirectoryObject
NtReadVirtualMemory
NtResumeProcess
RtlPrefixUnicodeString
NtQueryDirectoryObject
NtOpenSection
NtSetInformationToken
NtOpenThread
NtSetInformationThread
NtQueryDirectoryFile
NtQuerySymbolicLinkObject
NtCreateKey
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtWriteVirtualMemory
NtTerminateProcess
NtUnloadDriver
NtOpenKey
NtSetContextThread
NtSuspendProcess
NtResumeThread
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
RtlValidSid
RtlNtStatusToDosError
NtAddAtom
RtlSubAuthoritySid
RtlLengthSid
RtlUnwind
RtlConvertSidToUnicodeString
RtlDoesFileExists_U
NtDeleteKey
NtSetValueKey
NtSetInformationObject
NtDeviceIoControlFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtQueryFullAttributesFile
NtOpenFile
NtFlushBuffersFile
NtCreateFile
NtUnlockFile
NtQueryInformationFile
NtFsControlFile
NtLockFile
NtWriteFile
NtDuplicateObject
RtlCreateUserThread
NtQueryObject
NtSetSecurityObject
NtCreateEvent
NtClearEvent
RtlEqualUnicodeString
NtQuerySection
NtQueryInformationThread
NtTerminateThread
NtQuerySecurityObject
NtSetEvent
NtQueryInformationToken
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation
RtlCreateHeap
NtCreateSection
NtUnmapViewOfSection
NtSetInformationFile
NtMapViewOfSection
NtCreateSemaphore
NtClose
NtWaitForSingleObject
NtReleaseSemaphore
NtFreeVirtualMemory

winsta

WinStationConnectW
WinStationDisconnect
WinStationRegisterConsoleNotification
WinStationReset
WinStationFreeMemory
WinStationQueryInformationW
WinStationFreeGAPMemory
WinStationGetAllProcesses
WinStationShadow
WinStationSendMessageW
WinStationEnumerateW

comctl32

ImageList_SetImageCount
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
ImageList_Replace
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_Remove

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

OpenProcess
Sleep
GetCurrentProcess
TerminateProcess
TlsFree
GetStartupInfoW
WideCharToMultiByte
GetStdHandle
GetFileType
GetModuleHandleExW
AreFileApisANSI
CloseHandle
GetProcessHeap
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
AllocConsole
FreeConsole
GetConsoleWindow
SetConsoleCtrlHandler
SetErrorMode
MulDiv
SetProcessShutdownParameters
FreeLibrary
GetThreadPriority
RaiseException
GetComputerNameW
MultiByteToWideChar
GetACP
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
HeapFree
HeapAlloc
GetCommandLineW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThreadId
FileTimeToLocalFileTime
FileTimeToSystemTime
SetThreadPriority
SetLastError
GetNumberFormatW
GetTimeFormatW
GetSystemDirectoryW
GetUserDefaultLangID
CreateProcessW
SearchPathW
GetDateFormatW
GetSystemDefaultLangID
LocalFree
LocalAlloc
TlsAlloc
TlsSetValue
TlsGetValue
CreateRemoteThread
GetLastError
ExitThread
ExitProcess
GetTickCount
GlobalSize
LockResource
GlobalFree
GlobalUnlock
SizeofResource
LoadLibraryW
GlobalAlloc
LoadResource
FindResourceW
GetLocaleInfoW
GlobalLock
CreateThread
GetProcAddress
GetModuleHandleW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
ReadFile
ReadConsoleW
WriteConsoleW
HeapSize
CreateFileW
SetEndOfFile
DeleteCriticalSection

user32

MapDialogRect
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
CreateDialogParamW
SetDlgItemInt
SendMessageTimeoutW
IsDialogMessageW
LoadAcceleratorsW
IsChild
GetMessageW
TranslateAcceleratorW
SetMenuItemInfoW
DrawMenuBar
AppendMenuW
ShowWindowAsync
DestroyIcon
MonitorFromPoint
SetActiveWindow
GetForegroundWindow
CreateIconIndirect
GetDlgItemInt
GetGuiResources
IsHungAppWindow
OpenWindowStationW
GetUserObjectInformationW
CloseDesktop
EnumDesktopsW
OpenDesktopW
GetProcessWindowStation
CloseWindowStation
EnumWindows
GetGUIThreadInfo
SetWindowTextW
SetLayeredWindowAttributes
GetWindowPlacement
GetMenu
FindWindowW
ClientToScreen
PostMessageW
IsIconic
SetForegroundWindow
PostQuitMessage
GetWindowInfo
DefWindowProcW
SetWindowLongW
GetWindowLongW
InvalidateRect
RegisterClassExW
BeginPaint
GetClientRect
LoadCursorW
TrackMouseEvent
EndPaint
SendMessageW
RegisterClipboardFormatW
DestroyMenu
GetMenuItemCount
SetMenuInfo
CreatePopupMenu
LoadMenuW
InsertMenuItemW
GetMenuItemInfoW
GetSubMenu
TrackPopupMenu
CallWindowProcW
GetPropW
SetWindowPos
SetPropW
RemovePropW
SetCursor
CreateWindowExW
FrameRect
GetCursorPos
ReleaseDC
GetDCEx
GetDC
GetParent
DrawTextW
FillRect
ScreenToClient
DestroyWindow
EndDeferWindowPos
SetClipboardData
MapWindowPoints
BeginDeferWindowPos
DeferWindowPos
OpenClipboard
EmptyClipboard
GetWindowTextW
CreateDialogIndirectParamW
LoadIconW
LoadImageW
GetWindowRect
CloseClipboard
GetWindowTextLengthW
InternalGetWindowText
SetScrollInfo
SetCaretPos
ReleaseCapture
CreateCaret
EnableScrollBar
GetSysColor
DestroyCaret
RedrawWindow
SetScrollPos
SystemParametersInfoW
GetClipboardData
GetScrollInfo
DragDetect
PtInRect
ShowCaret
SetFocus
GetKeyState
SetCapture
GetIconInfo
DrawIconEx
DispatchMessageW
MoveWindow
GetMonitorInfoW
MessageBoxW
MonitorFromWindow
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetMessagePos
GetMessageTime
UpdateWindow
GetSystemMetrics
ScrollWindowEx
IsWindow
GetSysColorBrush
ShowWindow
SetCursorPos
GetAsyncKeyState
DrawFocusRect
GetCapture
GetUpdateRect
WaitMessage
MessageBeep
InvalidateRgn
KillTimer
SetTimer
GetUpdateRgn
SetDlgItemTextW
EndDialog
DialogBoxParamW
ExitWindowsEx
LockWorkStation
EnableWindow
GetDlgItem
IsWindowEnabled
GetWindowThreadProcessId
GetClassNameW
MonitorFromRect
IsWindowVisible
FindWindowExW

gdi32

SetDCBrushColor
DeleteObject
Polyline
GdiAlphaBlend
CreateCompatibleDC
SetBkMode
CreateDIBSection
Polygon
DeleteDC
SetTextColor
GetTextExtentPoint32W
BitBlt
TextOutW
SetBoundsRect
CreateFontW
SelectObject
SetBkColor
GetCharWidthW
RestoreDC
IntersectClipRect
CreateRectRgn
SaveDC
CombineRgn
SelectClipRgn
GetDIBits
CreateFontIndirectW
GetTextMetricsW
GetClipRgn
GetObjectW
GetDeviceCaps
GetTextColor
Rectangle
SetDCPenColor
GetStockObject
CreateCompatibleBitmap
ExcludeClipRect

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW

advapi32

LsaLookupPrivilegeValue
LsaEnumerateAccounts
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
LsaAddAccountRights
EnumServicesStatusExW
QueryServiceConfigW
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
ControlService
LsaLookupSids
LsaOpenPolicy
QueryServiceConfig2W
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaClose
LsaLookupPrivilegeName
LsaFreeMemory
GetSecurityInfo
SetSecurityInfo
CreateProcessWithLogonW
LogonUserW
LsaEnumeratePrivilegesOfAccount
CreateProcessAsUserW
LsaOpenAccount

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
DuplicateIcon
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb783ca9301fdf5d89967ccbb07729b7

Headers

File Characteristics

Imports

ntdll

winsta

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 512B - Virtual size: 503B

.rdata Size: 193KB - Virtual size: 192KB

.data Size: 57KB - Virtual size: 56KB

.bss Size: - Virtual size: 2.0MB

.idata Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 503B

.rdata
Size: 193KB - Virtual size: 192KB

.data
Size: 57KB - Virtual size: 56KB

.bss
Size: - Virtual size: 2.0MB

.idata
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 5KB - Virtual size: 4KB