a3ea229e50fbd1452690670fa17e3660607136218c0ab1b6e589eb80bdccd45b

Sharing

Copy URL Twitter E-mail

General

Target

a3ea229e50fbd1452690670fa17e3660607136218c0ab1b6e589eb80bdccd45b
Size

177KB
MD5

916289493df15525134d1ba9b49a1259
SHA1

2336914d7ddb78ba73c406d9dbf7cee69b2c4e62
SHA256

a3ea229e50fbd1452690670fa17e3660607136218c0ab1b6e589eb80bdccd45b
SHA512

f62cc040d2a11cc943aebe05b1eb48f2a310ebae47bc668a26a12db29e102a75479fda3bb2790c064a964c153146a95db2e041e330e5603168c94dff975fd56b
SSDEEP

3072:WKPG3n8qPxlnMOaF69yWYjJRFVxu0EqU+g/3ogqq9Lp5/jkuPrR:WKPI8qPnMOaFinAfxu0Elv/rqq9tBkuF

Score

N/A

Malware Config

Signatures

Files

a3ea229e50fbd1452690670fa17e3660607136218c0ab1b6e589eb80bdccd45b
.exe windows x86

4b78cca8831745c63dd44be5379557fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
VirtualFree
GetVolumeInformationA
WaitForMultipleObjectsEx
DeleteFileA
DeviceIoControl
CopyFileA
CreateFileA
GetSystemTime
VirtualAlloc
GetProcessId
GlobalLock
lstrlenA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTickCount
InterlockedDecrement
LocalFree
SetFilePointer
GetCurrentProcessId
GetModuleFileNameW
InitializeCriticalSection
SetFileAttributesA
GlobalFree
WaitForSingleObject
GetFileAttributesA
CreateMutexA
EnumResourceTypesA
CreateDirectoryA
Sleep
GetCurrentThreadId
ReadFile
LocalAlloc
GetTempFileNameA
QueryPerformanceCounter
GlobalUnlock
GetTempPathA
ExitProcess
WideCharToMultiByte
GetVersionExA
CloseHandle
MultiByteToWideChar
CreateFileW
DeleteCriticalSection
GetLastError
ReleaseMutex
GetFileSize
GetModuleFileNameA
FreeLibrary

shell32

SHGetSpecialFolderPathA

gdi32

StretchBlt
DeleteDC
CreateDIBSection
SelectObject
DeleteObject
PatBlt
GetStockObject
SetStretchBltMode
CreateDCA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
SetDIBits

ole32

StringFromGUID2
CoSetProxyBlanket
CoCreateInstance
GetRunningObjectTable
StgOpenStorage
CoFreeUnusedLibraries
StgCreateDocfile
CreateItemMoniker
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

user32

InflateRect
EqualRect
DefWindowProcA
RegisterClassA
SetParent
PostMessageA
ReleaseDC
CopyRect
EnableWindow
TranslateMessage
IsWindow
PeekMessageA
AttachThreadInput
GetDesktopWindow
FillRect
InvalidateRect
DispatchMessageA
wsprintfA
GetClientRect
GetDC
BringWindowToTop
SetRect
SendMessageA
UnregisterClassA

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

avifil32

AVISaveOptions
AVIMakeCompressedStream

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b78cca8831745c63dd44be5379557fd

Headers

File Characteristics

Imports

kernel32

shell32

gdi32

ole32

advapi32

user32

shlwapi

avifil32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 248KB