ef9d85af1effd245978eccc8901497ce50fb518183dd647b6d4516d055a69309

Sharing

Copy URL

Twitter E-mail

General

Target

ef9d85af1effd245978eccc8901497ce50fb518183dd647b6d4516d055a69309
Size

2.7MB
MD5

8078e84d4d90345e896b7ac1267bdd33
SHA1

f901ea42c07c059e4781ca7b751cb763e62c6a46
SHA256

ef9d85af1effd245978eccc8901497ce50fb518183dd647b6d4516d055a69309
SHA512

02bd91363c413d8aa1ed198d3fcecd163fd07eb15a9c343945e1157ab2032d8bddc3a53ebe1dee01a8c3fa593dfc620625fed5ee9f5035b3213e0f75925eb59e
SSDEEP

49152:004mCsHzaKvOLRz9Hp/efvWk1oRwlPMow8uYkOLovoootobo3oooXoomoooNoooS:D4wzV2LRz9CWk1ywuEk

Score

N/A

Malware Config

Signatures

Files

ef9d85af1effd245978eccc8901497ce50fb518183dd647b6d4516d055a69309
.exe windows x86

c4fb3ab65b58a8816e36da8087bf0593

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

kernel32

GetExitCodeProcess
FindFirstChangeNotificationW
FindCloseChangeNotification
GetLongPathNameW
GetSystemDirectoryW
SystemTimeToFileTime
GetSystemInfo
OpenEventW
OpenFileMappingW
MapViewOfFile
ReleaseMutex
LocalAlloc
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetStartupInfoA
GetFileType
SetThreadLocale
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
RtlUnwind
GetStartupInfoW
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResumeThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
SetHandleCount
GetThreadLocale
SizeofResource
WritePrivateProfileStringW
FlushInstructionCache
LoadResource
GlobalGetAtomNameW
GetPrivateProfileStringW
FindResourceW
GlobalDeleteAtom
LoadLibraryW
Sleep
EnterCriticalSection
GetFileSize
GetTickCount
GetProcAddress
LeaveCriticalSection
ExitProcess
RaiseException
DeleteCriticalSection
FreeLibrary
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrcmpW
LoadLibraryExW
WaitForMultipleObjects
lstrlenW
lstrcmpiW
GetLastError
GetVersion
OpenProcess
lstrlenA
CreateFileMappingW
GlobalUnlock
MapViewOfFileEx
CreateProcessW
GlobalLock
CloseHandle
WaitForSingleObject
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetDiskFreeSpaceExW
GetExitCodeThread
SetFilePointer
GetFileAttributesExW
GetPrivateProfileStructW
WritePrivateProfileStructW
ResetEvent
WaitNamedPipeW
MoveFileW
FindClose
FindNextFileW
GetTempFileNameW
FindFirstFileW
GetTempPathW
SetEndOfFile
InterlockedExchange
InterlockedCompareExchange
lstrcpynW
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
CopyFileW
TerminateProcess
GetWindowsDirectoryW
WriteFile
DeleteFileW
CreateMutexW
CreateThread
GetPrivateProfileIntW
OpenMutexW
GetLocalTime
TerminateThread
SetEvent
FindResourceExW
GetVersionExW
LockResource
GetModuleFileNameW
ReadFile
CreateEventW
SetLastError
InitializeCriticalSection
CreateFileW
FreeResource
OutputDebugStringW
SetFileAttributesW
GlobalAlloc
GetModuleHandleW
CreateDirectoryW
LocalFree
GetCurrentProcess
GetFileAttributesW
WideCharToMultiByte
GlobalAddAtomW
UnmapViewOfFile

user32

SetClipboardData
CloseClipboard
FlashWindow
DestroyCursor
SetParent
BringWindowToTop
EmptyClipboard
OpenClipboard
ExitWindowsEx
IsRectEmpty
PostThreadMessageW
CreateWindowExW
EnableScrollBar
ClientToScreen
IsWindow
DestroyWindow
GetScrollInfo
GetDC
MessageBoxW
DrawTextW
GetDesktopWindow
DrawIconEx
CreateAcceleratorTableW
TrackPopupMenu
RegisterClassExW
FrameRect
ReleaseDC
SetRect
GetFocus
SetForegroundWindow
CreatePopupMenu
GetWindow
GetSystemMetrics
UnregisterClassA
IsIconic
SendMessageW
ScreenToClient
PtInRect
GetCursorPos
GetSysColorBrush
LoadCursorW
DispatchMessageW
FindWindowExW
LoadImageW
FillRect
SetCursor
TranslateMessage
BeginPaint
ShowScrollBar
SetScrollPos
SendMessageTimeoutW
SetFocus
IsChild
InflateRect
AppendMenuW
GetWindowRect
IntersectRect
GetParent
GetActiveWindow
ShowWindow
OffsetRect
EnableWindow
GetClassInfoExW
GetScrollPos
MapWindowPoints
DestroyMenu
GetClientRect
wsprintfW
CharNextW
GetWindowLongW
SetScrollInfo
GetDlgItem
MonitorFromPoint
SetWindowTextW
SystemParametersInfoW
SetWindowLongW
SetTimer
GetMessageW
GetMonitorInfoW
GetWindowTextW
InvalidateRect
GetWindowThreadProcessId
SetActiveWindow
GetClassNameW
SetCapture
DrawFrameControl
InvalidateRgn
LoadIconW
LoadBitmapW
GetKeyState
CallWindowProcW
RedrawWindow
CopyRect
DestroyIcon
DefWindowProcW
ReleaseCapture
GetForegroundWindow
GetSysColor
EndPaint
SetWindowRgn
PeekMessageW
GetDlgCtrlID
PostMessageW
RegisterWindowMessageW
DestroyAcceleratorTable
IsWindowVisible
MoveWindow
IsWindowEnabled
GetWindowDC
FindWindowW
MonitorFromWindow
EqualRect
SetWindowPos
KillTimer
GetWindowTextLengthW

gdi32

CreatePolygonRgn
SetViewportOrgEx
FillRgn
GetPixel
CreateFontW
CreateDIBSection
OffsetRgn
SetRectRgn
Polygon
CreateCompatibleBitmap
Rectangle
RoundRect
GetObjectW
CombineRgn
GetClipRgn
RectInRegion
CreateBitmap
StretchBlt
RestoreDC
SaveDC
CreateRectRgn
CreateFontIndirectW
GetTextColor
GetBkMode
CreateRectRgnIndirect
CreateCompatibleDC
SetBkMode
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
SetWindowOrgEx
SetTextColor
GetTextMetricsW
TextOutW
GetStockObject
BitBlt
LineTo
MoveToEx
GetDeviceCaps
SelectObject
CreatePen
DeleteObject
DeleteDC
SelectClipRgn
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

QueryServiceLockStatusW
QueryServiceConfigW
RegCloseKey
RegCreateKeyExW
GetNamedSecurityInfoW
RegSetValueExW
SetNamedSecurityInfoW
OpenProcessToken
InitializeAcl
GetSidLengthRequired
AddAce
DeleteService
CreateServiceW
UnlockServiceDatabase
ChangeServiceConfig2W
ChangeServiceConfigW
LockServiceDatabase
RegNotifyChangeKeyValue
QueryServiceStatus
StartServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
GetTokenInformation
RegDeleteKeyW
IsValidSid
GetLengthSid
GetAce
CopySid
GetSidSubAuthority
GetAclInformation
InitializeSid

shell32

SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW
SHChangeNotify

ole32

CoCreateGuid
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
OleInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CoInitialize
StringFromGUID2
OleUninitialize
CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantInit
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
DispCallFunc
VarUI4FromStr
SysFreeString
OleCreateFontIndirect
VarBstrCmp
VarDecCmp
VarDecFromStr
LoadTypeLi
VarR8FromStr
VariantClear
LoadRegTypeLi
VarI4FromStr
SysAllocString
VarDateFromStr
SysStringByteLen

shlwapi

PathAddBackslashW
StrChrW
StrCmpNW
StrCpyNW
PathFindFileNameW
StrStrIW
StrFormatByteSizeW
StrToInt64ExW
StrRChrW
StrStrW
SHDeleteKeyW
StrCmpNIW
StrDupW
StrCmpIW
PathIsUNCW
PathIsRelativeW
PathStripToRootW
PathIsDirectoryW
SHSetValueW
SHGetValueW
StrStrIA
PathFileExistsW
StrToIntA
PathAppendW
StrToIntW
PathRemoveFileSpecW

comctl32

ImageList_Destroy
ImageList_LoadImageW
ImageList_GetIconSize
ImageList_Draw
_TrackMouseEvent
ImageList_Create
ImageList_AddMasked
ImageList_SetBkColor

msimg32

TransparentBlt

gdiplus

GdipTranslateTextureTransform
GdipCreateTexture2I
GdipDrawImagePointRectI
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFree
GdiplusStartup
GdipCloneBrush
GdipAlloc
GdipGetImageWidth
GdipDeleteBrush
GdipGetImageHeight
GdipDisposeImage
GdipDrawImageRectRectI
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetWriteFile
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mpr

WNetGetResourceInformationW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4fb3ab65b58a8816e36da8087bf0593

Headers

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

iphlpapi

wininet

version

mpr

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 208KB - Virtual size: 206KB

.data Size: 48KB - Virtual size: 58KB

.rsrc Size: 1020KB - Virtual size: 1020KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 208KB - Virtual size: 206KB

.data
Size: 48KB - Virtual size: 58KB

.rsrc
Size: 1020KB - Virtual size: 1020KB