af6ec4ba7444d09ed557ea4c725306b1e19f52005d714b9d4ed0ebd2720b57a3

Sharing

Copy URL Twitter E-mail

General

Target

af6ec4ba7444d09ed557ea4c725306b1e19f52005d714b9d4ed0ebd2720b57a3
Size

570KB
MD5

4b94929e17de7f88c09060ea0816aa51
SHA1

9b206c3f46999ae985a4394641be9952d3c90d9e
SHA256

af6ec4ba7444d09ed557ea4c725306b1e19f52005d714b9d4ed0ebd2720b57a3
SHA512

8352ed2efa4f1e7c02121851821804de957b4f1c6d7aae5a9c96c86dcf730fd9cbf0f4965a8aa369f80126e5c387f1f83271960ebcc81e6c9be78aeaec72fc43
SSDEEP

6144:EphOoRYyer3kJOwGZrUErb6TQi+Hba0OFESrmGKNua4Qp5SYgsRRk5cNZoHY+:+hOTDyVGtHrboQVHba0wYWHX

Score

N/A

Malware Config

Signatures

Files

af6ec4ba7444d09ed557ea4c725306b1e19f52005d714b9d4ed0ebd2720b57a3
.exe windows x86

c1339e760be2fb0e19cc76fe0f4a171e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
RegQueryInfoKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
ClientToScreen
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
IsChild
wsprintfA
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CharNextA
CallWindowProcA
GetClientRect
SetWindowPos
LoadImageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
MoveWindow

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetGetConnectedState
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
CompareStringW
TlsAlloc
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
EncodePointer
SetEnvironmentVariableA
VirtualQuery
IsValidCodePage
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetSystemInfo
GetVersionExA
GetThreadLocale
FindResourceW
GetSystemTime
OpenEventA
CreatePipe
SetHandleInformation
ReadFile
LoadLibraryExA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
LoadLibraryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleW
CreateFileW
DecodePointer
TlsGetValue
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LoadResource
LockResource
GlobalHandle
GlobalFree
SetLastError
GlobalLock
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTempPathA
lstrcatA
GetEnvironmentVariableA
LoadLibraryA
GetLastError
GetSystemDirectoryA
SetDllDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
SetEndOfFile
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetFileTime
GetFileSize
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
InitializeCriticalSection

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1339e760be2fb0e19cc76fe0f4a171e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 202KB - Virtual size: 201KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 289KB - Virtual size: 292KB

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 289KB - Virtual size: 292KB