17f09c98f732d8f66736d9d49f21d9b7caa705f7450d334fab05689c41097fc6

Sharing

Copy URL Twitter E-mail

General

Target

17f09c98f732d8f66736d9d49f21d9b7caa705f7450d334fab05689c41097fc6
Size

252KB
MD5

96381aaf1ee119d8ff353841d3e8f270
SHA1

58276cf6215e9ca4279b2b128307aaff47ad935d
SHA256

17f09c98f732d8f66736d9d49f21d9b7caa705f7450d334fab05689c41097fc6
SHA512

cfcb2f29ecc98c063f5d10cb416848c804115811b505b995065cec289320ca14e740eff8e2f37d5ecb9d4103e2060faefb8d0149e5f28b9d9a68a7012882b86f
SSDEEP

3072:LyIh4f+n67LkdG+9yW/SmiV7M8mQok9KA29D2HoEoFRuEJWvx7G+zoZfAOxyYj9/:vAkKk2MF3AS1RuLvu4SyYZ

Score

N/A

Malware Config

Signatures

Files

17f09c98f732d8f66736d9d49f21d9b7caa705f7450d334fab05689c41097fc6
.exe windows x86

fae02d45e7cf3fca67dd84a5a6dbe21e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
IsBadCodePtr
lstrlenA
GetTempFileNameA
GetSystemDirectoryA
GetTempPathA
GetModuleFileNameA
DeleteFileA
FreeResource
GlobalFree
GlobalHandle
GlobalAlloc
lstrlenW
LockResource
LoadResource
FindResourceA
WriteFile
CreateFileA
MultiByteToWideChar
WaitForSingleObject
CreateProcessA
GlobalUnlock
GlobalLock
lstrcmpA
FlushInstructionCache
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
GetComputerNameA
GetPrivateProfileStringA
HeapDestroy
CopyFileA
LocalFree
CreateDirectoryA
GetFileAttributesA
FormatMessageA
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointer
FreeLibrary
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapAlloc
HeapReAlloc
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RaiseException
HeapFree
RtlUnwind
WideCharToMultiByte
InterlockedExchange
SetErrorMode
LoadLibraryA
GetLastError
GetWindowsDirectoryA
GetCurrentThreadId
Sleep
lstrcpyA
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetCurrentProcessId
SetLastError
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
CloseHandle

user32

GetPropA
CreateWindowExA
SetForegroundWindow
EnumWindows
RegisterClassA
GetSysColorBrush
wsprintfA
IsWindow
UnregisterClassA
PostMessageA
DestroyWindow
DefWindowProcA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
KillTimer
SetTimer
DialogBoxIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
SetDlgItemTextA
GetActiveWindow
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
SendMessageA
GetDlgItem
CallWindowProcA
EndPaint
FillRect
GetClientRect
BeginPaint
ReleaseDC
GetDC
SetFocus
IsChild
GetFocus
SetWindowPos
GetClassNameA
GetParent
IsWindowVisible
IsWindowEnabled
RegisterWindowMessageA
EnumChildWindows
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
ShowWindow
EnableWindow
EndDialog
SystemParametersInfoA
GetWindowRect
MapWindowPoints
GetSystemMetrics
LoadImageA
SetPropA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow

gdi32

BitBlt
SelectObject
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectA
DeleteDC
GetStockObject

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
CreateErrorInfo
VariantInit
OleCreateFontIndirect
VariantClear
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

comctl32

InitCommonControlsEx

wsock32

connect
WSAStartup
WSASetLastError
inet_addr
ntohs
accept
ioctlsocket
WSACancelAsyncRequest
listen
inet_ntoa
bind
getsockopt
setsockopt
htons
sendto
recvfrom
socket
WSAGetLastError
WSAAsyncSelect
send
recv
gethostbyname
closesocket
htonl
WSACleanup

msgman32

ord3
ord4
ord6
ord17
ord2

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�"�
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fae02d45e7cf3fca67dd84a5a6dbe21e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

msgman32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 7KB

�"� Size: 80KB - Virtual size: 80KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 7KB

�"�
Size: 80KB - Virtual size: 80KB