3831137d1f88b9ec2084d35859c2b9654922a5b13bcaa3f6da0fa6cf738adcb0

Sharing

Copy URL Twitter E-mail

General

Target

3831137d1f88b9ec2084d35859c2b9654922a5b13bcaa3f6da0fa6cf738adcb0
Size

1.4MB
MD5

80ced6c28dae4b22857c3d7e3a7c9e50
SHA1

beb30042968fc8b581e61b65fb4d97841b5efcad
SHA256

3831137d1f88b9ec2084d35859c2b9654922a5b13bcaa3f6da0fa6cf738adcb0
SHA512

bc90627214f442dc8867aed7dfa7dfde31d12963346f1f9e9ba062d22e01f2ae47bb7b0f54fa9270e52a80312007d1d842b448fe4ca93dbf3fd1e7c7631a4688
SSDEEP

24576:PsIwM7YTl/6K1OkWUiNj/3HRZh/u1qSfQYFE/bO9:PMV6MOkWFlPHs11QYGK

Score

N/A

Malware Config

Signatures

Files

3831137d1f88b9ec2084d35859c2b9654922a5b13bcaa3f6da0fa6cf738adcb0
.exe windows x64

809f37636dc78bb9b4c99fd63f4ac6fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWrite
TraceMessage
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RevertToSelf
ImpersonateLoggedOnUser
ConvertSidToStringSidW
RegEnumValueW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceEvent
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW

kernel32

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx
GetTempPathW
GetProductInfo
GetVersionExW
MulDiv
GlobalUnlock
GlobalLock
ReleaseActCtx
GetCurrentThreadId
GetCommandLineW
HeapSetInformation
RegisterApplicationRestart
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleW
LocalFree
FormatMessageW
FreeLibrary
SetErrorMode
GlobalFree
GlobalAlloc
WaitForMultipleObjects
TryEnterCriticalSection
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
ReleaseMutex
OpenMutexW
CreateMutexW
SetFileAttributesW
OpenFileMappingW
GetThreadPriority
VirtualAlloc
GetLongPathNameW
GetProcAddress
ReadFile
GetFileAttributesW
WriteFile
VirtualFree
GetCurrentThread
CreateDirectoryW
SetFilePointerEx
FreeResource
GetFileSize
GetTempFileNameW
FileTimeToDosDateTime
DeleteFileW
GetFileAttributesExW
FindNextFileW
FindClose
CompareFileTime
FindFirstFileW
GetSystemTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
CreateFileMappingW
GetFileSizeEx
CreateFileW
UnmapViewOfFile
MapViewOfFile
DebugBreak
GetModuleFileNameA
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
TlsFree
TlsAlloc
TlsSetValue
LocalAlloc
GetSystemDirectoryW
FindAtomW
GetUserDefaultUILanguage
SetProcessWorkingSetSize
GetLocaleInfoW
GetThreadLocale
FreeLibraryAndExitThread
GetAtomNameW
DeleteAtom
AddAtomW
TlsGetValue
GetSystemPowerStatus
GetDurationFormatEx
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersion
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
RaiseException
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetLastError
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetTickCount64
PowerClearRequest
CreateEventW
OpenEventW
lstrcmpiW
SetEvent
Sleep
DuplicateHandle
GetCurrentProcess
CreateThread
PowerCreateRequest
CompareStringW
lstrlenW
PowerSetRequest
ResetEvent
CompareStringOrdinal
SetLastError
LoadLibraryW
SetThreadPriority
DeactivateActCtx

gdi32

OffsetWindowOrgEx
GetBkMode
SetWindowOrgEx
CreatePatternBrush
GetPixel
DeleteEnhMetaFile
CreateSolidBrush
GetTextColor
SetTextAlign
GdiGradientFill
SetStretchBltMode
GetTextAlign
ExtTextOutW
PlayEnhMetaFile
SetBkMode
SetBkColor
GetCurrentObject
SetTextColor
PatBlt
GetTextExtentPoint32W
GetLayout
GdiTransparentBlt
GetStockObject
SelectPalette
RealizePalette
CreateHalftonePalette
GetBrushOrgEx
GetDIBits
SetBrushOrgEx
RectVisible
CreateRectRgn
CreateFontIndirectW
ExtCreateRegion
OffsetRgn
CombineRgn
GetRegionData
GetRgnBox
DeleteObject
GetObjectW
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GdiAlphaBlend
DeleteDC
CreatePen
Polyline
GetDeviceCaps
CreateCompatibleBitmap
CreateBitmap
StretchBlt
GetTextMetricsW
GetTextExtentPointW
SetLayout
CreateDIBPatternBrushPt
LPtoDP
StretchDIBits
GetBkColor

user32

CharUpperA
UnregisterClassA
GetDC
ReleaseDC
DrawIconEx
RegisterClipboardFormatW
GetCursorPos
FillRect
GetSysColorBrush
DrawTextW
MapVirtualKeyW
GetMessagePos
EnumChildWindows
SetWindowLongW
CharUpperW
IsCharAlphaNumericW
SetFocus
GetFocus
RegisterWindowMessageW
GetPropW
SetPropW
RemovePropW
CallWindowProcW
FrameRect
GetSysColor
SetRectEmpty
SetCursor
LoadCursorW
LoadStringW
ClientToScreen
GetWindowRect
PtInRect
GetIconInfo
SetTimer
KillTimer
IsWindow
PostThreadMessageW
GetSystemMetrics
IsRectEmpty
OffsetRect
InvalidateRect
EqualRect
CopyRect
UpdateWindow
RedrawWindow
GetWindowTextW
GetClassLongW
SetParent
IsChild
DestroyIcon
SetRect
CreateIconIndirect
IntersectRect
NotifyWinEvent
DrawFrameControl
GetKeyNameTextW
InflateRect
MonitorFromWindow
DrawFocusRect
SetWindowRgn
GetDoubleClickTime
GetWindowTextLengthW
GetWindowRgnBox
SetScrollInfo
EnableWindow
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetKeyState
LoadImageW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetClassInfoExW
TranslateAcceleratorW
LoadAcceleratorsW
SetProcessDPIAware
CharNextW
SystemParametersInfoW
SetWindowLongPtrW
GetWindowLongPtrW
MapWindowPoints
PostQuitMessage
DestroyWindow
GetParent
SetWindowPos
GetWindowLongW
AdjustWindowRectEx
GetClientRect
GetMonitorInfoW
MonitorFromRect
BringWindowToTop
mouse_event
GetForegroundWindow
SetForegroundWindow
SetWindowTextW
DispatchMessageW
TranslateMessage
IsDialogMessageW
SendMessageW
ShowWindow
CreateDialogParamW
DestroyMenu
TrackPopupMenu
GetSubMenu
EnableMenuItem
LoadMenuW
ScreenToClient
GetScrollInfo

msvcrt

??3@YAXPEAX@Z
??_V@YAXPEAX@Z
_purecall
memcpy_s
_wcstoui64
wcsrchr
wcsspn
_wcsicmp
memmove
wcstol
_wcsdup
_vsnwprintf
qsort
_wcsnicmp
iswalpha
_vsnprintf
iswalnum
_isnan
wcstoul
wcstok_s
memcmp
__CxxFrameHandler3
ceilf
memcpy
_errno
realloc
memmove_s
??2@YAPEAX_K@Z
??_U@YAPEAX_K@Z
qsort_s
wcschr
wcsstr
free
_onexit
_lock
calloc
_vscwprintf
vswprintf_s
wcsncpy_s
malloc
towupper
_time64
memset
__C_specific_handler
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_CxxThrowException

ntdll

RtlLookupFunctionEntry
RtlAllocateHeap
NtQuerySystemTime
RtlFreeHeap
RtlCaptureContext
RtlVirtualUnwind

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetVartype
SafeArrayGetUBound
SysFreeString
VariantClear
SysAllocString
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VariantChangeType
SysAllocStringLen
SafeArrayCreate
SafeArrayPutElement
VarUI4FromStr
SafeArrayCreateVector

ole32

OleInitialize
CoTaskMemAlloc
OleUninitialize
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
PropVariantClear
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoCreateInstance
ReleaseStgMedium
CoDisconnectObject
CoTaskMemRealloc
CLSIDFromString

shell32

SHCreateItemFromParsingName
SHCreateShellItemArrayFromDataObject
ord74
SHGetPropertyStoreForWindow
SHCreateDataObject
SHCreateItemWithParent
ord88

shlwapi

ord213
StrFormatByteSizeW
ord219
SHStrDupW
PathFindFileNameW
StrCmpNW
ord437
PathIsUNCW
AssocGetPerceivedType
SHCreateStreamOnFileW
StrStrIW
PathFileExistsW
PathFindExtensionW

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateBitmapFromHICON
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectRectI
GdipSetImageAttributesWrapMode
GdipCreateImageAttributes
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream

uxtheme

BeginBufferedPaint
BufferedPaintClear
EndBufferedPaint
GetThemePartSize
GetBufferedPaintBits
DrawThemeTextEx
GetThemeMargins
GetThemeFont
GetThemeColor
GetThemeAppProperties
GetThemeMetric
BufferedPaintUnInit
BufferedPaintInit
OpenThemeData
CloseThemeData
IsAppThemed
ord47

wmpdui

GetStdColorI
FindStdColor
GetDUserModule
DUserFlushMessages
GetStdColorBrushI
DUserFlushDeferredMessages
SetGadgetBufferInfo
ForwardGadgetMessage
GetGadgetRgn
DetachWndProc
AttachWndProcW
CreateAction
LookupGadgetTicket
SetGadgetRootInfo
DisableContainerHwnd
UtilDrawBlendRect
GetGadgetTicket
MapGadgetPoints
DUserSendEvent
BuildAnimation
GetGadgetFocus
BuildInterpolation
SetGadgetFocus
GetGadgetRect
FindGadgetFromPoint
SetGadgetFocusEx
GetGadgetAnimation
GetGadgetSize
DeleteHandle
DUserPostEvent
CreateGadget
SetGadgetMessageFilter
GetMessageExW
SetGadgetStyle
InvalidateGadget
SetGadgetRect
SetGadgetParent
InitGadgets

winhttp

WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpReadData
WinHttpCrackUrl

powrprof

PowerDeterminePlatformRole
GetPwrCapabilities

oleacc

AccessibleObjectFromWindow
GetRoleTextW
CreateStdAccessibleObject
ObjectFromLresult
LresultFromObject

dwmapi

DwmIsCompositionEnabled

windowscodecs

WICCreateImagingFactory_Proxy

Sections

.text
Size: 881KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ysbxgwl
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tmjxwov
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lrzmcfi
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ktklgwi
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

809f37636dc78bb9b4c99fd63f4ac6fe

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

oleaut32

ole32

shell32

shlwapi

gdiplus

uxtheme

wmpdui

winhttp

powrprof

oleacc

dwmapi

windowscodecs

Sections

.text Size: 881KB - Virtual size: 880KB

.data Size: 4KB - Virtual size: 20KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 250KB - Virtual size: 249KB

.reloc Size: 69KB - Virtual size: 70KB

ysbxgwl Size: 55KB - Virtual size: 56KB

tmjxwov Size: 55KB - Virtual size: 56KB

lrzmcfi Size: 55KB - Virtual size: 56KB

ktklgwi Size: 80KB - Virtual size: 80KB

.text
Size: 881KB - Virtual size: 880KB

.data
Size: 4KB - Virtual size: 20KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 250KB - Virtual size: 249KB

.reloc
Size: 69KB - Virtual size: 70KB

ysbxgwl
Size: 55KB - Virtual size: 56KB

tmjxwov
Size: 55KB - Virtual size: 56KB

lrzmcfi
Size: 55KB - Virtual size: 56KB

ktklgwi
Size: 80KB - Virtual size: 80KB