ad0998e5017090bf6178aaa4ae9219e52b1de7fd7f37e5bc08de9464dd34b33e

Sharing

Copy URL Twitter E-mail

General

Target

ad0998e5017090bf6178aaa4ae9219e52b1de7fd7f37e5bc08de9464dd34b33e
Size

633KB
MD5

49b534d7514e898822bbe67b6fec24e0
SHA1

be468644d90a1ae5602db9e1cecd9f74fdc17cd2
SHA256

ad0998e5017090bf6178aaa4ae9219e52b1de7fd7f37e5bc08de9464dd34b33e
SHA512

88bc7137d7941d21c9553b0af2a31e52167f288dacecadfd6cddf5a03e30a16b051fdaaf25f397d6138eafac8f5979b4f2bf3074b1fd5c46fac374bed62f06be
SSDEEP

12288:Q2/+6W12whYMboWnJcxcNeAl3MLKliY6xu5OFAKrZArqsP:Q96WIwhpQLKB6xu5OL+22

Score

N/A

Malware Config

Signatures

Files

ad0998e5017090bf6178aaa4ae9219e52b1de7fd7f37e5bc08de9464dd34b33e
.exe windows x86

c67963258f594416b958bfc455aec22f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCloneImage
GdipAlloc

kernel32

MoveFileExW
RaiseException
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
GetTickCount
Sleep
CreateFileW
GetFileSize
ReadFile
WriteFile
FindFirstFileW
FindClose
WideCharToMultiByte
GetVersionExW
OpenProcess
CreateThread
MapViewOfFile
UnmapViewOfFile
lstrlenA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
LoadResource
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
CreateProcessW
CloseHandle
FindResourceW
CreateFileMappingW
SizeofResource
LockResource
GlobalAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
SetErrorMode
LoadLibraryW
InitializeCriticalSection
GetProcAddress
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapSize
FatalAppExitA
HeapCreate
HeapDestroy
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
UnhandledExceptionFilter
SetFilePointer
TerminateProcess
RtlUnwind
HeapReAlloc
GetThreadLocale
GetLocaleInfoA
GetStringTypeA
VirtualQuery
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
QueueUserWorkItem
SetFilePointerEx
SetFileAttributesW
GetFileAttributesW
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
MoveFileW
AllocConsole
ResumeThread
SuspendThread
GetLocalTime
CreateEventW
SystemTimeToFileTime
SetEvent
InterlockedExchangeAdd
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA

user32

BeginPaint
EndPaint
SetWindowLongW
SystemParametersInfoW
MapWindowPoints
GetDlgItem
ShowWindow
GetClientRect
GetSystemMetrics
LoadImageW
GetParent
GetWindow
SetWindowPos
SetWindowTextW
wsprintfA
UnregisterClassA
GetMessageW
PeekMessageW
SetTimer
GetWindowLongW
SendMessageW
EndDialog
wsprintfW
PostThreadMessageW
GetWindowRect
CharNextW
GetLastInputInfo
PostMessageW
DefWindowProcW
GetActiveWindow
DialogBoxParamW
DestroyWindow

gdi32

SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC

advapi32

AllocateAndInitializeSid
FreeSid
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
CheckTokenMembership
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ord155
SHGetPathFromIDListW
SHGetFolderLocation
ShellExecuteExW
ord165
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

SHDeleteValueW
SHGetValueA
PathFileExistsW
SHSetValueW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenA
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlA
InternetGetCookieA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionA

ws2_32

__WSAFDIsSet
select
inet_addr
WSAStartup
recv
accept
ioctlsocket
listen
ntohs
WSACleanup
inet_ntoa
getsockname
WSAGetLastError
connect
htons
socket
gethostbyname
sendto
bind
send
closesocket
shutdown

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c67963258f594416b958bfc455aec22f

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

version

wininet

ws2_32

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 100KB - Virtual size: 100KB