a17863513ee0343a327d77e767c9ef06e668ffe41e8d04e1e426f7b5b1217bb1

Sharing

Copy URL Twitter E-mail

General

Target

a17863513ee0343a327d77e767c9ef06e668ffe41e8d04e1e426f7b5b1217bb1
Size

180KB
MD5

905245f61282346aa495d5ab042e44a9
SHA1

248255eda4a68cd697022d88e825672bb7d23de7
SHA256

a17863513ee0343a327d77e767c9ef06e668ffe41e8d04e1e426f7b5b1217bb1
SHA512

3922392188f98b2ce503dee232a3a9606bdbca7931828e407e00d80f4e7e0a0684380259c55f6eda2925041d20ade3739229e4896fcccd727f736248c2fb8cb7
SSDEEP

3072:fAgF1bvNzO6yU2pxionnvabUGrhBtl4F8teH5gejhumxmD:fAg71zOw2pNnSZMH5jhoD

Score

N/A

Malware Config

Signatures

Files

a17863513ee0343a327d77e767c9ef06e668ffe41e8d04e1e426f7b5b1217bb1
.exe windows x86

af260cdf3a8e9d672a5be85760287ea0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetFilePointer
MoveFileW
DeleteFileW
SetFileAttributesW
GetFileSize
GetFileAttributesW
GetCommandLineW
CreateProcessW
ExpandEnvironmentStringsW
GetVersionExW
WideCharToMultiByte
LoadLibraryA
lstrcatA
lstrlenA
lstrcpyA
lstrcatW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetPrivateProfileIntW
LocalAlloc
Sleep
GetTickCount
GetVersion
ReleaseMutex
CreateThread
TerminateThread
GetExitCodeThread
WaitForSingleObject
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
OutputDebugStringW
lstrlenW
CreateMutexW
GetLastError
GetPrivateProfileStringW
lstrcpyW
lstrcpynW
RaiseException
GetLocalTime
GetModuleFileNameW
GetModuleHandleW
SuspendThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
GetWindowsDirectoryW
GetSystemTimeAsFileTime

user32

SetProcessWindowStation
OpenWindowStationW
RegisterClassW
LoadCursorW
ReleaseDC
GetDC
PostQuitMessage
GetUserObjectInformationW
OpenInputDesktop
SetTimer
DefWindowProcW
LoadImageW
SetWindowLongW
GetWindowRect
GetWindowLongW
MessageBoxW
SendMessageW
FindWindowW
IsWindow
OpenDesktopW
SetThreadDesktop
GetDesktopWindow
LoadIconW
SetClassLongW
CloseDesktop
CloseWindowStation
UnregisterClassW
CreateWindowExW
SetWindowPos
GetClientRect
CharUpperW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW

gdi32

DeleteDC
GetDIBits
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
SetDIBits
GetObjectW

advapi32

QueryServiceStatus
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW

shlwapi

PathRemoveExtensionW

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr90

_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
?terminate@@YAXXZ
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__setusermatherr
??3@YAXPAX@Z
wcscpy_s
wcscat_s
_set_invalid_parameter_handler
__CxxFrameHandler3
memset
swprintf_s
wcsrchr
??_V@YAXPAX@Z
memcpy
wcscat
wcscpy
wcslen
wcsstr
strlen
wcschr
memmove
_purecall
wcsncat
_wcsupr_s
_wcslwr_s
_CxxThrowException
wcsnlen
memcpy_s
memmove_s
free
_vsnwprintf
calloc
_recalloc
_vscwprintf
vswprintf_s
swscanf_s
_vswprintf
wcsncpy
_wcsicmp
??2@YAPAXI@Z
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

InitCommonControlsEx

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af260cdf3a8e9d672a5be85760287ea0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcp90

msvcr90

version

comctl32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 117KB - Virtual size: 120KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 117KB - Virtual size: 120KB