f633d22ffc97b6e294a48987bc095f436071c6c8bfe97a128b15300b1b08406e

Sharing

Copy URL Twitter E-mail

General

Target

f633d22ffc97b6e294a48987bc095f436071c6c8bfe97a128b15300b1b08406e
Size

1.0MB
MD5

80b967175c43e5bdc0b8ae54a1b9a0d8
SHA1

f6918ef2651572dac955af41eb94c8d2f811ea62
SHA256

f633d22ffc97b6e294a48987bc095f436071c6c8bfe97a128b15300b1b08406e
SHA512

009130af0e97c47d8c94a2c7c81ef8ec1d01990d60f67e2ee9e73f841127f847d7e49e28f84ff7d4cfe5f350fc9b3e3f61bbb361057efef02a6f795c48a14e77
SSDEEP

24576:ZFgFUW6Yxqb/iEAQDJpwH4gvN6xiJltqagGdOdqORqJ3:CUW6zb/iEZLK4gV6xiJfgdK

Score

N/A

Malware Config

Signatures

Files

f633d22ffc97b6e294a48987bc095f436071c6c8bfe97a128b15300b1b08406e
.exe windows x86

5be295415f72455c4a3eff067d8ad6c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
SHStrDupW
SHDeleteKeyW

shell32

SHGetFolderPathA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderPathA

kernel32

GetFileAttributesW
MultiByteToWideChar
SetFileAttributesA
SetLastError
MoveFileExA
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFullPathNameW
GlobalUnlock
GlobalAlloc
GlobalLock
InterlockedIncrement
ExpandEnvironmentStringsA
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
WriteFile
GetFileSize
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
DeviceIoControl
ReadFile
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
VirtualQuery
GetCurrentDirectoryW
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetVersionExA
InterlockedDecrement
GetTickCount
LocalFree
Sleep
OpenProcess
TerminateProcess
SetConsoleCtrlHandler
LoadLibraryA
FreeLibrary
SetConsoleTitleA
GetConsoleWindow
GetCommandLineA
GetFileAttributesExA
lstrlenA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetFileAttributesA
OutputDebugStringA
GetLastError
GetEnvironmentStrings
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
HeapCreate
GetConsoleCP
GetConsoleMode
SetStdHandle
CompareStringW
WriteConsoleW
HeapSetInformation
CreateFileA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
UnhandledExceptionFilter
GetModuleHandleW
GetStdHandle
IsProcessorFeaturePresent
GetLocalTime
RtlUnwind
SetProcessAffinityMask
GetProcessAffinityMask
GetSystemInfo
HeapAlloc
GetCPInfo
HeapReAlloc
LCMapStringW
WideCharToMultiByte
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetCurrentThreadId
CreateDirectoryW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
HeapUnlock
HeapWalk
HeapLock
GetExitCodeThread
OpenThread
GetThreadPriority
SetThreadAffinityMask
RaiseException
SetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
SetUnhandledExceptionFilter
InterlockedExchange
DebugBreak
InterlockedCompareExchange
HeapQueryInformation
GetProcessHeaps
HeapValidate
InterlockedExchangeAdd
HeapSize
HeapFree

user32

ShowWindow
MessageBoxA
DialogBoxParamA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetDlgItemInt
EndDialog
OpenClipboard
EmptyClipboard
GetDlgItem
SetWindowPos
GetDesktopWindow
GetWindowRect
SetDlgItemInt
SetDlgItemTextA
CloseClipboard
SetClipboardData
wsprintfA
GetWindowTextLengthA

advapi32

AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegEnumKeyExW
DuplicateTokenEx
CreateProcessAsUserA
OpenProcessToken
SetNamedSecurityInfoA
LookupPrivilegeValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
StartServiceA
SetServiceStatus
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
ConvertStringSidToSidA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
CreateServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
QueryServiceStatus
ControlService
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
PropVariantClear
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

g_dwDllEntryThreadId

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5be295415f72455c4a3eff067d8ad6c5

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 350KB - Virtual size: 349KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 13KB - Virtual size: 454KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 72KB - Virtual size: 72KB

.vmp0 Size: 508KB - Virtual size: 1.6MB

.text
Size: 350KB - Virtual size: 349KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 13KB - Virtual size: 454KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 72KB - Virtual size: 72KB

.vmp0
Size: 508KB - Virtual size: 1.6MB