b920ffce8711c8022e7ed755f9cb4e0ff64cc60d9e06076aa74ed29501c798dd

Sharing

Copy URL Twitter E-mail

General

Target

b920ffce8711c8022e7ed755f9cb4e0ff64cc60d9e06076aa74ed29501c798dd
Size

1.6MB
MD5

80a18257b84b6174a3482fbed3a85df1
SHA1

270c892790b59993565aefa3d5e79387b8241f31
SHA256

b920ffce8711c8022e7ed755f9cb4e0ff64cc60d9e06076aa74ed29501c798dd
SHA512

5394de2bb7da5bd4ae1f81441702682e32f222d8280f01bbeea6e626054e940e22e7d58067b9f5f8074bbc928102882d78fd991d9eecc9810356b168c3759fff
SSDEEP

24576:wip38xNKAZ8V/NhQqgY+nXF1B4a4dQgW274f+pc8tVwOl2dPR53VX4p:wip38xNeNQq9+nXqa4dRd4etzMdR5x4

Score

N/A

Malware Config

Signatures

Files

b920ffce8711c8022e7ed755f9cb4e0ff64cc60d9e06076aa74ed29501c798dd
.exe windows x86

0c6b01c2e27fa1a9b2f3a89c5907d4a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
SetPriorityClass
ExpandEnvironmentStringsW
CreateProcessW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
QueueUserAPC
ResumeThread
TerminateProcess
GetModuleFileNameW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
OpenProcess
WaitForSingleObject
CloseHandle
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
LocalAlloc
LocalFree
InterlockedExchange
LoadLibraryA
RaiseException
DuplicateHandle
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
GetShortPathNameW
MoveFileExW
GetFileAttributesExW
GetFileAttributesW
GetExitCodeProcess
GetFileInformationByHandle
GetDateFormatW
RemoveDirectoryW
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
ReadFile
SetFilePointer
SetFileTime
WriteFile
GetCurrentThreadId
GetFileTime
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
LoadLibraryExW
IsDebuggerPresent
CreateMutexW
GetTickCount
FormatMessageA
SetLastError
GetModuleHandleA
OutputDebugStringA
ReleaseMutex
DeleteFileW
GetCurrentProcessId
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
CreateFileMappingW
SetCurrentDirectoryW
GetCommandLineW
FindFirstFileW
FindClose
FindNextFileW
GetNativeSystemInfo
GetVersionExW
AssignProcessToJobObject
GetStdHandle
InterlockedExchangeAdd
GetUserDefaultLangID
GetEnvironmentVariableW
QueryPerformanceCounter
FileTimeToSystemTime
SetEnvironmentVariableW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
RtlCaptureStackBackTrace
GetLocaleInfoW
GetUserDefaultUILanguage
Sleep
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessId
GetSystemDirectoryW
GetWindowsDirectoryW
SetUnhandledExceptionFilter
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetEvent
ResetEvent
WaitForMultipleObjects
HeapSetInformation
ReleaseSemaphore
VirtualQueryEx
InterlockedDecrement
RtlCaptureContext
CreateSemaphoreW
InitializeCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
UnhandledExceptionFilter
HeapFree
GetStartupInfoW
ExitProcess
GetConsoleCP
GetConsoleMode
GetFullPathNameW
HeapAlloc
GetProcessHeap
SetStdHandle
GetFileType
HeapReAlloc
FileTimeToLocalFileTime
PeekNamedPipe
LCMapStringW
GetCPInfo
RtlUnwind
IsProcessorFeaturePresent
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetFileSize

advapi32

GetUserNameW
RegQueryValueExW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
CreateProcessAsUserW
GetTokenInformation
ConvertSidToStringSidW
GetSidSubAuthority
GetSidSubAuthorityCount
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
RegSetValueExW
GetSecurityDescriptorSacl
SetSecurityInfo
RegEnumValueA
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags

ole32

CoCreateInstance
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CLSIDFromString
CoTaskMemFree
PropVariantClear

user32

GetMonitorInfoW
MessageBoxW
FindWindowW
IsWindow
GetWindowThreadProcessId
SendMessageTimeoutW
CharUpperW
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowLongW
SetForegroundWindow
MoveWindow
LoadIconW
MonitorFromWindow
CreateWindowExW
DestroyWindow
CallNextHookEx
GetWindowLongW
SendMessageW

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

ntohl

winmm

timeGetTime

shlwapi

SHCopyKeyW
UrlCanonicalizeW
SHDeleteKeyW
SHStrDupW
SHDeleteEmptyKeyW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c6b01c2e27fa1a9b2f3a89c5907d4a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

user32

urlmon

wtsapi32

userenv

version

ws2_32

winmm

shlwapi

oleaut32

Sections

.text Size: 568KB - Virtual size: 568KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 7KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 441KB - Virtual size: 441KB

.reloc Size: 29KB - Virtual size: 28KB

.vmp0 Size: 508KB - Virtual size: 1.6MB

.text
Size: 568KB - Virtual size: 568KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 7KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 441KB - Virtual size: 441KB

.reloc
Size: 29KB - Virtual size: 28KB

.vmp0
Size: 508KB - Virtual size: 1.6MB