9b27ba29911719f76f91871e644e200bfbb3d1010c231c1d27ba5324b0712b51

Sharing

Copy URL Twitter E-mail

General

Target

9b27ba29911719f76f91871e644e200bfbb3d1010c231c1d27ba5324b0712b51
Size

5.2MB
MD5

719f6c10196854ec6f7be1fbe49d4250
SHA1

d4bacdce71f3774467899fde8ec762041354d191
SHA256

9b27ba29911719f76f91871e644e200bfbb3d1010c231c1d27ba5324b0712b51
SHA512

c24413b31223790481f5b804c36c08d53014d2f9189bb21cb4d93f94655dadf3d655b441195e2ef8c00755ac8b8ece0b5e35d4263ed297f0ea9c624b7c61e743
SSDEEP

98304:HYQ0MObovpyorKCiNzHF7kOORSwEGAgUc/5cs+lzamVqIARzAXos3wcYM1dYoUAP:jKoRfrKCiNzHF7kOORSqV/5cs+lzamVU

Score

N/A

Malware Config

Signatures

Files

9b27ba29911719f76f91871e644e200bfbb3d1010c231c1d27ba5324b0712b51
.exe windows x86

c1bfe5095b791c7bf011b8c6863cc737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ddraw

DirectDrawCreateEx

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetDeviceRegistryPropertyA

kernel32

GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalGetAtomNameW
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetFileSizeEx
GetFileTime
FindResourceExW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetStartupInfoW
HeapFree
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
ExitProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetStdHandle
GetFileType
GetStdHandle
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
LCMapStringA
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
GetPrivateProfileSectionW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
lstrlenW
GetUserDefaultLCID
WideCharToMultiByte
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
LocalFree
FormatMessageW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
MulDiv
InterlockedIncrement
ReleaseSemaphore
LocalAlloc
GetProfileIntW
GetThreadLocale
lstrcmpA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
GlobalSize
GlobalFree
FreeResource
CreateSemaphoreA
DebugBreak
GetTempFileNameW
IsDBCSLeadByteEx
RaiseException
GetVolumeInformationW
GetThreadPriority
SetThreadPriority
VirtualFree
GetSystemInfo
lstrcmpW
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
CreateMutexA
ReleaseMutex
LoadLibraryA
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
InterlockedCompareExchange
VirtualAlloc
VirtualQuery
GetTempPathA
GetTempFileNameA
DeleteFileA
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
CreateThread
CreatePipe
DuplicateHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateProcessW
TerminateProcess
GetWindowsDirectoryW
CreateNamedPipeW
ConnectNamedPipe
CopyFileW
GetACP
GetFileAttributesW
GetDateFormatW
GetTimeFormatW
GlobalAlloc
DeleteFileW
GetFileAttributesExW
DeviceIoControl
CreateFileA
IsDebuggerPresent
GetCurrentThread
CreateDirectoryW
GetFullPathNameW
QueryPerformanceFrequency
lstrlenA
GetVersionExW
QueryPerformanceCounter
GetTempPathW
ReadProcessMemory
CreateMutexW
SetUnhandledExceptionFilter
CreateSemaphoreW
WriteProcessMemory
GetCurrentDirectoryW
GlobalLock
GlobalUnlock
GetDriveTypeW
GetCurrentThreadId
OpenProcess
SetPriorityClass
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
FindClose
GetLocaleInfoW
GetLocaleInfoA
SetThreadExecutionState
lstrcpyW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetSystemPowerState
GetCurrentProcess
lstrcpynW
MultiByteToWideChar
GetTickCount
Sleep
GetVersion
VirtualProtect
WriteFile
GetModuleFileNameW
GetUserDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFileSize
SetFilePointer
ReadFile
GetCurrentProcessId
FreeLibrary
CreateEventW
HeapDestroy

user32

SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
GetTopWindow
TrackPopupMenu
GetScrollPos
GetClassInfoExW
GetClassInfoW
RegisterClassW
SystemParametersInfoA
GetWindowPlacement
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenu
GetIconInfo
GetDCEx
SetWindowRgn
AdjustWindowRectEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassNameW
GetClassLongW
GetWindowRgn
GetScrollInfo
DrawTextExW
InvertRect
CharLowerBuffW
GetQueueStatus
MsgWaitForMultipleObjects
PeekMessageW
wsprintfA
GetMessageW
CopyIcon
GetMessageTime
EnumDisplayDevicesW
wsprintfW
DestroyIcon
GetCapture
EqualRect
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseCapture
OpenClipboard
SetCapture
ClientToScreen
GetDlgCtrlID
TranslateMessage
DispatchMessageW
SendDlgItemMessageW
IntersectRect
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
DefWindowProcW
IsIconic
ShowWindow
CreateAcceleratorTableW
DestroyAcceleratorTable
UnregisterHotKey
RegisterHotKey
ChangeDisplaySettingsW
EnumDisplaySettingsW
UpdateWindow
CharUpperW
MessageBoxW
GetWindowModuleFileNameW
GetWindowThreadProcessId
EnumDisplayMonitors
GetKeyState
SystemParametersInfoW
CreateWindowExW
MoveWindow
SetWindowPos
SetWindowLongW
FindWindowExW
SetMenu
IsMenu
GetWindowLongW
GetMenuItemRect
CallWindowProcW
PostQuitMessage
FindWindowW
GetMenuBarInfo
GetSystemMetrics
GetCursorPos
ExitWindowsEx
RegisterClipboardFormatW
PostThreadMessageW
GetForegroundWindow
SetForegroundWindow
WindowFromPoint
IsChild
GetDesktopWindow
GetActiveWindow
KillTimer
ReleaseDC
GetDC
LoadMenuW
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
EnableMenuItem
DeleteMenu
PtInRect
RegisterWindowMessageW
RedrawWindow
GetFocus
FillRect
FrameRect
GetSysColorBrush
GetAsyncKeyState
GetMonitorInfoW
SetRectEmpty
MonitorFromWindow
CopyRect
MessageBeep
GetMessagePos
CheckMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
TabbedTextOutW
DrawTextW
GrayStringW
GetWindowDC
GetNextDlgGroupItem
LockWindowUpdate
InvalidateRgn
CopyAcceleratorTableW
UnregisterClassW
DrawFocusRect
SetWindowContextHelpId
ShowOwnedPopups
SetParent
GetSystemMenu
WaitMessage
IsClipboardFormatAvailable
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
GetDlgItemTextW
TranslateAcceleratorW
LoadIconW
SetTimer
ScreenToClient
AppendMenuW
CreatePopupMenu
LoadBitmapW
GetDlgItem
UnionRect
SetRect
IsRectEmpty
LoadImageW
GetSysColor
SetCursor
GetParent
InvalidateRect
GetWindowRect
OffsetRect
InflateRect
PostMessageW
IsWindow
LoadCursorW
IsWindowVisible
MapWindowPoints
GetClientRect
GetWindow
SendMessageW
EnableWindow
CharNextW
DestroyMenu
MapDialogRect
ValidateRect
EndPaint
BeginPaint
SetActiveWindow

gdi32

GetKerningPairsW
OffsetViewportOrgEx
SelectClipRgn
LineTo
MoveToEx
GdiFlush
SetRectRgn
OffsetRgn
FillRgn
CreatePolygonRgn
GetPixel
PatBlt
CopyMetaFileW
GetClipBox
ExtTextOutW
GetMapMode
CreatePatternBrush
DPtoLP
SaveDC
RestoreDC
SetStretchBltMode
CloseFigure
IntersectClipRect
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
Escape
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetBkColor
GetCharWidthW
EnumFontFamiliesExW
GetRgnBox
EndPath
GetPath
AbortPath
BeginPath
AddFontResourceW
GetTextMetricsW
SetMapMode
TranslateCharsetInfo
Rectangle
CreateSolidBrush
CreateFontW
EqualRgn
CombineRgn
GetTextColor
StretchDIBits
GetDIBits
GetStockObject
ExtSelectClipRgn
SetPixel
CreateRectRgnIndirect
SetViewportOrgEx
SetViewportExtEx
GetDeviceCaps
CreateFontIndirectW
SetBkMode
BitBlt
CreateCompatibleBitmap
CreatePen
CreateBitmap
GetTextExtentPoint32W
GetCurrentObject
SetBkColor
SetTextColor
TextOutW
CreateRectRgn
GetRegionData
CreateDIBSection
DeleteObject
GetObjectW
StretchBlt
SetDIBColorTable
SelectObject
DeleteDC
ExcludeClipRect
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCloseKey
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
OpenServiceW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
ControlService
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueA
RegSetValueW
RegQueryValueW
RegQueryValueA
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
DragAcceptFiles
ShellExecuteExW
ExtractIconExW
SHChangeNotify
ord680
ExtractIconW
SHGetFolderPathW
DragQueryFileW

shlwapi

PathAddBackslashW
PathFileExistsW
PathAddExtensionW
PathRenameExtensionW
PathRemoveExtensionW
PathFindExtensionW
PathCombineW
PathMakePrettyW
PathRemoveFileSpecW
PathCompactPathW
PathAppendW
PathIsDirectoryW
PathRelativePathToW
PathCanonicalizeW
PathStripToRootW
PathAddBackslashA
PathRemoveFileSpecA
UrlUnescapeW
PathIsUNCW
PathStripPathW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateInstance
CLSIDFromString
MkParseDisplayName
CreateBindCtx
CreateItemMoniker
GetRunningObjectTable
CoInitialize
CoUninitialize
OleSaveToStream
CoTaskMemAlloc
OleLoadFromStream
OleInitialize
OleUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoFreeLibrary
StringFromCLSID
CoLoadLibrary
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
CoInitializeEx
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CLSIDFromProgID
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

oleaut32

SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VarBstrCmp
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

ws2_32

WSACleanup
WSAGetLastError
listen
closesocket
recvfrom
bind
setsockopt
socket
inet_addr
htons
htonl
WSAStartup
recv
send
WSAAsyncSelect
sendto
connect
WSASetLastError
getpeername
getsockname
select
accept
gethostbyname
inet_ntoa
ntohs

winmm

mixerSetControlDetails
timeGetDevCaps
timeBeginPeriod
timeKillEvent
timeSetEvent
timeEndPeriod
waveOutSetVolume
waveOutGetVolume

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenUrlW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT64
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 1024B - Virtual size: 1019B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_i
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_f
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_p
Size: 512B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_r
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.C_TEXT6
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1bfe5095b791c7bf011b8c6863cc737

Headers

DLL Characteristics

File Characteristics

Imports

dsound

version

ddraw

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

ws2_32

winmm

wininet

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

_TEXT64 Size: 1KB - Virtual size: 1KB

.text.un Size: 6KB - Virtual size: 5KB

.rdata Size: 788KB - Virtual size: 787KB

.data Size: 96KB - Virtual size: 1.3MB

.debug_l Size: 1024B - Virtual size: 1019B

.debug_i Size: 5KB - Virtual size: 4KB

.debug_a Size: 1KB - Virtual size: 1KB

.debug_a Size: 512B - Virtual size: 160B

.debug_f Size: 512B - Virtual size: 208B

.debug_l Size: 3KB - Virtual size: 3KB

.debug_p Size: 512B - Virtual size: 126B

.debug_r Size: 512B - Virtual size: 328B

.rsrc Size: 781KB - Virtual size: 781KB

.C_TEXT6 Size: 56KB - Virtual size: 56KB

.text
Size: 3.4MB - Virtual size: 3.4MB

_TEXT64
Size: 1KB - Virtual size: 1KB

.text.un
Size: 6KB - Virtual size: 5KB

.rdata
Size: 788KB - Virtual size: 787KB

.data
Size: 96KB - Virtual size: 1.3MB

.debug_l
Size: 1024B - Virtual size: 1019B

.debug_i
Size: 5KB - Virtual size: 4KB

.debug_a
Size: 1KB - Virtual size: 1KB

.debug_a
Size: 512B - Virtual size: 160B

.debug_f
Size: 512B - Virtual size: 208B

.debug_l
Size: 3KB - Virtual size: 3KB

.debug_p
Size: 512B - Virtual size: 126B

.debug_r
Size: 512B - Virtual size: 328B

.rsrc
Size: 781KB - Virtual size: 781KB

.C_TEXT6
Size: 56KB - Virtual size: 56KB