8b71ca652c724ab2abf1db8b28357eb99f0f4ef41e76c839e238c18c4ae680d0

Sharing

Copy URL

Twitter E-mail

General

Target

8b71ca652c724ab2abf1db8b28357eb99f0f4ef41e76c839e238c18c4ae680d0
Size

2.1MB
MD5

fb09af0b4aec11aadde9eb97c01ac3ae
SHA1

c9b350092ee334eeeb2f1a84fb7640f1c0631c4e
SHA256

8b71ca652c724ab2abf1db8b28357eb99f0f4ef41e76c839e238c18c4ae680d0
SHA512

85546546938baa2e44bfb43ffa995aea05d49a4e1f782d601ed7ae8671ddc0ae2715305eedfe0d2448ae7fca77cf3666806b0fee55f5d769f943aefb9e494266
SSDEEP

49152:M/Dn8K4qIwEANLYU09fE7uuzSghGGWl62lhB2cNaWme8SS/w:wDnl4i0flghaMMhtaho

Score

N/A

Malware Config

Signatures

Files

8b71ca652c724ab2abf1db8b28357eb99f0f4ef41e76c839e238c18c4ae680d0
.exe windows x86

64a083d7f0afd919acbec18a14700f6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
SetWindowSubclass

gdi32

AddFontMemResourceEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreatePen
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetDeviceCaps
GetObjectW
GetStockObject
Polyline
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetPixel
SetTextColor
TextOutW

gdiplus

GdipBitmapGetPixel
GdipBitmapSetPixel
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteCustomLineCap
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePen
GdipDisposeImage
GdipDrawArc
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawLine
GdipDrawRectangle
GdipFillPie
GdipFillRectangle
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageWidth
GdipGetMatrixElements
GdipGetPathGradientPointCount
GdipGetPenFillType
GdipSaveImageToFile
GdipSetImageAttributesRemapTable
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup

kernel32

Beep
CloseHandle
CompareStringW
CopyFileW
CreateDirectoryW
CreateFileW
CreateToolhelp32Snapshot
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindResourceA
FindResourceW
FreeLibrary
FreeResource
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLargestConsoleWindowSize
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
PeekConsoleInputA
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ScrollConsoleScreenBufferA
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleWindowInfo
SetCurrentDirectoryW
SetFilePointer
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteConsoleOutputA
WriteFile
WritePrivateProfileStringW

msvcrt

__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_controlfp
_errno
_fmode
_fpreset
_i64tow
_initterm
_iob
_itoa
_itow
_onexit
_putenv
_snprintf
_snwprintf
_strdup
_strnicmp
_ui64tow
_ultoa
_ultow
abort
atoi
calloc
exit
fprintf
fputs
free
fwrite
getenv
islower
isupper
iswctype
localeconv
log10
malloc
mbstowcs
memset
memcpy
memmove
modf
pow
qsort
rand
realloc
setlocale
signal
sprintf
srand
strchr
strcpy
strlen
strncmp
strtoul
tolower
toupper
towupper
vfprintf
wcscmp
wcscspn
wcslen
wcsncmp
wcsstr
wcstod
wcstombs

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrFromDec
VariantClear

psapi

GetModuleFileNameExW

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteW

shlwapi

PathRemoveBackslashW

user32

AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallWindowProcW
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DeferWindowPos
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
DrawTextW
EnableWindow
EndDeferWindowPos
EndPaint
EnumThreadWindows
FillRect
FindWindowW
FlashWindowEx
GetActiveWindow
GetAncestor
GetClassLongW
GetClassNameA
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMessageW
GetParent
GetPropW
GetScrollInfo
GetSysColor
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InvalidateRect
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadImageA
LoadImageW
MapVirtualKeyA
MapWindowPoints
MessageBoxW
MsgWaitForMultipleObjects
OpenIcon
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageA
SendMessageW
SetClassLongW
SetCursor
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetParent
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
VkKeyScanA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64a083d7f0afd919acbec18a14700f6b

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

gdiplus

kernel32

msvcrt

ole32

oleaut32

psapi

shell32

shlwapi

user32

version

Sections

.text Size: 219KB - Virtual size: 218KB

.data Size: 17KB - Virtual size: 16KB

.rdata Size: 21KB - Virtual size: 21KB

.bss Size: - Virtual size: 39KB

.idata Size: 11KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 205KB - Virtual size: 204KB

.text
Size: 219KB - Virtual size: 218KB

.data
Size: 17KB - Virtual size: 16KB

.rdata
Size: 21KB - Virtual size: 21KB

.bss
Size: - Virtual size: 39KB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 205KB - Virtual size: 204KB