b1fb6a38c5dfab00f2b98eaa9b06a61e054499b62246df688fe848d655002601

Sharing

Copy URL Twitter E-mail

General

Target

b1fb6a38c5dfab00f2b98eaa9b06a61e054499b62246df688fe848d655002601
Size

446KB
MD5

803962f404c537761a639c131b103ac0
SHA1

023654547ef6809dd7995c8d36c21fa4102185ab
SHA256

b1fb6a38c5dfab00f2b98eaa9b06a61e054499b62246df688fe848d655002601
SHA512

b92e9e7b9cdf473019d184c8cef6ad7315496231ad58d8414890a12192e8aea2252a9c9f718e017d6f52f6cc94ad2ab70a90994ecade6b2b79523b5394fb3368
SSDEEP

6144:bTOUF7MUhX7COMQMfgGwkri1QGerwMtC12tn+VaCj5zpYS41Jky6s4gD/jeBepcd:bTzF7MU1qNJZC16GaCNziS4Pky0M5mPF

Score

N/A

Malware Config

Signatures

Files

b1fb6a38c5dfab00f2b98eaa9b06a61e054499b62246df688fe848d655002601
.exe windows x86

1e547c03995c1562ea9c03288db132b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
SetFilePointer
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
WriteFile
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
HeapReAlloc
SetStdHandle
LCMapStringW
GetStringTypeW
FlushFileBuffers
ReadFile
FindResourceA
lstrlenA
ReadConsoleOutputCharacterW
GetCurrentProcessId
CloseHandle
GetModuleFileNameA
LockResource
GetLastError
GetStdHandle
GlobalUnlock
HeapCreate
SizeofResource
Sleep
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
EncodePointer
AllocConsole
LoadResource
HeapAlloc
InterlockedDecrement
GetCurrentProcess
GlobalLock
OpenProcess
MultiByteToWideChar
LocalFree
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
HeapFree
CreateFileA

user32

SetFocus
RegisterClassA
DialogBoxParamA
GetDlgItemTextA
LoadCursorA
FindWindowA
DestroyMenu
MapWindowPoints
SetWindowTextA
OpenClipboard
DispatchMessageA
IsWindow
SetMenu
ShowWindow
GetCaretPos
SetWindowPos
DefWindowProcA
EndPaint
keybd_event
GetMessageA
CloseClipboard
GetWindowRect
PostQuitMessage
GetWindowDC
GetMenuItemID
DrawTextA
GetSubMenu
SetForegroundWindow
LoadStringA
EndDialog
IsClipboardFormatAvailable
FindWindowExA
GetClientRect
GetFocus
SendMessageA
BeginPaint
EnumWindows
IsDialogMessageA
TranslateMessage
GetForegroundWindow
GetWindowTextA
MessageBoxA
InvalidateRect
BringWindowToTop
GetClipboardData
CreateWindowExA
ReleaseDC
MonitorFromWindow
GetDlgItem

gdi32

ChoosePixelFormat
SetPixelFormat
GetObjectA
GetStockObject
TextOutA
CreatePen
MoveToEx
PatBlt
Pie
LineTo
DescribePixelFormat
SetTextColor
GetDeviceCaps
CreateFontIndirectA
SetBrushOrgEx
CreateBitmap
SetBkMode
DeleteObject
SelectObject
Rectangle
SaveDC
SetDCPenColor
CreatePatternBrush
RestoreDC

comdlg32

FindTextW
ChooseFontA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW

ole32

CreateBindCtx
CoCreateInstance
CoTaskMemFree

oleaut32

VariantChangeType
SysFreeString
SysAllocStringLen
SystemTimeToVariantTime
VariantInit
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocString

ws2_32

setsockopt
WSAStringToAddressW
WSAAsyncSelect
closesocket
socket
sendto
bind
htons
recvfrom
ioctlsocket

psapi

EnumProcessModules
GetModuleInformation
GetModuleBaseNameA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW

comctl32

ord17

activeds

ord9

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus

ntdsapi

DsGetRdnW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.san
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kada
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grd
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rela
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e547c03995c1562ea9c03288db132b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

ws2_32

psapi

version

shlwapi

comctl32

activeds

imm32

ntdsapi

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 13KB

.san Size: 199KB - Virtual size: 198KB

.kada Size: 10KB - Virtual size: 9KB

.grd Size: 74KB - Virtual size: 74KB

.rela Size: 11KB - Virtual size: 11KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 13KB

.san
Size: 199KB - Virtual size: 198KB

.kada
Size: 10KB - Virtual size: 9KB

.grd
Size: 74KB - Virtual size: 74KB

.rela
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 11KB - Virtual size: 10KB