7ad36497d908ef746f95e4f322ccba4ccb33a3e157fff49287fbc15392839e93

Sharing

Copy URL

Twitter E-mail

General

Target

7ad36497d908ef746f95e4f322ccba4ccb33a3e157fff49287fbc15392839e93
Size

446KB
MD5

71708782a297577df0823560c1fd965d
SHA1

0dc7d35e65dca1a0d0e1744c2b215bd2a95919a4
SHA256

7ad36497d908ef746f95e4f322ccba4ccb33a3e157fff49287fbc15392839e93
SHA512

5cec6350ae5a47f2292afce9c58624389486c8f43d6f6eef8e3a387d279e82703a22e373052bc9f23028e343c8e9e96f6144a068a5706f0c92803d1755036b6a
SSDEEP

6144:bTOUF7MUhX7COMQMfgGwkri1QGerwMtC12tn+VaCj5zpYS41Jky6s4gD/jeBepct:bTzF7MU1qNJZC16GaCNziS4Pky0M5mPV

Score

N/A

Malware Config

Signatures

Files

7ad36497d908ef746f95e4f322ccba4ccb33a3e157fff49287fbc15392839e93
.exe windows x86

1e547c03995c1562ea9c03288db132b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
SetFilePointer
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
WriteFile
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
HeapReAlloc
SetStdHandle
LCMapStringW
GetStringTypeW
FlushFileBuffers
ReadFile
FindResourceA
lstrlenA
ReadConsoleOutputCharacterW
GetCurrentProcessId
CloseHandle
GetModuleFileNameA
LockResource
GetLastError
GetStdHandle
GlobalUnlock
HeapCreate
SizeofResource
Sleep
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
EncodePointer
AllocConsole
LoadResource
HeapAlloc
InterlockedDecrement
GetCurrentProcess
GlobalLock
OpenProcess
MultiByteToWideChar
LocalFree
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
HeapFree
CreateFileA

user32

SetFocus
RegisterClassA
DialogBoxParamA
GetDlgItemTextA
LoadCursorA
FindWindowA
DestroyMenu
MapWindowPoints
SetWindowTextA
OpenClipboard
DispatchMessageA
IsWindow
SetMenu
ShowWindow
GetCaretPos
SetWindowPos
DefWindowProcA
EndPaint
keybd_event
GetMessageA
CloseClipboard
GetWindowRect
PostQuitMessage
GetWindowDC
GetMenuItemID
DrawTextA
GetSubMenu
SetForegroundWindow
LoadStringA
EndDialog
IsClipboardFormatAvailable
FindWindowExA
GetClientRect
GetFocus
SendMessageA
BeginPaint
EnumWindows
IsDialogMessageA
TranslateMessage
GetForegroundWindow
GetWindowTextA
MessageBoxA
InvalidateRect
BringWindowToTop
GetClipboardData
CreateWindowExA
ReleaseDC
MonitorFromWindow
GetDlgItem

gdi32

ChoosePixelFormat
SetPixelFormat
GetObjectA
GetStockObject
TextOutA
CreatePen
MoveToEx
PatBlt
Pie
LineTo
DescribePixelFormat
SetTextColor
GetDeviceCaps
CreateFontIndirectA
SetBrushOrgEx
CreateBitmap
SetBkMode
DeleteObject
SelectObject
Rectangle
SaveDC
SetDCPenColor
CreatePatternBrush
RestoreDC

comdlg32

FindTextW
ChooseFontA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW

ole32

CreateBindCtx
CoCreateInstance
CoTaskMemFree

oleaut32

VariantChangeType
SysFreeString
SysAllocStringLen
SystemTimeToVariantTime
VariantInit
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocString

ws2_32

setsockopt
WSAStringToAddressW
WSAAsyncSelect
closesocket
socket
sendto
bind
htons
recvfrom
ioctlsocket

psapi

EnumProcessModules
GetModuleInformation
GetModuleBaseNameA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW

comctl32

ord17

activeds

ord9

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus

ntdsapi

DsGetRdnW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.san
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kada
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grd
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rela
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e547c03995c1562ea9c03288db132b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

ws2_32

psapi

version

shlwapi

comctl32

activeds

imm32

ntdsapi

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 13KB

.san Size: 199KB - Virtual size: 198KB

.kada Size: 10KB - Virtual size: 9KB

.grd Size: 74KB - Virtual size: 74KB

.rela Size: 11KB - Virtual size: 11KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 13KB

.san
Size: 199KB - Virtual size: 198KB

.kada
Size: 10KB - Virtual size: 9KB

.grd
Size: 74KB - Virtual size: 74KB

.rela
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 11KB - Virtual size: 10KB