25c4789a1834e9fc21955eb143ed6a772afd135a5bb6e8332ec5875a2db1eacf

Sharing

Copy URL

Twitter E-mail

General

Target

25c4789a1834e9fc21955eb143ed6a772afd135a5bb6e8332ec5875a2db1eacf
Size

294KB
MD5

901b1f70c5c6c9b76d65e0bf1b626e00
SHA1

50115e5c819c95d42c014082d98ce0ba6b9ae50a
SHA256

25c4789a1834e9fc21955eb143ed6a772afd135a5bb6e8332ec5875a2db1eacf
SHA512

53a4bba60497379c31aacd6cc89187a57dc24ba14cc811e2ee5ee45ffa45b02d7bf0923c0fac7284310cc06b25376d380338633f2a91771485dd55a4ac763986
SSDEEP

6144:x2Oy2IqP5Zf8AaeUfudLY+1r3yR9qtphut9ms1:xQ7ZAaTfb+1rHsmi

Score

N/A

Malware Config

Signatures

Files

25c4789a1834e9fc21955eb143ed6a772afd135a5bb6e8332ec5875a2db1eacf
.exe windows x86

0ca31b30b735c88d04a1a7ec711a2861

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wintrust

SoftpubAuthenticode
SoftpubDumpStructure
SoftpubInitialize
SoftpubLoadMessage
SoftpubLoadSignature
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
HTTPSCertificateTrust
HTTPSFinalProv
OfficeInitializePolicy
SoftpubDllUnregisterServer
DriverInitializePolicy
DriverFinalPolicy
DriverCleanupPolicy
OpenPersonalTrustDBDialog
AddPersonalTrustDBPages
FindCertsByIssuer
SoftpubLoadDefUsageCallData
SoftpubFreeDefUsageCallData
GenericChainCertificateTrust
GenericChainFinalProv
OfficeCleanupPolicy
SoftpubDllRegisterServer

msvcrt

free
malloc
_initterm

kernel32

ExpandEnvironmentStringsA
AddLocalAlternateComputerNameA
BeginUpdateResourceW
Heap32First
ClearCommBreak
OutputDebugStringA
GetNamedPipeHandleStateW
ReadProcessMemory
GetModuleFileNameA
GetCurrentProcess
LCMapStringW
AddAtomW
VirtualFree
GetStringTypeA
GetVolumeNameForVolumeMountPointA
SetFileTime
LoadLibraryExA
OpenSemaphoreW
EnumResourceLanguagesW
GetSystemDirectoryW
CreateJobObjectA
RemoveDirectoryW
Thread32Next
lstrcmpA
PrivMoveFileIdentityW
SetThreadIdealProcessor
GetCurrentDirectoryA
AddConsoleAliasA
EnumLanguageGroupLocalesW
SetFileShortNameW
FindFirstFileW
GetTapeParameters
PulseEvent
GetProcessHeap
DefineDosDeviceA
QueryPerformanceFrequency
EnumResourceTypesA
GetCommandLineA
DeleteTimerQueue
GetCommMask
TerminateThread
VerifyConsoleIoHandle
CreateMemoryResourceNotification
FindActCtxSectionGuid
SizeofResource
IsSystemResumeAutomatic
CopyFileW
OpenEventW
GetEnvironmentStringsA
GetConsoleMode
GetLongPathNameA
VerifyVersionInfoW
GetEnvironmentVariableW
DnsHostnameToComputerNameW
GetModuleHandleW
GetLocalTime
GetGeoInfoW
ReadFile
ReadConsoleOutputAttribute
GetTempFileNameW
CreateHardLinkW
CreateEventA
ReadConsoleInputExW
CopyFileA
EnumDateFormatsA
FillConsoleOutputCharacterW
GetConsoleFontSize
RtlFillMemory
_hwrite
BuildCommDCBAndTimeoutsA
FindFirstFileExW
GetFileType
DosPathToSessionPathW
AllocConsole
GlobalFree
GlobalHandle
SetTapePosition
GetSystemTimeAsFileTime
FormatMessageW
GetVersionExA
OpenFileMappingA
MapUserPhysicalPages
GetComPlusPackageInstallStatus
SetVolumeMountPointA
ReleaseActCtx
GetConsoleAliasesW
EraseTape
GetConsoleFontInfo
CompareStringW
GetThreadContext
ReadConsoleW
DisconnectNamedPipe
lstrlenA
DeleteTimerQueueTimer
SetComputerNameExW
GetFileSize
lstrlenW
OpenEventA
LocalSize
CallNamedPipeW
GenerateConsoleCtrlEvent
BeginUpdateResourceA
GetTapePosition
CreateFileA
AddRefActCtx
GetExitCodeThread
GetModuleHandleExA
GetSystemDefaultUILanguage
GetDiskFreeSpaceExA
ConsoleMenuControl
Module32FirstW
EnumSystemLocalesW
GetConsoleCommandHistoryA
lstrcmpiA
Process32Next
SetConsoleCursorPosition
SetThreadAffinityMask
CreateTimerQueueTimer
IsProcessorFeaturePresent
GetConsoleCommandHistoryLengthA
WriteFile
SetConsoleMaximumWindowSize
FindFirstVolumeW
GlobalUnlock
GetModuleHandleExW
LZInit
WriteConsoleInputA
GetCPInfoExA
GetThreadPriorityBoost
ReadConsoleOutputCharacterA
LoadLibraryExW
SetMailslotInfo
SetConsoleFont
FindFirstFileA
FillConsoleOutputCharacterA
GetModuleHandleA
GetCommandLineW
FindActCtxSectionStringW
GetNumberFormatA
GetThreadSelectorEntry
GetConsoleNlsMode
CancelDeviceWakeupRequest
GetTempFileNameA
DeleteFileA
GetTempPathA
MoveFileExW
_llseek
GetHandleInformation
GlobalUnWire
CreateProcessA
IsBadStringPtrW
CreateDirectoryW
LoadLibraryA
GetConsoleAliasesLengthA
IsBadHugeWritePtr
GlobalDeleteAtom
Heap32Next
RtlMoveMemory
SetFirmwareEnvironmentVariableW
GetSystemDefaultLCID
GetDefaultCommConfigA
GlobalGetAtomNameA
CreateEventW
AllocateUserPhysicalPages
GetStartupInfoW
WriteProfileSectionW
GetQueuedCompletionStatus
ExpandEnvironmentStringsW
EnumSystemGeoID
GetFileAttributesExA
OpenJobObjectA
SetConsoleTextAttribute
OpenJobObjectW
FindVolumeClose
IsBadHugeReadPtr
SetupComm
OpenMutexW
SystemTimeToTzSpecificLocalTime
SetSystemPowerState
GetProcessTimes
FlushFileBuffers
GetDriveTypeA
InterlockedPushEntrySList
UnlockFileEx
GetConsoleDisplayMode
DebugBreakProcess
GetProfileSectionW
BackupSeek
InitializeCriticalSection
EnumUILanguagesW
GetConsoleCommandHistoryLengthW
_lopen
DeleteFiber
SetProcessWorkingSetSize
LZSeek
MulDiv
SetThreadContext
CommConfigDialogA
InitializeCriticalSectionAndSpinCount
DelayLoadFailureHook
FindNextVolumeA
GetConsoleProcessList
ReadConsoleOutputW
SetProcessPriorityBoost
VirtualQuery
GetConsoleAliasA
GetCommProperties
ClearCommError
GetNextVDMCommand
FreeUserPhysicalPages
GetNamedPipeHandleStateA
GetNumaProcessorNode
BaseFlushAppcompatCache
LoadModule
GetSystemWow64DirectoryW
SetEvent
RequestDeviceWakeup
SwitchToFiber
LZOpenFileA
FindClose
GetConsoleCharType
HeapWalk
TlsAlloc
WritePrivateProfileStringW
WaitForSingleObjectEx
IsValidLanguageGroup
GetSystemDirectoryA
GetStdHandle
EnumSystemLanguageGroupsA
QueryPerformanceCounter
GetPrivateProfileSectionW
Sleep
FindNextChangeNotification
GetTapeStatus
OpenFile
EnumCalendarInfoW
_lcreat
WriteProfileStringA
CreateDirectoryA
LoadLibraryW
SetConsoleWindowInfo
BindIoCompletionCallback
EnumerateLocalComputerNamesA
UnlockFile
GetFullPathNameA
ReadConsoleInputW
ExitProcess
RegisterConsoleIME
_lread
HeapReAlloc
CreateTapePartition
OpenProfileUserMapping
GetPrivateProfileStringW
FreeConsole
GetVolumePathNameW
SearchPathW
GetVolumePathNameA
SetTermsrvAppInstallMode
WaitCommEvent
FindActCtxSectionStringA
TransmitCommChar
GetAtomNameA
GlobalAddAtomA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
CreateMailslotW
WritePrivateProfileStructA
LocalCompact
TlsSetValue
SetCommTimeouts
GetFirmwareEnvironmentVariableA
GetVDMCurrentDirectories
OpenSemaphoreA
DebugActiveProcess
GetProcessAffinityMask
LZClose
EnumDateFormatsW
VirtualProtectEx
CallNamedPipeA
GetShortPathNameW
FindFirstChangeNotificationW
SetConsoleCursorMode
FileTimeToSystemTime
GetTimeFormatW
OpenWaitableTimerA
SetVDMCurrentDirectories
SetConsoleScreenBufferSize
FindAtomW
GetConsoleInputExeNameW
SetConsoleIcon
BaseInitAppcompatCacheSupport
GetProcessWorkingSetSize
GetProcAddress
GetComputerNameExA
SetConsoleKeyShortcuts
GetProcessPriorityBoost
TlsFree
Process32FirstW
FindAtomA
GetConsoleAliasesLengthW
FlushInstructionCache
TzSpecificLocalTimeToSystemTime
WinExec
SetConsoleInputExeNameA
CreateJobSet
GetVolumePathNamesForVolumeNameW
lstrlen
GetEnvironmentStrings
ActivateActCtx
EnumCalendarInfoA
GetUserDefaultUILanguage
CreateProcessInternalW
ExitThread
SetTapeParameters
GetLocaleInfoW
Module32First
LZDone
NlsGetCacheUpdateCount
BaseUpdateAppcompatCache
LocalShrink
FindCloseChangeNotification
BuildCommDCBA
CopyFileExA
GlobalLock
SetSystemTime
QueryMemoryResourceNotification
HeapSize
CancelTimerQueueTimer
RtlUnwind
SetConsoleNumberOfCommandsA
SetThreadExecutionState
CreateActCtxW
GetDiskFreeSpaceExW
SetConsoleMenuClose
GlobalFindAtomA
AssignProcessToJobObject
LockFile
AddConsoleAliasW
GlobalUnfix
RtlCaptureStackBackTrace
UnregisterConsoleIME
SetCalendarInfoW
FoldStringA
CreateHardLinkA
GetBinaryTypeW
GlobalCompact
SetLocaleInfoA
HeapSetInformation
CreateIoCompletionPort
GetCurrentThreadId
IsDBCSLeadByteEx
PrepareTape
ResetEvent
CreateFileW
GetProfileStringA
SetEnvironmentVariableA
CreateWaitableTimerW
GetFileAttributesW
RaiseException
_hread
LocalAlloc
CreateMutexA
GetVersionExW
SetConsoleOutputCP
FindFirstFileExA
SetFilePointer
SetHandleInformation
BaseDumpAppcompatCache
IsBadStringPtrA
GetLongPathNameW
GetCurrencyFormatW
LocalReAlloc
GetVersion
lstrcpyn
GetWindowsDirectoryA
SleepEx
SetConsoleTitleA
ContinueDebugEvent
QueryDosDeviceW
GetCPInfoExW
RtlZeroMemory
RemoveLocalAlternateComputerNameW
SetCommState
GetWindowsDirectoryW
GetEnvironmentVariableA
GetHandleContext
IsBadCodePtr
UnregisterWait
CreateSocketHandle
SetDefaultCommConfigW
GetDiskFreeSpaceA
DeleteCriticalSection
SetInformationJobObject
GetCommModemStatus
BaseCheckAppcompatCache
ExpungeConsoleCommandHistoryW
EnumDateFormatsExA
WritePrivateProfileStringA
IsProcessInJob
Thread32First
Module32Next
HeapCompact
EnumerateLocalComputerNamesW
FileTimeToDosDateTime
GetTickCount
CancelIo
CreateMutexW
CopyLZFile
QueryDosDeviceA
FatalAppExitA
GetDriveTypeW
SetStdHandle
GetConsoleCommandHistoryW
QueryDepthSList
DeactivateActCtx
GetProcessVersion
CreateDirectoryExA
CreateFiberEx
QueueUserWorkItem
ReadConsoleOutputA
SignalObjectAndWait
WriteProcessMemory
VDMConsoleOperation
SetConsoleNlsMode
GetVolumeNameForVolumeMountPointW
SetComputerNameExA
GetBinaryType
CloseHandle
SetCurrentDirectoryA
DeleteAtom

user32

LoadStringA
SetActiveWindow
LoadMenuIndirectA
CloseWindow
DeferWindowPos
WINNLSGetIMEHotkey
UnhookWinEvent
ShowCaret
CreateDialogIndirectParamA
FlashWindow
ShowWindow
SoftModalMessageBox
GetClipboardSequenceNumber
wsprintfW
GetProgmanWindow
EnterReaderModeHelper
CharNextW
GetActiveWindow
GetComboBoxInfo
SetPropW
MonitorFromPoint
GetInternalWindowPos
SetWindowsHookW
ShowScrollBar
SetWindowWord
PostThreadMessageA
IsCharAlphaNumericA
SetWindowStationUser
TrackPopupMenuEx
CreateDesktopW
EnumWindows
GetNextDlgTabItem
InSendMessageEx
DdeDisconnectList
GetTopWindow
CheckMenuRadioItem
DdeGetData
SendNotifyMessageW
TranslateMessage
GetCursorFrameInfo
GetWindowTextA
GetKeyboardLayoutNameA
SetMessageQueue
DdeQueryNextServer
MessageBoxExA
SubtractRect
FillRect
SetWindowTextW
SendMessageW
ReasonCodeNeedsComment
LoadImageW
SetScrollPos
SetMenuInfo
UnregisterHotKey
GetWindowWord
DdeCreateStringHandleW
EnumThreadWindows
SendDlgItemMessageA
TileChildWindows
EnumWindowStationsA
SetWindowRgn
GetClipboardOwner
IsCharLowerW
GetMenuItemRect
DialogBoxIndirectParamW
BroadcastSystemMessageA
InternalGetWindowText
CascadeWindows
IsServerSideWindow
GetClassInfoExW
GetClientRect
GetMessagePos
FindWindowExW
GetQueueStatus
GetRawInputBuffer
DrawMenuBar
GetUpdateRect
GetCursor
GetDlgItemTextW
OpenDesktopA
HiliteMenuItem
GetAltTabInfoW
PrivateExtractIconsW
MenuItemFromPoint
GetClipCursor
IsCharUpperW
PostQuitMessage
DdeInitializeW
SendMessageCallbackW
GetRawInputDeviceInfoW
DrawTextExW
DlgDirListA
GetSystemMetrics
CloseClipboard
LoadCursorA
CharLowerBuffW
ScreenToClient
CreatePopupMenu
DdeGetLastError
RegisterClassExA
DdeCreateDataHandle
GetSystemMenu
SetDlgItemTextA
LoadBitmapA

gdi32

GetBitmapBits
EqualRgn
SetDeviceGammaRamp
SetMapMode
GetCharacterPlacementW
GetCharWidthI
GdiReleaseDC
CreatePen
GetICMProfileA
EngMultiByteToUnicodeN
ResetDCA
TextOutW
EngDeleteSurface
GetClipRgn
GdiPlayPrivatePageEMF
GdiEntry13
DdEntry46
GetEnhMetaFilePixelFormat
GetRgnBox
CheckColorsInGamut
XLATEOBJ_piVector
GetViewportOrgEx
EnumFontFamiliesW
CreateCompatibleBitmap
CloseFigure
EngMarkBandingSurface
GdiPlayScript
GetDeviceCaps
GdiQueryFonts
GdiEntry14
EngFillPath
DdEntry16
SetDCPenColor
AddFontResourceTracking
ScaleWindowExtEx
DdEntry19
cGetTTFFromFOT
SetVirtualResolution
GetWorldTransform
EngComputeGlyphSet
CreateFontIndirectA
FillPath
CreatePolygonRgn
STROBJ_bEnum

Sections

CODE
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca31b30b735c88d04a1a7ec711a2861

Headers

File Characteristics

Imports

wintrust

msvcrt

kernel32

user32

gdi32

Sections

CODE Size: 96KB - Virtual size: 96KB

.idata Size: 3KB - Virtual size: 18KB

DATA Size: 13KB - Virtual size: 216KB

.rdata Size: 17KB - Virtual size: 16KB

CODE Size: 4KB - Virtual size: 55KB

.bss Size: 155KB - Virtual size: 154KB

CODE
Size: 96KB - Virtual size: 96KB

.idata
Size: 3KB - Virtual size: 18KB

DATA
Size: 13KB - Virtual size: 216KB

.rdata
Size: 17KB - Virtual size: 16KB

CODE
Size: 4KB - Virtual size: 55KB

.bss
Size: 155KB - Virtual size: 154KB