bd0f5d3aedcadbf6c63aad61b6aec877f7e8d9041d9670f6d8ecaf69085a20cb

Sharing

Copy URL Twitter E-mail

General

Target

bd0f5d3aedcadbf6c63aad61b6aec877f7e8d9041d9670f6d8ecaf69085a20cb
Size

154KB
MD5

4c0bf91c58e86145f7d3ff515d3c45e6
SHA1

4207fe02db165b4e920dd5204a930e5ffc826ec7
SHA256

bd0f5d3aedcadbf6c63aad61b6aec877f7e8d9041d9670f6d8ecaf69085a20cb
SHA512

0a7a7c0603c160f806c9872161be2ebfe01a7b05ff79795bb4ddbf78185ec60b6d1dd5a900d3627a220ae096df06d6f9d0c8a114a72effac8a47d8c10fb219c2
SSDEEP

3072:XaJzWTQMWKfC+0xuPvYqSlTeoZk/me4C09+C3YSCzxLDfy9rH8QdQR+5s:XaATQKfJ0gPvzSlMmeLCd2fUoQdQRqs

Score

N/A

Malware Config

Signatures

Files

bd0f5d3aedcadbf6c63aad61b6aec877f7e8d9041d9670f6d8ecaf69085a20cb
.exe windows x86

f8652362d5049cb6b30edfc847ad13ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
Process32NextW
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
WriteProcessMemory
SetFileAttributesW
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateEventW
TlsAlloc
TlsFree
InitializeCriticalSection
LeaveCriticalSection
IsBadReadPtr
GetLastError
GetCommandLineW
GetFileSize
SetErrorMode
GetComputerNameW
CopyFileW
GetVersionExW
GetModuleFileNameW
CreateFileMappingA
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetNativeSystemInfo
GlobalLock
GlobalUnlock
GetLocalTime
MoveFileExW
GetUserDefaultUILanguage
lstrcmpiA
CreateRemoteThread
Process32FirstW
GetModuleHandleA
ResumeThread
GetThreadContext
SetThreadContext
GetProcessId
WTSGetActiveConsoleSessionId
GetProcessHeap
VirtualFree
OpenMutexW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
GetTimeZoneInformation
ReadFile
CreateDirectoryW
HeapFree
Thread32Next
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
VirtualFreeEx
WideCharToMultiByte
Thread32First
OpenProcess
WriteFile
VirtualQueryEx
ExitProcess
SetFileTime
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
GetFileAttributesExW
GetModuleHandleW
GetCurrentProcess
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
SetEvent
TlsGetValue
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
WaitForSingleObject
ExpandEnvironmentStringsW
LocalFree
GetProcAddress
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
EnterCriticalSection
GetSystemTime

user32

DispatchMessageW
RegisterClassExA
DefDlgProcW
DefFrameProcA
OpenInputDesktop
TranslateMessage
RegisterClassExW
MessageBoxA
GetClipboardData
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
RegisterClassW
CallWindowProcA
CallWindowProcW
GetWindow
RegisterClassA
EndPaint
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
OpenDesktopW
GetDC
IntersectRect
GetDCEx
ReleaseDC
SetWindowLongW
CharUpperW
GetSubMenu
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetKeyboardState
ToUnicode
GetSystemMetrics
ExitWindowsEx
CharLowerBuffA
DrawIcon
GetIconInfo
MapVirtualKeyW
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
MenuItemFromPoint
GetMenu
GetMenuItemRect
CharToOemW
SetKeyboardState
DefFrameProcW
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
CharLowerW
IsRectEmpty
CharLowerA
EndMenu
GetShellWindow
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
GetUpdateRect
GetWindowThreadProcessId
GetMessagePos
MapWindowPoints
SendMessageW
ReleaseCapture
IsWindow
SendMessageTimeoutW
GetCursorPos
SetWindowPos
GetUserObjectInformationW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
IsWellKnownSid
RegQueryInfoKeyW
RegEnumValueW
GetLengthSid
ConvertSidToStringSidW
EqualSid

shlwapi

wvnsprintfW
PathRemoveFileSpecW
StrCmpNIW
PathRenameExtensionW
PathIsURLW
PathQuoteSpacesW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
UrlUnescapeA
StrStrIW
StrStrIA

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

psapi

GetProcessImageFileNameW
GetModuleInformation

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

CreateCompatibleBitmap
GetDIBits
CreateDIBSection
SetViewportOrgEx
DeleteDC
GdiFlush
DeleteObject
SelectObject
SetRectRgn
CreateCompatibleDC
GetDeviceCaps
RestoreDC
SaveDC

ws2_32

listen
WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
WSAEventSelect
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
accept
WSASend
closesocket
send
getsockname

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
InternetQueryOptionA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8652362d5049cb6b30edfc847ad13ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

psapi

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 143KB - Virtual size: 143KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 143KB - Virtual size: 143KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB