ca157cdc908ae0ea25ed8876222042fdbddf8cc7c7b759f80455d8e628e43f8d

Sharing

Copy URL

Twitter E-mail

General

Target

ca157cdc908ae0ea25ed8876222042fdbddf8cc7c7b759f80455d8e628e43f8d
Size

176KB
MD5

0901f46aef3ae574254038e8575361f3
SHA1

8dfde87a8992ad2f1309387931d1307c75ae08e7
SHA256

ca157cdc908ae0ea25ed8876222042fdbddf8cc7c7b759f80455d8e628e43f8d
SHA512

6b5f99b38895c01e10afe86a854f749df522a4e89f2bfbc253121e7596fa27c944167748173151776d7e933e863ba7f159bf2c69f0242952dc425fd99fbc5ba3
SSDEEP

3072:SxsOq9PwPWhpb0p+r3pNMYBx5cb3Ik4/uIYtRH4aWu1zQJm:d9Iu4wdKYT5cb4kLtRH4FxJm

Score

N/A

Malware Config

Signatures

Files

ca157cdc908ae0ea25ed8876222042fdbddf8cc7c7b759f80455d8e628e43f8d
.exe windows x86

bb057ff9f53e9f549237ba187a579d7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRelativePathToW
PathFindFileNameA
SHQueryValueExA
SHRegSetUSValueW
SHEnumValueW
PathRemoveBackslashA
PathAppendA
PathRenameExtensionA
PathBuildRootA
PathUnquoteSpacesA
PathParseIconLocationW
PathAppendW
StrSpnW
PathQuoteSpacesW
PathIsUNCServerShareW
StrCpyW
PathMatchSpecW
SHRegGetBoolUSValueA
StrToIntA
PathQuoteSpacesA
StrCmpW
SHEnumKeyExW
PathIsSameRootW
PathIsDirectoryA
PathGetDriveNumberA
StrCSpnA
PathRemoveBackslashW
SHRegEnumUSValueW
SHDeleteEmptyKeyA
PathIsUNCServerShareA
PathIsUNCA
PathRemoveBlanksA
SHSetValueA
PathAddBackslashW
PathMakePrettyW
PathCommonPrefixW
PathRemoveExtensionA
StrDupW
PathParseIconLocationA
PathRemoveExtensionW
SHGetValueA
PathIsURLA
PathStripToRootW
PathCompactPathExA

advapi32

StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
RegQueryValueW
OpenProcessToken
CopySid
RegQueryInfoKeyW
RegConnectRegistryA
RegEnumKeyW
AllocateAndInitializeSid
ChangeServiceConfigW
RegCreateKeyExA
ReportEventA
RegEnumKeyExA
RegRestoreKeyW
RegQueryValueA
GetAce
AdjustTokenPrivileges
RegOpenKeyExA
AddAce
RegSetValueExA
StartServiceA
LookupPrivilegeValueW
SetEntriesInAclW
RegCreateKeyW
RegisterEventSourceA
QueryServiceConfigW
CreateServiceW
RegCreateKeyA
DeleteService
SetSecurityDescriptorSacl
RegSetValueExW
CloseServiceHandle
SetSecurityDescriptorGroup
LsaQueryInformationPolicy
OpenSCManagerW
OpenSCManagerA
RegOpenKeyExW
GetSidSubAuthorityCount
RegSetValueA
InitiateSystemShutdownA
StartServiceCtrlDispatcherW
RegCreateKeyExW
RegCloseKey
GetSidIdentifierAuthority
SetSecurityDescriptorOwner
RegDeleteKeyA
GetKernelObjectSecurity
RevertToSelf
RegisterServiceCtrlHandlerA
SetFileSecurityA
MakeAbsoluteSD
CreateProcessAsUserW
RegUnLoadKeyW
QueryServiceStatus
LookupAccountNameW
InitializeSid

kernel32

lstrcpy
SetTapePosition

wininet

GetUrlCacheEntryInfoW
HttpSendRequestExW
InternetGoOnline
InternetLockRequestFile
FindNextUrlCacheEntryExW
FtpGetCurrentDirectoryA
FindCloseUrlCache
InternetCombineUrlW
HttpQueryInfoA
UnlockUrlCacheEntryFile
GopherGetLocatorTypeW
FindNextUrlCacheEntryW
InternetCrackUrlW
InternetGetCookieW
InternetCombineUrlA
InternetConnectW
ReadUrlCacheEntryStream
InternetErrorDlg

version

GetFileVersionInfoSizeW
VerQueryValueA

imm32

ImmIsIME
ImmGetIMEFileNameW
ImmGetStatusWindowPos
ImmGetConversionStatus
ImmGetConversionListW
ImmInstallIMEA
ImmGetCandidateListW
ImmEnumRegisterWordW
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmGetIMEFileNameA
ImmGetCandidateWindow
ImmConfigureIMEW

mpr

WNetDisconnectDialog1W
WNetGetConnectionA
WNetAddConnection3A
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW
WNetEnumResourceW
WNetGetNetworkInformationW
WNetCancelConnection2A
WNetCloseEnum
WNetCancelConnection2W
WNetAddConnection3W
WNetOpenEnumW
WNetAddConnectionW

imagehlp

SymCleanup
SymUnloadModule
SymGetModuleInfo
UnDecorateSymbolName
StackWalk
ImageEnumerateCertificates
GetTimestampForLoadedLibrary
BindImageEx
SymFunctionTableAccess
UnMapAndLoad
SymGetModuleBase
SymEnumerateSymbols
ImageRvaToSection
SymGetSymPrev
MapDebugInformation
SearchTreeForFile
UpdateDebugInfoFileEx
ImageRvaToVa
BindImage
SymGetOptions
GetImageConfigInformation
SymGetLinePrev
ImageGetDigestStream
SymEnumerateModules
MapFileAndCheckSumA
SymGetLineFromAddr
ImagehlpApiVersion
ImageGetCertificateData
FindDebugInfoFile
SymGetLineFromName
SymGetLineNext
CheckSumMappedFile
SymUnDName
ImageNtHeader
SymGetSymFromName
RemoveRelocations
EnumerateLoadedModules
SymRegisterCallback
SymGetSymFromAddr

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb057ff9f53e9f549237ba187a579d7b

Headers

File Characteristics

Imports

shlwapi

advapi32

kernel32

wininet

version

imm32

mpr

imagehlp

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 126KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 126KB

.rsrc
Size: 32KB - Virtual size: 29KB