0002959084f4a5fd734ac47d1ca4f0bc62a17f6196ce8084254d00b6bf8bce33

Sharing

Copy URL

Twitter E-mail

General

Target

0002959084f4a5fd734ac47d1ca4f0bc62a17f6196ce8084254d00b6bf8bce33
Size

558KB
MD5

f17c6322504ccc5d9c708481141b43b3
SHA1

510daceb7f35ccabc416fdbbfa9cba87c75355c3
SHA256

0002959084f4a5fd734ac47d1ca4f0bc62a17f6196ce8084254d00b6bf8bce33
SHA512

320b9c1c8866499dda5fd0177db2aaf0cacdf0ddce39022bb33f259eae579e470c96e94cec820205d5476ed50d3875f15570673b15624710906e33443858edfd
SSDEEP

12288:/8OxXbvzGBJgjmidRpWVAyEPKVILzMW5LKMBw28n:/ncJgaVhEPKVILIWcCr8n

Score

N/A

Malware Config

Signatures

Files

0002959084f4a5fd734ac47d1ca4f0bc62a17f6196ce8084254d00b6bf8bce33
.exe windows x86

c387603b090db4acd4ef15fd204f5c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusStartup

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetCommandLineW
GetCurrentProcess
FlushInstructionCache
SetLastError
LockResource
FindResourceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetLocalTime
MoveFileExW
lstrlenA
LoadLibraryW
CreateEventA
SetEvent
CreateFileW
DeviceIoControl
CloseHandle
GetCurrentProcessId
ReadFile
WriteFile
FlushFileBuffers
GetFileSize
WideCharToMultiByte
LocalFree
OpenProcess
GetStartupInfoW
Sleep
GetProcessHeap
HeapFree
HeapAlloc
WaitForSingleObject
CreateMutexW
ReleaseMutex
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
MultiByteToWideChar
GetFileSizeEx
SetFilePointer
GetTickCount
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
CreateFileA
SystemTimeToFileTime
TlsSetValue
ResetEvent
OpenEventA
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcmpA
lstrcmpiA
GetShortPathNameW

user32

CharNextW
SetCursor
DrawFocusRect
PtInRect
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
DestroyWindow
UnionRect
EqualRect
UnregisterClassA
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
UpdateLayeredWindow
GetWindowRect
ReleaseDC
GetDC
ReleaseCapture
SetCapture
InvalidateRect
EndPaint
BeginPaint
GetAsyncKeyState
ScreenToClient
GetClientRect
GetParent
PostQuitMessage
PostMessageW
SendMessageW
OffsetRect
CopyRect
SendMessageTimeoutW
FindWindowExW
CallWindowProcW
GetWindowLongW
IsWindow
SetTimer
KillTimer
SetWindowPos
ShowWindow
GetWindowThreadProcessId
SetWindowLongW

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
DeleteObject
DeleteDC
OffsetViewportOrgEx
RectVisible
SelectClipRgn
CreateRectRgnIndirect
SaveDC
CreateCompatibleDC
RestoreDC
SetViewportOrgEx

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord165

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

SHGetValueA
SHSetValueA
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathCombineW
PathIsRelativeW
PathIsRootW
SHGetValueW
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSACleanup
WSAStartup

psapi

GetModuleFileNameExW

netapi32

Netbios

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c387603b090db4acd4ef15fd204f5c65

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

netapi32

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 19KB - Virtual size: 35KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 99KB - Virtual size: 100KB

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 19KB - Virtual size: 35KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 99KB - Virtual size: 100KB