0004b02200da40a136cbe68703c56a340db75844fd5e06eae94752da241e4f48

Sharing

Copy URL Twitter E-mail

General

Target

0004b02200da40a136cbe68703c56a340db75844fd5e06eae94752da241e4f48
Size

508KB
MD5

2404bb47fb80569b8748b256c2b7644a
SHA1

ddf2e9c554fbec94d0d839db6fcd6e443611dbcb
SHA256

0004b02200da40a136cbe68703c56a340db75844fd5e06eae94752da241e4f48
SHA512

819f0eedec9dc518868bc421e561fba8d32446944afdd8d068d50d87f3a0852bf7a332a8d0295e18cd9bd77dfbd5b720815a6912e1d737eae6bb72ebe385444a
SSDEEP

12288:h8aP3ECKBIuumZJy/Vcw2o1uvwwzvxhOqiHT:ecE7Bvy/XluvwwzJh4T

Score

N/A

Malware Config

Signatures

Files

0004b02200da40a136cbe68703c56a340db75844fd5e06eae94752da241e4f48
.exe windows x86

18c18af89b563538b9dfb588961e5427

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
Sleep
CloseHandle
DeviceIoControl
CreateFileW
LoadLibraryW
CreateProcessW
GetProcAddress
LocalFree
CreateMutexW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetLongPathNameW
GetLocalTime
DeleteFileW
GetFileSizeEx
InterlockedExchange
CreateEventW
InterlockedCompareExchange
SetEvent
GetTickCount
WaitForSingleObject
WaitForMultipleObjects
GetSystemDirectoryW
WideCharToMultiByte
GetSystemInfo
TerminateThread
CreateThread
GetModuleFileNameA
GetStdHandle
GetCurrentThread
FatalAppExitA
HeapCreate
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
lstrlenW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoW
SetFilePointer
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleFileNameW
RaiseException
GetCurrentProcessId
GetStartupInfoW
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
SetHandleCount
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
TerminateProcess
ExitProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
GetModuleHandleW
InterlockedDecrement
OpenThread
IsValidLocale
EnumSystemLocalesA
InterlockedIncrement
SetLastError
GetAtomNameW
TlsSetValue
CompareStringA
GetCurrentProcess
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
TlsGetValue
GetSystemTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
OutputDebugStringW
FormatMessageW
GetCPInfo

user32

GetActiveWindow
PostQuitMessage
PostMessageW
SetTimer
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
GetClassInfoExW
UnregisterClassA
LoadCursorW
RegisterClassExW
CharNextW
IsWindow
SendMessageW
IsIconic
ShowWindow
IsWindowVisible
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
KillTimer
MessageBoxW
CallWindowProcW
GetWindowLongW
SendMessageTimeoutW

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExA
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
SHGetValueW
SHSetValueA
StrToIntExW
SHGetValueA
PathAppendW

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18c18af89b563538b9dfb588961e5427

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wintrust

crypt32

psapi

iphlpapi

wininet

urlmon

version

netapi32

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 9KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 84KB - Virtual size: 88KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 9KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 84KB - Virtual size: 88KB