67de19921067e1500b7279b8a089d871a315db98ee3941c89356d21f3fe739aa

Sharing

Copy URL

Twitter E-mail

General

Target

67de19921067e1500b7279b8a089d871a315db98ee3941c89356d21f3fe739aa
Size

260KB
MD5

5141aa42a5c4bf4cbfacf60445087943
SHA1

376ebd72f96dc742b2503eb74073f19233286721
SHA256

67de19921067e1500b7279b8a089d871a315db98ee3941c89356d21f3fe739aa
SHA512

68525413c48cdd4cb94a10486475668b3d54d67fd9d2e4f828cae6f06bc5c9afe652f8172f321943db836d3fc29b78f324330be7d6745282b9592c2468b34713
SSDEEP

3072:vagjkO5UaLZPW4qiIyBhZc784KL6W4TK5OHkRiW8vqOuvNAGtDfBXPrJbBCSo1ne:SRyCuBTulKepTKhiml8s

Score

N/A

Malware Config

Signatures

Files

67de19921067e1500b7279b8a089d871a315db98ee3941c89356d21f3fe739aa
.exe windows x86

6fdf8e0a01dd1f7474e2ae3e7b933a3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA

user32

ShowWindow
SetForegroundWindow
TrackPopupMenu
PostMessageA
AppendMenuA
GetCursorPos
LoadImageA
CreateWindowExA
GetDlgItem
SendMessageA
RegisterClassA
LoadBitmapA
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
IsWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
PostQuitMessage
EndDialog
EnableWindow
CreatePopupMenu
GetDlgCtrlID
SetCursor
PtInRect
GetWindowRect
GetFocus
GetDC
IsChild
SetFocus
GetSysColor
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
GetDesktopWindow
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetWindowLongA
GetWindow
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DialogBoxIndirectParamA
wsprintfA
LoadStringA
MessageBoxA
DestroyWindow
InvalidateRgn
CharNextA
ReleaseDC

gdi32

SetViewportOrgEx
SaveDC
SetGraphicsMode
ModifyWorldTransform
GetDeviceCaps
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
SetBkMode
StretchBlt
SetTextColor
GetStockObject
GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
InternetErrorDlg
HttpAddRequestHeadersA
InternetTimeFromSystemTime

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

DeleteCriticalSection
FindResourceA
LockResource
GetThreadLocale
CreatePipe
SetHandleInformation
ReadFile
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GetSystemTime
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
SetEvent
CreateEventA
ResetEvent
CreateThread
GetCurrentProcess
FlushInstructionCache
CreateProcessA
GetExitCodeProcess
FormatMessageA
GetFileSize
GetFileTime
FileTimeToSystemTime
Sleep
SystemTimeToFileTime
CompareFileTime
SetFilePointer
SetEndOfFile
WriteFile
CreateFileA
WideCharToMultiByte
GlobalLock
GlobalUnlock
MultiByteToWideChar
lstrlenW
GlobalAlloc
LoadResource
InterlockedDecrement
GlobalHandle
GlobalFree
FreeResource
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetTempPathA
DeleteFileA
lstrlenA
lstrcatA
lstrcpynA
lstrcpyA
lstrcmpA
HeapDestroy
InitializeCriticalSection
GetCommandLineA
lstrcmpiA
CreateMutexA
GetLastError
CloseHandle
GetModuleHandleA
GetStartupInfoA
InterlockedIncrement

olepro32

ord253

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoCreateGuid

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysAllocStringLen

msvcrt

_stricmp
_controlfp
__set_app_type
_strdup
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__p__fmode
_ftol
??2@YAPAXI@Z
_splitpath
iswspace
sprintf
strstr
fopen
fread
fclose
_except_handler3
strncmp
_purecall
_EH_prolog
__CxxFrameHandler
??3@YAXPAX@Z
rand
time
localtime
isspace
?terminate@@YAXXZ
_exit
free
srand
asctime
sscanf
strncpy
malloc
fgetc
strrchr

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

zctygfw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6fdf8e0a01dd1f7474e2ae3e7b933a3b

Headers

File Characteristics

Imports

advapi32

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

olepro32

ole32

oleaut32

msvcrt

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 180KB - Virtual size: 180KB

zctygfw Size: - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 180KB - Virtual size: 180KB

zctygfw
Size: - Virtual size: 4KB