2d66664ce24d687b8c67a14f235d8a54fe7070170302eb249aa417d5766765d1_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

2d66664ce24d687b8c67a14f235d8a54fe7070170302eb249aa417d5766765d1_unpacked
Size

248KB
MD5

5d476225e6f9a658638551fbdb2ca7d6
SHA1

5ec4aa8ef1671e768165575bb7f159cd97e405e0
SHA256

169056f75aa832f5c8b85a8c522bb2d9f82bd904bfa0fd6846377cedb2e1ffa9
SHA512

d783cf47bcc1f209ff60a5c7d364af27d1e76dd6521e3c0c8a0c16b5791cbd7aa31296ebe0e767b9f73e55b4d8cefe66830f25e6af4cf765dc431671d6b2cc74
SSDEEP

6144:lAWTBJKuDS6Tw151VFABxtfVldbOHOp15wo8kaxu5j:lAWTry6T6VFADvldbgG5RAu5

Score

N/A

Malware Config

Signatures

Files

2d66664ce24d687b8c67a14f235d8a54fe7070170302eb249aa417d5766765d1_unpacked
.exe windows x86

52cabf90860257a05d68ef080769ae14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryInformationProcess
NtTerminateProcess
NtCreateFile
LdrLoadDll
LdrGetDllHandle

kernel32

ResetEvent
ExpandEnvironmentStringsW
GlobalLock
GlobalUnlock
CreateThread
lstrlenW
lstrcatW
CreateProcessW
DuplicateHandle
WideCharToMultiByte
lstrcmpA
GetProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
LoadLibraryW
TerminateThread
UnregisterWait
RegisterWaitForSingleObject
TlsGetValue
TlsSetValue
IsBadReadPtr
VirtualAllocEx
LoadLibraryA
WriteProcessMemory
WaitForMultipleObjects
VirtualFree
GetThreadPriority
FileTimeToDosDateTime
GetTempFileNameW
lstrcpynA
GetTempPathW
FileTimeToLocalFileTime
lstrcpyW
lstrcpyA
GetSystemTime
GetFileAttributesW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
SetFileTime
ReadFile
GetFileTime
DeleteFileW
GetFileInformationByHandle
GetDriveTypeW
GetSystemDefaultUILanguage
GetLogicalDrives
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
GetEnvironmentVariableW
Thread32First
Thread32Next
SystemTimeToFileTime
GetTimeZoneInformation
GetComputerNameW
GetVolumeNameForVolumeMountPointW
ExitProcess
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
lstrcmpiW
MoveFileExW
MultiByteToWideChar
SetErrorMode
GetLongPathNameW
OpenEventW
lstrcmpiA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
CreateMutexW
WaitForSingleObject
OpenMutexW
SetFilePointer
GetLastError
HeapCreate
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
GetCurrentProcessId
TlsAlloc
GetModuleFileNameW
SetFileAttributesW
CreateDirectoryW
GetProcAddress
GetVersionExW
GetNativeSystemInfo
FlushFileBuffers
WriteFile
FindNextFileW
FindClose
SetLastError
FindFirstFileW
CreateFileMappingW
GetFileSizeEx
UnmapViewOfFile
MapViewOfFile
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetThreadPriority
Sleep
ReleaseMutex
InitializeCriticalSection
LocalFree
GetModuleHandleW
GetCommandLineW
CreateFileW
lstrlenA
CreateEventW
GetTickCount
SetEvent
QueryPerformanceCounter
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
DosDateTimeToFileTime
ResumeThread
GetCurrentThreadId
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetCurrentThread
GetCurrentProcess
CloseHandle
GetThreadContext
SetThreadContext
VirtualQuery
GetLocalTime

user32

GetSystemMetrics
CharUpperW
CharLowerW
ToUnicode
GetKeyboardState
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetClipboardData
PostQuitMessage
GetCursorPos
GetIconInfo
DrawIcon
LoadCursorW
CharLowerA
GetLastInputInfo
ExitWindowsEx

advapi32

CryptHashData
GetLengthSid
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegCloseKey
RegSetValueExW
CryptAcquireContextW
CryptExportKey
ConvertSidToStringSidW
IsWellKnownSid
CryptVerifySignatureW
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
InitiateSystemShutdownExW
CryptGetHashParam
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptSetKeyParam
CryptDeriveKey

shlwapi

StrCmpNIW
ord14
StrRChrA
StrCmpIW
wvnsprintfW
StrCmpW
PathSkipRootW
StrChrA
PathFindExtensionW
PathGetDriveNumberW
StrChrW
PathAddBackslashW
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathIsDirectoryW
PathQuoteSpacesW
PathRenameExtensionW
StrCmpNA
PathUnquoteSpacesW
StrCmpNW
PathRemoveExtensionW
PathIsURLW
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

DeleteSecurityContext
EncryptMessage
GetUserNameExW
DecryptMessage

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2

gdi32

CreateCompatibleDC
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
CreateDCW
SelectObject
CreateCompatibleBitmap

ws2_32

WSACloseEvent
WSAIoctl
WSASetLastError
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
getservbyname
FreeAddrInfoW
WSARecv
WSASend
GetAddrInfoW
gethostbyname
WSAGetOverlappedResult
connect
WSAStartup
shutdown
WSACleanup
bind
socket
closesocket
send
listen
accept
WSAGetLastError
getpeername
recvfrom
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo

crypt32

CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW

wininet

InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipAlloc
GdiplusShutdown
GdipSaveImageToStream
GdipFree

msvcrt

_except_handler3
_errno
memcpy
memset
memcmp
_purecall
memchr
memmove
_vsnwprintf
_vsnprintf
strtoul
strcmp

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52cabf90860257a05d68ef080769ae14

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

userenv

iphlpapi

version

gdiplus

msvcrt

Sections

.text Size: 222KB - Virtual size: 222KB

.data Size: 1024B - Virtual size: 8KB

.idata Size: 9KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 222KB - Virtual size: 222KB

.data
Size: 1024B - Virtual size: 8KB

.idata
Size: 9KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 8KB