dcc0d85ed655a57b44ab89fa88b9d886cc4de64fba35b9f1c4b3b9772d250ba4

Sharing

Copy URL Twitter E-mail

General

Target

dcc0d85ed655a57b44ab89fa88b9d886cc4de64fba35b9f1c4b3b9772d250ba4
Size

5.0MB
MD5

72844896e325702795cbeb6362ac8781
SHA1

fa40c26b5fa1c9b874e13d3d6f8d8bbf53b7212f
SHA256

dcc0d85ed655a57b44ab89fa88b9d886cc4de64fba35b9f1c4b3b9772d250ba4
SHA512

8f6fe1bc52b7ff423b7c4383f5a10457b4d0ec62a42556b20ff60b0320972e31b88a33a73a0e663b378e3fc08c9858061c6fe0dc496c247bb0aa7446e5c34e4c
SSDEEP

98304:u9u0PhlNaV34U88xlxsOtJ+D5WPADGR+97MXxnvb1OmiX2tGtv0nbAhY9lK7z:u9ua4NhsOuD5ErX9vb1VitNx7z

Score

N/A

Malware Config

Signatures

Files

dcc0d85ed655a57b44ab89fa88b9d886cc4de64fba35b9f1c4b3b9772d250ba4
.exe windows x86

668965b7d296e2b8e7c392f45591a940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

dbghelp

MakeSureDirectoryPathExists

netapi32

Netbios

kernel32

CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetModuleHandleA
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetFileInformationByHandle
LockResource
CompareStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetCurrentThreadId
ExitThread
GetTimeZoneInformation
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
SleepEx
FormatMessageA
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetProcessHeap
HeapFree
GetVersion
SetEnvironmentVariableA
GlobalMemoryStatus
FlushConsoleInputBuffer
LCMapStringW
FreeResource
SizeofResource
LoadResource
FindResourceW
RaiseException
ReadConsoleInputA
SetConsoleMode
GetSystemTimeAsFileTime
ProcessIdToSessionId
GetNativeSystemInfo
GetPrivateProfileIntW
lstrcpynW
lstrcmpiW
lstrcpyW
SetFileTime
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentProcessId
MulDiv
ExitProcess
GetACP
GetTickCount
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
CreateThread
InterlockedDecrement
InterlockedIncrement
FormatMessageW
InterlockedCompareExchange
CreateFileA
GetCommandLineW
CreateDirectoryW
FreeLibrary
LoadLibraryW
Sleep
GetPrivateProfileStringW
GetCPInfo
SetLastError
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
DuplicateHandle
GetDiskFreeSpaceExW
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetSystemInfo
GetProcAddress
SystemTimeToFileTime
GetLocalTime
WriteFile
GetTempPathW
DeleteFileW
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
WideCharToMultiByte
GetVersionExW
GetCurrentProcess
GetLastError
CreateFileW
lstrlenW
LocalFree
FindResourceExW
MultiByteToWideChar
CloseHandle
TerminateProcess
OpenProcess
GetModuleHandleW

user32

SetWindowPos
KillTimer
SetTimer
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
ScreenToClient
GetClientRect
IsZoomed
SendMessageW
IsWindow
SetCursor
LoadCursorW
PtInRect
CharNextW
IntersectRect
OffsetRect
GetKeyState
SetWindowLongW
GetWindowLongW
InvalidateRect
UnionRect
GetWindowRect
ReleaseCapture
PostMessageW
LoadImageW
ReleaseDC
GetDC
GetCursorPos
DestroyWindow
SetFocus
GetFocus
CreateWindowExW
MapWindowPoints
GetSysColor
GetMonitorInfoW
MonitorFromWindow
IsWindowVisible
IsRectEmpty
GetUpdateRect
EndPaint
BeginPaint
EqualRect
GetWindowTextLengthW
GetWindowTextW
MessageBoxW
PostQuitMessage
SetWindowTextW
wsprintfW
ShowWindow
SetForegroundWindow
SetCapture
GetWindow
CreateAcceleratorTableW
GetGUIThreadInfo
DestroyMenu
GetActiveWindow
IsIconic
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
InflateRect
DefWindowProcW
EnableWindow
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowRgn
FillRect
CharPrevW
SetRect
DrawTextW
GetWindowRgn
UpdateLayeredWindow
MoveWindow
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
TrackPopupMenu
ClientToScreen
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
IsWindowEnabled
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
DrawTextA
wsprintfA
InvalidateRgn

gdi32

GetTextExtentPointA
SetBitmapBits
GetBitmapBits
CreateRectRgn
PtInRegion
GdiFlush
GetObjectA
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetStretchBltMode
CreateDIBSection
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRoundRectRgn
SaveDC
BitBlt
RestoreDC
Rectangle
CreateEnhMetaFileW
CloseEnhMetaFile
SetWindowOrgEx
RemoveFontMemResourceEx
AddFontMemResourceEx
CreatePen
CreateDIBitmap
GetEnhMetaFileHeader
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
PlayEnhMetaFile
DeleteDC
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
CreatePatternBrush

advapi32

RegCreateKeyExW
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
AdjustTokenPrivileges
LookupPrivilegeValueW
SetTokenInformation
GetTokenInformation
RegOpenKeyW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegCreateKeyW
RegQueryValueExW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW

shell32

DragQueryFileW
SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW

ole32

DoDragDrop
CLSIDFromProgID
OleDuplicateData
CreateStreamOnHGlobal
RegisterDragDrop
CoCreateInstance
CoUninitialize
CoInitialize
ReleaseStgMedium
CLSIDFromString
OleLockRunning

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawRectangleI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetPenMode
GdipCreateSolidFill
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipDeleteGraphics
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneImage

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

shlwapi

PathFileExistsW

ws2_32

gethostname
socket
gethostbyname
htons
connect
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
select
__WSAFDIsSet
getpeername
WSAIoctl
WSAGetLastError
ntohs
getsockname
bind
WSASetLastError
getsockopt
send
WSACleanup
closesocket
setsockopt
recv
WSAStartup

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord46
ord142
ord133
ord167
ord208
ord301
ord14
ord216
ord79
ord26
ord41
ord127
ord118
ord27
ord145
ord147

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

668965b7d296e2b8e7c392f45591a940

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

dbghelp

netapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

imm32

shlwapi

ws2_32

wtsapi32

userenv

wldap32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 307KB - Virtual size: 306KB

.data Size: 25KB - Virtual size: 118KB

.rsrc Size: 11.2MB - Virtual size: 11.2MB

.reloc Size: 142KB - Virtual size: 141KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 307KB - Virtual size: 306KB

.data
Size: 25KB - Virtual size: 118KB

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

.reloc
Size: 142KB - Virtual size: 141KB