050458750f20063832b0c1b62e83e4def62d1e29b5399ac871683438e5c5c584

Sharing

Copy URL Twitter E-mail

General

Target

050458750f20063832b0c1b62e83e4def62d1e29b5399ac871683438e5c5c584
Size

159KB
MD5

93eb83774f21ac712f7766d458601761
SHA1

6fcd7da5c7ef5817fe5038265b87dafba82574f7
SHA256

050458750f20063832b0c1b62e83e4def62d1e29b5399ac871683438e5c5c584
SHA512

761b02b750318a2fd25f99ad628800884b00f0f5896fc2a385d80744ce1a87e28da2ac15794ff80b3da1b1bfe544ade3b97214eb941902c29318273d89e0e897
SSDEEP

3072:mxgSUFFBIRt/ExeDtnDbeWynTrJFqLX5EMCXuqS4go5M0wzi4inCN9uzDM8:mxgvFFmqeDtnne1nTroX5EMCLSVWrwGr

Score

N/A

Malware Config

Signatures

Files

050458750f20063832b0c1b62e83e4def62d1e29b5399ac871683438e5c5c584
.exe windows x86

1623f078747a4196ec0b99db90ee26e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

FindTextA
GetSaveFileNameW
PrintDlgA
CommDlgExtendedError
GetFileTitleA
ChooseColorW
PrintDlgExW

msvcrt

__set_app_type
strtoul
sscanf
??2@YAPAXI@Z
towlower
_CIacos
iswdigit
iswspace
_ftol
_controlfp
strstr
wcscmp
_CIsqrt
fflush
_wfopen
_wcsdup
strtok
_wcsupr
memcpy
strncmp
rand
exit
mbstowcs
_onexit
_strlwr

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHFileOperationW
CommandLineToArgvW
DragQueryFileA
SHChangeNotify
SHGetDesktopFolder
SHBindToParent
SHBrowseForFolderA
DragQueryFileW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc

user32

GetWindowLongA
CopyRect
LoadIconA
GetCapture
GetDesktopWindow
GetClassNameA
RegisterClassExA
IsWindow
InflateRect
GetFocus
MessageBeep
EnableWindow
IsChild
FillRect
GetWindowTextW
MoveWindow
IsRectEmpty
SendMessageA
CharUpperA
EqualRect
UpdateWindow
RegisterWindowMessageA
FindWindowW
WinHelpW
DestroyMenu
GetWindowRect
SetMenu

kernel32

GetFileSize
GetThreadLocale
VirtualAlloc
GetConsoleMode
HeapAlloc
GetStringTypeA
GetTickCount
InterlockedCompareExchange
GetModuleHandleW
LocalFree
GetLocaleInfoA
MapViewOfFile
GlobalLock
ExitProcess
HeapCreate
IsBadWritePtr
GetCommandLineA
GetSystemTimeAsFileTime
GetCurrentProcess
GetEnvironmentStringsW
WaitForSingleObject
WriteConsoleW
GetModuleHandleA
GetCommandLineW
ResetEvent
CreateProcessA
GetFileAttributesA
lstrlenW
GetLastError
GetVersion
GetCurrentThreadId
TlsGetValue
lstrcatW
Thread32First
InterlockedExchange
OpenEventA

advapi32

RegQueryValueW
SetFileSecurityW
InitializeAcl
LookupPrivilegeValueA
GetTraceLoggerHandle
LookupAccountNameW
CryptAcquireContextW
QueryServiceStatus
QueryServiceConfigW
RegSetValueA
SetThreadToken
LsaQueryInformationPolicy
GetSecurityDescriptorOwner
DuplicateTokenEx
RegQueryInfoKeyA
ConvertStringSidToSidW
CryptAcquireContextA
CheckTokenMembership
GetAce
LsaOpenPolicy
SetServiceStatus

ntdll

atoi
RtlEqualSid
RtlUnicodeToMultiByteSize
NtSetSecurityObject
RtlDestroyHeap
NtQuerySystemInformation
wcsncat
wcstoul
NtWriteFile
RtlGUIDFromString
RtlAppendUnicodeStringToString
wcsstr
strrchr
NtWaitForMultipleObjects
RtlRunEncodeUnicodeString
RtlValidSid
_allmul
RtlAnsiStringToUnicodeString

shlwapi

UrlCanonicalizeW
PathIsDirectoryW
StrCmpW
StrStrIA
SHDeleteValueW
StrCmpIW
PathFindFileNameA
AssocQueryStringW
StrStrW
StrStrIW
SHDeleteValueA
StrDupW
wnsprintfA
StrCmpNW
SHGetValueW
SHStrDupW
PathStripToRootA
PathCreateFromUrlW
PathRemoveFileSpecA
PathFindExtensionW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyW
StrChrW
PathRemoveExtensionW
UrlIsW
PathSkipRootW
StrToIntW

rpcrt4

IUnknown_AddRef_Proxy
NdrClientCall2
NdrDllGetClassObject
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
UuidToStringA
CStdStubBuffer_Disconnect
NdrOleAllocate
RpcServerRegisterIfEx
RpcBindingToStringBindingW
NdrOleFree
RpcStringFreeA
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
RpcServerInqBindings
UuidToStringW

gdi32

GetObjectType
OffsetViewportOrgEx
Ellipse
TextOutA
EndDoc
GetStockObject
TranslateCharsetInfo
SetMapMode
FillRgn
SetTextAlign
SetROP2
GetBkMode
CreateDIBSection
Rectangle
LineTo
CreateBitmap
GetTextMetricsA
GetBkColor
SetBkColor
GetObjectW
EnumFontFamiliesExW
LPtoDP
SetStretchBltMode
CreateCompatibleDC
TextOutW
MoveToEx
RectVisible
CreateFontIndirectW
DeleteObject
GetRgnBox
SetBkMode
CreateSolidBrush
SaveDC
PlayMetaFile
CreatePen
IntersectClipRect

ole32

CoCreateInstanceEx
CreateOleAdviseHolder
CoFreeUnusedLibraries
WriteClassStm
CoGetObjectContext
OleSaveToStream
PropVariantCopy
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket

comctl32

PropertySheetA
InitCommonControls
ImageList_Create
PropertySheetW
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1623f078747a4196ec0b99db90ee26e3

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

msvcrt

shell32

user32

kernel32

advapi32

ntdll

shlwapi

rpcrt4

gdi32

ole32

comctl32

Sections

.text Size: 155KB - Virtual size: 155KB

DATA Size: 1KB - Virtual size: 107KB

BSS Size: 512B - Virtual size: 488B

.rsrc Size: 512B - Virtual size: 492B

.text
Size: 155KB - Virtual size: 155KB

DATA
Size: 1KB - Virtual size: 107KB

BSS
Size: 512B - Virtual size: 488B

.rsrc
Size: 512B - Virtual size: 492B