1fe7fe9340efa9cde51aab96c568a6b10b1c4b78d71a7edcbebd52c2b553f2d0

Sharing

Copy URL Twitter E-mail

General

Target

1fe7fe9340efa9cde51aab96c568a6b10b1c4b78d71a7edcbebd52c2b553f2d0
Size

223KB
MD5

394bed68bb412f26f8df71874d346b9b
SHA1

1184f8b7c45e16ca0aa275d771ecf0cf129298dd
SHA256

1fe7fe9340efa9cde51aab96c568a6b10b1c4b78d71a7edcbebd52c2b553f2d0
SHA512

e5bbcf65c9d6f72e6b982981896e6cdccccba48a2730c6c2746d1d3750c8b87dfb743ee15c63d3846283f6c6e20b55878ac8be1c8f4f77e50e2bb2807d153d15
SSDEEP

3072:ZDSr1CLDd8oHsAez29ll6HxGPjWT5cM9Mmufcdj7nK0KpS29pkYAvrkJn:5Sr1CF8oMAez2DlyxmWOEfufCKNHJAv

Score

N/A

Malware Config

Signatures

Files

1fe7fe9340efa9cde51aab96c568a6b10b1c4b78d71a7edcbebd52c2b553f2d0
.exe windows x86

f43d3728c545db4b79f2cd49843e8b75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetStdHandle
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetLastError
BackupRead
LoadLibraryW
lstrcatA
lstrcpyA
GetProcAddress
FreeEnvironmentStringsA
ExitProcess
Sleep
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
OutputDebugStringA
lstrlenW
GlobalLock
CreateFileW
WriteFile
CloseHandle
GlobalUnlock
GetComputerNameW
GetWindowsDirectoryW
GetModuleFileNameA
GetStdHandle
SetConsoleMode
SetConsoleCursorPosition
ReadConsoleInputA
SetConsoleTextAttribute
GetFileSize
ReadFile
GetOverlappedResult
ResetEvent
FlushConsoleInputBuffer
GetProcessHeap
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetFileType
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCommandLineA
WideCharToMultiByte
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
CreatePipe
GetStartupInfoA
GetCurrentProcessId
CreateFileA
DeviceIoControl
EnumSystemGeoID
HeapAlloc
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
LocalFree
LoadLibraryA

user32

SetMenu
CreatePopupMenu
GetDC
CreateMenu
SetCapture
ReleaseDC
SetScrollRange
GetClientRect
LoadImageA
GetSysColor
DefWindowProcA
SetScrollPos
PostQuitMessage
CreateWindowExA
MonitorFromWindow
RegisterClassExA
LoadCursorA
LoadIconA
LoadStringA
GetClassNameA
IsWindow
GetParent
MessageBoxA
GetWindowTextA
GetDialogBaseUnits
wsprintfA
DestroyWindow
EndPaint
BeginPaint
SetMenuDefaultItem
GetSubMenu
GetMenu
SendMessageA
wsprintfW
GetDlgItem
InvalidateRect

gdi32

CreatePatternBrush
GetDeviceCaps
CreateRectRgn
DeleteObject
SetBkColor
CreateFontIndirectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
TextOutA
TextOutW
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
GetPaletteEntries
SetRectRgn
CombineRgn
GetCurrentObject
CreatePen

winspool.drv

ClosePrinter
StartPagePrinter
EndDocPrinter
WritePrinter
OpenPrinterA
StartDocPrinterA
EndPagePrinter
GetPrinterDataA

comdlg32

ChooseFontA
GetOpenFileNameA

advapi32

GetNamedSecurityInfoA
InitializeAcl
GetLengthSid
CryptAcquireContextA
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
SetServiceObjectSecurity
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetUserNameW
IsValidAcl
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceObjectSecurity
GetSecurityDescriptorDacl

ole32

CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
GetHGlobalFromStream
GetRunningObjectTable
CreateItemMoniker
CoInitialize
StringFromGUID2

oleaut32

OleCreatePictureIndirect
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
SafeArrayCreate
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
VariantInit

wininet

FindCloseUrlCache
InternetOpenUrlW
InternetReadFile

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificateContextProperties
CertOpenSystemStoreA
CertFindCertificateInStore

iphlpapi

GetTcpTable

shlwapi

StrDupA
PathStripToRootA
PathStripToRootW

pdh

PdhOpenQueryW

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

oledlg

OleUIInsertObjectW

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory

tapi32

linePrepareAddToConferenceA

wldap32

ord143
ord211

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f43d3728c545db4b79f2cd49843e8b75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

wininet

crypt32

iphlpapi

shlwapi

pdh

imm32

oledlg

wtsapi32

tapi32

wldap32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 74KB - Virtual size: 81KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 74KB - Virtual size: 81KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 13KB - Virtual size: 12KB