9e8fda52ec879c4db75cc11cc5112659da5c8f8d65e10ddae22eb22f4242e8a2

Sharing

Copy URL Twitter E-mail

General

Target

9e8fda52ec879c4db75cc11cc5112659da5c8f8d65e10ddae22eb22f4242e8a2
Size

392KB
MD5

0007b14a9d8313159fcdacc9ece4b500
SHA1

5107cb9879a9a18d55fd0de01cbef2e009b6fdf7
SHA256

9e8fda52ec879c4db75cc11cc5112659da5c8f8d65e10ddae22eb22f4242e8a2
SHA512

4b0eb405df95aedb4d7be838db0bf3ef7c3f25752e05e799ca6ce4d3df145df97a62f1cf7c848e5c06f25a696d3a0170c20bb16cca33dde1a69095673cee62a6
SSDEEP

6144:kl4FxWaSSvqahYkOEGRPt/dsVzHw707zNKLJPlcf7caxaT4bBV7D3yL:G4FxEKqaOzlsVzm07hK9Plc3a07D3m

Score

N/A

Malware Config

Signatures

Files

9e8fda52ec879c4db75cc11cc5112659da5c8f8d65e10ddae22eb22f4242e8a2
.exe windows x86

e6dab8d296d4ec35743cb064d11b1f74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
IsBadWritePtr
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFilePointer
CreateDirectoryA
GetPrivateProfileIntA
GetModuleFileNameA
MoveFileA
DeleteFileA
SetFileAttributesA
CreateFileA
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
WriteFile
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetProcessId
CreateProcessW
OpenProcess
LocalFree
CreateThread
LoadLibraryA
lstrlenA
lstrcmpW
MulDiv
FlushInstructionCache
GetCurrentProcess
SetLastError
GetCurrentThreadId
CreateMutexW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
TerminateThread
WaitForSingleObject
LoadLibraryW
FreeResource
CreateFileW
GetFileSize
ReadFile
CloseHandle
WideCharToMultiByte
GetTickCount
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
GetLastError
lstrcmpiW
lstrlenW
GetModuleHandleW
RaiseException
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetFileAttributesW
GetStartupInfoA

user32

SetWindowTextW
DrawFrameControl
DrawIconEx
PostThreadMessageW
SetWindowRgn
PostMessageW
RegisterWindowMessageW
CharNextW
SetRectEmpty
CopyRect
LoadCursorW
SetCursor
PtInRect
IsWindow
GetNextDlgTabItem
SetRect
InflateRect
DrawTextW
GetDC
GetDesktopWindow
ReleaseDC
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetActiveWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsDialogMessageW
GetShellWindow
MapWindowPoints
GetMonitorInfoW
GetActiveWindow
MonitorFromWindow
GetKeyState
WindowFromPoint
GetScrollPos
SystemParametersInfoW
AllowSetForegroundWindow
SendMessageW
IsChild
GetFocus
GetDlgCtrlID
ShowWindow
EqualRect
SetWindowPos
IsWindowVisible
InvalidateRect
GetDlgItem
GetParent
OffsetRect
CreateWindowExW
GetWindowRect
GetWindowLongW
DestroyWindow
DefWindowProcW
RegisterClassExW
UpdateLayeredWindow
SetWindowLongW
UnregisterClassA
GetClientRect
GetWindowTextW
GetWindowTextLengthW
SetCapture
RedrawWindow
ReleaseCapture
BeginPaint
EndPaint
LoadImageW
GetSysColor
IsWindowEnabled
LoadIconW
DestroyIcon
SetTimer
MoveWindow
KillTimer
LoadBitmapW
GetCursorPos
SetLayeredWindowAttributes
GetSystemMetrics
FindWindowExW
FindWindowW
DestroyAcceleratorTable
CallWindowProcW
SetFocus
GetWindow
GetClassNameW
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
FillRect
InvalidateRgn

gdi32

SetBkColor
GetObjectW
ExtTextOutW
CreateFontIndirectW
DeleteObject
SetBkMode
SelectObject
SetTextColor
DeleteDC
GetCurrentObject
CreateCompatibleDC
CreatePen
SelectClipRgn
MoveToEx
LineTo
SaveDC
RestoreDC
CreateDIBSection
BitBlt
StretchBlt
CreateBitmap
CreateCompatibleBitmap
CreateRectRgn
SetStretchBltMode
Rectangle
GetDeviceCaps
GetTextColor
GetClipRgn
RoundRect
TextOutW
GetTextExtentPoint32W
CreateRectRgnIndirect
RectInRegion
CombineRgn
OffsetRgn
GetStockObject
CreateSolidBrush

advapi32

CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
RegOpenKeyW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VarUI4FromStr
SysFreeString

shlwapi

PathAppendW
StrCmpW
PathFindFileNameA
PathRemoveFileSpecW
PathRemoveExtensionA
PathRemoveFileSpecA
PathAppendA
StrToIntW
StrToIntA

comctl32

_TrackMouseEvent

gdiplus

GdipDeletePen
GdipDrawLinesI
GdipCreatePen1
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipDisposeImage
GdipFree
GdipCloneImage
GdipLoadImageFromFile
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6dab8d296d4ec35743cb064d11b1f74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wtsapi32

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 82KB - Virtual size: 84KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 82KB - Virtual size: 84KB