8f5ae9f4c8cc85189053183c6a9bb1ac1e20ab17ac4de062c726bb3b05656cd8

Sharing

Copy URL Twitter E-mail

General

Target

8f5ae9f4c8cc85189053183c6a9bb1ac1e20ab17ac4de062c726bb3b05656cd8
Size

159KB
MD5

a347dd6fcad843481a55a27ec9bbdfc0
SHA1

3970700dcd1496cd29374a303cff1fdd3e75a5e8
SHA256

8f5ae9f4c8cc85189053183c6a9bb1ac1e20ab17ac4de062c726bb3b05656cd8
SHA512

6ab61db63018270e8c7270c7ac44add0fc2a3072328f5c109e16c69fda0b52223f345214ef96c1f1e961d5c1ec034b15efd0830245225b8203b504d23769bfcf
SSDEEP

1536:HtkfYMXtT+phgp++9Xfiex3L+kPuKWu99NFILH+WqGjQaN46AO:NkfYjy1ii7+kPdWY0LPqLd6r

Score

N/A

Malware Config

Signatures

Files

8f5ae9f4c8cc85189053183c6a9bb1ac1e20ab17ac4de062c726bb3b05656cd8
.exe windows x86

4b6cd2e62c880d3299146d4911ef6442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
AllocConsole
AllocateUserPhysicalPages
AssignProcessToJobObject
BackupWrite
CallNamedPipeA
CancelWaitableTimer
CommConfigDialogW
ConnectNamedPipe
CreateConsoleScreenBuffer
CreateFileMappingA
CreateJobObjectA
CreateNamedPipeA
CreateProcessA
CreateThread
CreateWaitableTimerW
DeviceIoControl
DisableThreadLibraryCalls
DnsHostnameToComputerNameW
EnumLanguageGroupLocalesA
EnumResourceNamesA
EnumResourceTypesA
EnumSystemCodePagesA
EnumSystemLanguageGroupsA
FindClose
FindNextVolumeMountPointA
GenerateConsoleCtrlEvent
GetAtomNameW
GetCPInfoExW
GetCalendarInfoA
GetCommModemStatus
GetCommTimeouts
GetConsoleAliasExesLengthW
GetConsoleMode
GetDefaultCommConfigW
GetFileAttributesExW
GetHandleInformation
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleHandleA
GetNumberFormatA
GetOEMCP
GetPriorityClass
GetProcessShutdownParameters
GetProcessVersion
GetProfileIntA
VirtualAlloc
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetVolumeInformationA
GlobalWire
HeapDestroy
HeapUnlock
InterlockedCompareExchange
LocalFileTimeToFileTime
LocalFlags
Module32First
MoveFileWithProgressW
OpenEventA
OpenEventW
OpenSemaphoreA
PeekNamedPipe
PurgeComm
QueryDosDeviceA
QueueUserAPC
ReadConsoleA
ReplaceFileA
RtlMoveMemory
SetCalendarInfoA
SetCommTimeouts
SetConsoleScreenBufferSize
SetCriticalSectionSpinCount
SetErrorMode
SetInformationJobObject
SetLocalTime
SetProcessWorkingSetSize
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
TerminateProcess
UnlockFileEx
VerLanguageNameA
VirtualAllocEx
WritePrivateProfileStructW
_lclose
_llseek
lstrcmp
lstrcmpiW
lstrcpyn
lstrcpynA
ExitProcess
GetQueuedCompletionStatus
CreateFileW

user32

MessageBoxIndirectW
ModifyMenuA
MoveWindow
OemToCharW
RedrawWindow
RegisterClassExW
RegisterClipboardFormatW
RegisterShellHookWindow
RegisterWindowMessageA
SendIMEMessageExW
SendMessageTimeoutW
SetCaretBlinkTime
SetClassWord
SetLayeredWindowAttributes
SetMenuDefaultItem
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoW
SetMessageQueue
SetProcessDefaultLayout
SetScrollInfo
SetScrollPos
SetSystemCursor
SetUserObjectInformationW
SetUserObjectSecurity
SetWindowPlacement
SetWindowRgn
SubtractRect
UnhookWindowsHook
UnloadKeyboardLayout
UpdateLayeredWindow
WINNLSGetIMEHotkey
WindowFromPoint
MessageBeep
MapVirtualKeyA
LockWindowUpdate
LoadMenuW
LoadKeyboardLayoutA
LoadCursorA
LoadAcceleratorsA
IsZoomed
IsRectEmpty
IsDialogMessageA
IsCharAlphaW
IsCharAlphaA
IntersectRect
InsertMenuA
InSendMessage
IMPGetIMEW
GetWindowTextLengthA
GetWindowDC
GetTopWindow
GetProcessWindowStation
GetMonitorInfoW
GetMenuStringW
GetKeyboardState
GetKeyboardLayoutNameW
GetGUIThreadInfo
GetDCEx
GetClipboardSequenceNumber
GetCaretBlinkTime
GetAsyncKeyState
FreeDDElParam
EnumWindowStationsA
EnumPropsW
EnumPropsExA
EndTask
EndDeferWindowPos
EnableScrollBar
DrawStateA
DrawMenuBar
DrawIcon
DrawEdge
DialogBoxIndirectParamW
DeregisterShellHookWindow
DefMDIChildProcW
DdeUninitialize
DdeQueryStringW
DdeKeepStringHandle
DdeDisconnect
CreateIconFromResourceEx
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyIcon
CheckDlgButton
CharUpperA
CharNextW
ChangeMenuW
ChangeMenuA
BroadcastSystemMessage
AppendMenuW
AppendMenuA
LoadIconA
LoadCursorW
EnumWindows

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

Shell_NotifyIconW
Shell_NotifyIconA
ShellHookProc
ShellExecuteExW
ShellAboutW
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragFinish
DragQueryFile
DragQueryFileAorW
DragQueryFileW
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconEx
ExtractIconExA
FindExecutableA
FindExecutableW
SHBrowseForFolder
SHBrowseForFolderA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperation
SHPathPrepareForWriteA
SHFileOperationA
SHFileOperationW
SHGetDataFromIDListA
SHGetDesktopFolder
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetMalloc
SHGetPathFromIDListA
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
WOWShellExecute

shlwapi

StrChrA
StrChrIA
StrChrW
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrRStrIW
StrStrIW
StrStrW
StrStrIA

msvcrt

_CIlog10
_Strftime
__RTDynamicCast
__crtCompareStringA
__p__amblksiz
__p__mbcasemap
__p__osver
__p__wcmdln
__p__winmajor
__wargv
_abnormal_termination
_adj_fdivr_m16i
_chgsign
_copysign
_execv
_execvpe
_fileno
_fpieee_flt
_gmtime64
_inp
_ismbbkprint
_ismbblead
_logb
_longjmpex
_lrotr
_mbcjmstojis
_mktime64
_safe_fdivr
_seterrormode
_tell
_telli64
_ui64tow
_wcsncoll
_wexeclp
_wgetcwd
_winver
_wspawnvpe
_wstat
_wstati64
exp
fputs
ispunct
log
malloc
mblen
memcmp
memcpy
srand
strtoul
tmpnam
towupper
wcsncat
wcsrchr
wcsspn
wcstok
wscanf

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b6cd2e62c880d3299146d4911ef6442

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 3KB

.rdata4 Size: 1024B - Virtual size: 1000B

.rdata3 Size: 1024B - Virtual size: 1000B

.rdata2 Size: 1024B - Virtual size: 1000B

.rdata Size: 1024B - Virtual size: 1000B

.rsrc Size: 19KB - Virtual size: 56KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 3KB

.rdata4
Size: 1024B - Virtual size: 1000B

.rdata3
Size: 1024B - Virtual size: 1000B

.rdata2
Size: 1024B - Virtual size: 1000B

.rdata
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 19KB - Virtual size: 56KB