f89d1bac4669d779c2e6d1e4f26c806150571a28fcf405462ec5f780e542b9b8

Sharing

Copy URL Twitter E-mail

General

Target

f89d1bac4669d779c2e6d1e4f26c806150571a28fcf405462ec5f780e542b9b8
Size

660KB
MD5

a6f135eaa7eabde005ddc6a306f6e669
SHA1

c15f33a927f4b114e61e52b477a4dacf065afdc5
SHA256

f89d1bac4669d779c2e6d1e4f26c806150571a28fcf405462ec5f780e542b9b8
SHA512

7c183687dee55fdf9006af58573b7d65ceb992b5213eb2bc05e8d57a4e0c047484ac204608c482fd42c27c073482ee80fbf346172724ec843f6af1f585fa9755
SSDEEP

12288:kgnkttB0BAt9sXeDW5LkcNFvMqWw6zVA9fXjiRRIhi+6CD+uU:kgk3cAtyXrLkgF0qWx0GIk/o+B

Score

N/A

Malware Config

Signatures

Files

f89d1bac4669d779c2e6d1e4f26c806150571a28fcf405462ec5f780e542b9b8
.exe windows x86

af2971bb590dcc380c9b62629915d35a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
LookupPrivilegeDisplayNameA
RegSetValueExA
RegQueryInfoKeyW
CryptDestroyKey
InitiateSystemShutdownA
CryptEnumProvidersW
CryptHashSessionKey
StartServiceW
RegCloseKey
CryptSetKeyParam
CryptExportKey
RegDeleteValueA
LogonUserA
CryptGetHashParam
CryptEnumProviderTypesA
CryptSignHashA
RegLoadKeyA
CryptGetDefaultProviderW
CryptSignHashW
CryptGenKey
CryptSetHashParam
GetUserNameA
RegConnectRegistryW
LookupSecurityDescriptorPartsW

comctl32

InitCommonControlsEx

user32

EnumDisplaySettingsExA
IsCharUpperW
WINNLSGetIMEHotkey
GetDesktopWindow
RegisterClassExA
RegisterClassA
OemKeyScan
SetWindowPos

shell32

SHGetPathFromIDList
ExtractIconW
SHBrowseForFolderW

wininet

FtpOpenFileW
InternetOpenA
InternetShowSecurityInfoByURLA
DetectAutoProxyUrl
GopherFindFirstFileW

kernel32

ReadFile
CompareStringA
TlsSetValue
InterlockedIncrement
GetModuleFileNameW
GetStdHandle
FlushFileBuffers
HeapFree
HeapReAlloc
GetCommandLineA
OpenMutexA
InterlockedExchange
GetStringTypeW
FreeEnvironmentStringsA
CreateMutexA
MultiByteToWideChar
ExitProcess
LockResource
GetCurrentThreadId
GetCommandLineW
GetStartupInfoA
CompareStringW
TlsFree
GetProcAddress
SetStdHandle
VirtualFree
GetModuleFileNameA
GetTickCount
LCMapStringW
DeleteCriticalSection
WideCharToMultiByte
RtlUnwind
HeapCreate
CreateWaitableTimerA
IsBadWritePtr
GetModuleHandleA
GetFileType
WriteFile
GetLocalTime
GetEnvironmentStrings
VirtualQuery
GetVersion
GlobalDeleteAtom
SetLastError
GetCPInfo
TlsAlloc
HeapDestroy
TlsGetValue
FreeEnvironmentStringsW
TerminateProcess
SetEnvironmentVariableA
VirtualFreeEx
LCMapStringA
GetLastError
GetCurrentProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentThread
GetSystemTime
GetStringTypeA
FindResourceW
QueryPerformanceCounter
SetFilePointer
InterlockedDecrement
GetTimeZoneInformation
lstrcmpi
GetEnvironmentStringsW
HeapAlloc
GetCurrentProcessId
UnhandledExceptionFilter
LoadLibraryA
SetHandleCount
LeaveCriticalSection
VirtualAlloc
CloseHandle
InitializeCriticalSection
ExpandEnvironmentStringsA
EnterCriticalSection

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af2971bb590dcc380c9b62629915d35a

Headers

File Characteristics

Imports

advapi32

comctl32

user32

shell32

wininet

kernel32

Sections

.text Size: 287KB - Virtual size: 287KB

.rdata Size: 5KB - Virtual size: 23KB

.data Size: 359KB - Virtual size: 358KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 287KB - Virtual size: 287KB

.rdata
Size: 5KB - Virtual size: 23KB

.data
Size: 359KB - Virtual size: 358KB

.rsrc
Size: 8KB - Virtual size: 7KB