330fdfa5b2e54d63cb1e6469108480cd19b3e7189816c41083dd43fda3921079

Sharing

Copy URL Twitter E-mail

General

Target

330fdfa5b2e54d63cb1e6469108480cd19b3e7189816c41083dd43fda3921079
Size

103KB
MD5

7c3b8611ef85067cdb2193955470191e
SHA1

618c6640c34864b627dc678675f68b58474baa6c
SHA256

330fdfa5b2e54d63cb1e6469108480cd19b3e7189816c41083dd43fda3921079
SHA512

b79a1118f4043b8e57d35c0a7650995def08d52a87b9009bed70b8242229736a699bc54bad879d18930eaedfc70bf0998980aaaab64edab96774208db5060bd2
SSDEEP

3072:3WdkEDL2b4msHGzE/ginV3AwBkFdrimA4O7XDo/RK:mdkEDLo4msHFginV3AwBkFdrib4oXDop

Score

N/A

Malware Config

Signatures

Files

330fdfa5b2e54d63cb1e6469108480cd19b3e7189816c41083dd43fda3921079
.exe windows x86

dcebe6ad393b79849304819cefd0b758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAlloc
VirtualAllocEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetFileAttributesW
SetFileTime
GetFileTime
CreateFileW
GetWindowsDirectoryW
ExitProcess
GetShortPathNameW
GetFileAttributesW
CreateDirectoryW
GetLocalTime
WriteFile
SetFilePointer
GlobalUnlock
GlobalLock
WaitForMultipleObjects
GetFileSize
GetFullPathNameW
SetCurrentDirectoryW
VirtualQuery
GetCommandLineW
GetLastError
CreateMutexW
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalFree
GlobalAlloc
LocalAlloc
LoadLibraryA
VirtualFreeEx
Module32FirstW
ReadProcessMemory
OpenProcess
GetVersion
IsDebuggerPresent
CheckRemoteDebuggerPresent
IsBadReadPtr
WideCharToMultiByte
VirtualQueryEx
GetSystemInfo
MultiByteToWideChar
WinExec
GetModuleFileNameA
ResumeThread
SetPriorityClass
TerminateProcess
MoveFileExW
ExpandEnvironmentStringsW
ReadFile
UnhandledExceptionFilter
GetStartupInfoA
GetModuleHandleA
SuspendThread
VirtualProtect
OpenThread
FlushInstructionCache
Thread32Next
HeapCreate
Thread32First
HeapFree
HeapAlloc
SetThreadContext
HeapReAlloc
GetThreadContext
VirtualFree
GetVersionExW
GetEnvironmentVariableW
CreateProcessW
CreateEventW
GetModuleFileNameW
CopyFileW
DeleteFileW
lstrcmpW
lstrcmpiW
GetLogicalDrives
SetErrorMode
lstrlenW
GetDriveTypeW
FindFirstFileW
lstrcatW
GetProcAddress
FindNextFileW
FindClose
GetCurrentThreadId
DeleteFileA
LoadLibraryW
FreeLibrary
OutputDebugStringA
WaitForSingleObject
CloseHandle
GetTickCount
Sleep
ExitThread
GetCurrentProcess
GetProcessId
GetCurrentProcessId
GetModuleHandleW
Module32NextW
RtlUnwind

user32

CreateWindowExW
RegisterClassW
LoadCursorW
ReleaseDC
DrawIcon
GetIconInfo
GetCursorInfo
GetCursorPos
wvsprintfA
GetKeyboardLayout
GetMessageW
GetKeyNameTextW
MapVirtualKeyW
GetAsyncKeyState
DefWindowProcW
ChangeClipboardChain
PostMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardViewer
DispatchMessageW
GetSystemMetrics
wsprintfA
MessageBoxW
TranslateMessage
GetKeyboardState
ToUnicodeEx
GetKeyState
GetForegroundWindow
GetWindowTextW
CharLowerBuffW
wsprintfW
GetWindowThreadProcessId

advapi32

RegEnumValueW
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
InitializeAcl
SetSecurityInfo
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
AdjustTokenPrivileges

gdi32

CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
CreateDCW
CreateCompatibleDC
GetDIBits
GetObjectW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord680
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantClear

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
_wtoi
toupper
wcsncmp
wcstok
_endthread
_wcsupr
_wcslwr
wcsstr
strlen
memcpy
sscanf
_endthreadex
clock
sprintf
atoi
memset
rand
_beginthreadex
_vsnprintf
getenv
wcscpy
_wcsicmp
wcscat
wcslen
strncpy
strcpy
wcscmp
_wgetenv
strcat
strtok
tolower

ntdll

RtlAdjustPrivilege
RtlImageNtHeader
NtOpenProcess
RtlCreateUserThread

urlmon

URLDownloadToFileA

ws2_32

setsockopt
WSAStartup
inet_addr
getpeername
gethostbyaddr
inet_ntoa
GetAddrInfoW
getaddrinfo
recv
htons
gethostbyname
socket
connect
send
closesocket
WSASend
sendto

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetConnectW
InternetQueryOptionA
InternetWriteFile
HttpSendRequestW
InternetReadFile
InternetCloseHandle

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
StrStrW
StrStrIW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

mpr

WNetAddConnection2W
WNetCancelConnectionW

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW
CryptBinaryToStringA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcebe6ad393b79849304819cefd0b758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shell32

ole32

oleaut32

msvcrt

ntdll

urlmon

ws2_32

wininet

shlwapi

psapi

mpr

crypt32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 1024B - Virtual size: 135KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 1024B - Virtual size: 135KB

.reloc
Size: 4KB - Virtual size: 3KB