ebd3ab81f225ad7f8863f0affd6208baffa903e2b3e1679cf8f19ba29563c04c

Sharing

Copy URL Twitter E-mail

General

Target

ebd3ab81f225ad7f8863f0affd6208baffa903e2b3e1679cf8f19ba29563c04c
Size

404KB
MD5

415ba401d7cdfdd371888bbb7681142f
SHA1

fbce7b6f7aec1c40caa87f97d477a3822000db68
SHA256

ebd3ab81f225ad7f8863f0affd6208baffa903e2b3e1679cf8f19ba29563c04c
SHA512

dd74f481d2bf2a6028de88123fff19f4d2c1512c84b016afee8c0e021036859e2a5166e44488484928f828f5a5ced6478cd7ed9fff7775ec34bbad6b3e699287
SSDEEP

6144:j7pB1uDRK7hrNO4/KxA9SNqojefy7MIR/ctotCpzzqqCy:j7pBioTKa9cqpfy4yEXCy

Score

N/A

Malware Config

Signatures

Files

ebd3ab81f225ad7f8863f0affd6208baffa903e2b3e1679cf8f19ba29563c04c
.exe windows x86

f6d9c5f5a4d9e5890e58eddbd8bed2cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
lstrcmpiA
lstrlenW
LocalFree
GetSystemTime
MultiByteToWideChar
IsDBCSLeadByte
LeaveCriticalSection
RaiseException
EnterCriticalSection
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
CreateMutexA
GetCurrentThreadId
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
CreateEventA
CopyFileA
GetLocalTime
SetLocalTime
CreateFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
WaitForSingleObject
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
HeapReAlloc
HeapCreate
GetStdHandle
ExitProcess
HeapSize
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
GetFileAttributesA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetExitCodeProcess
CreateRemoteThread
DuplicateHandle
Process32Next
GetCurrentProcessId
OpenProcess
Process32First
CreateToolhelp32Snapshot
SetFileTime
GetFileTime
CreateDirectoryA
FreeLibrary
WideCharToMultiByte
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetPrivateProfileStringA
GetLastError
GetFileAttributesW
GetModuleHandleW
SetLastError
GetTempFileNameA
FindNextFileA
FindClose
FindFirstFileA
DeviceIoControl
GetModuleFileNameA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
Sleep
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetVersion
GetVersionExA
CloseHandle
WriteFile
CreateFileA
DeleteFileA
lstrlenA
InterlockedDecrement
GetEnvironmentStringsW

user32

GetDesktopWindow
GetWindowLongA
GetSysColor
FindWindowA
DispatchMessageA
TranslateMessage
PeekMessageA
wsprintfA
GetSystemMetrics
SetWindowPos
GetClientRect
UpdateWindow
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
GetClassNameA
GetFocus
LoadStringW
CharNextA
RegisterClassExA
LoadCursorA
GetWindow
GetParent
DefWindowProcA
SetWindowLongA
DestroyAcceleratorTable
ReleaseDC
ShowWindow
LoadIconA
LoadStringA
PostQuitMessage
UnregisterClassA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
BeginPaint
EndPaint
IsChild
SetFocus
GetDlgItem
SendMessageA
IsWindow
RedrawWindow
GetClassInfoExA
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcA
InvalidateRect
GetDC

gdi32

DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SelectObject
CreateFontA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
DeleteService
ControlService
QueryServiceStatus
ChangeServiceConfig2A
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
GetUserNameA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryInfoKeyW
StartServiceA
GetUserNameW
RegSetValueExA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA

ole32

CoGetClassObject
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoFreeUnusedLibraries
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringByteLen

wininet

InternetQueryDataAvailable
InternetOpenUrlA
DeleteUrlCacheEntry
InternetReadFile
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6d9c5f5a4d9e5890e58eddbd8bed2cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

urlmon

iphlpapi

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 22KB - Virtual size: 22KB