a1aecaa21193c3c37b59d4fa6a6651d39acccf804e4d68c1b81c553a67434fc3

Sharing

Copy URL Twitter E-mail

General

Target

a1aecaa21193c3c37b59d4fa6a6651d39acccf804e4d68c1b81c553a67434fc3
Size

2.9MB
MD5

b2ddf4a547b80087439b8a01c5d9719b
SHA1

9777127f9488a938091957f01db5cf786217eb10
SHA256

a1aecaa21193c3c37b59d4fa6a6651d39acccf804e4d68c1b81c553a67434fc3
SHA512

7ab2f6c1e99a60d0eb67a7983e5dbf99c8280265c0982ad485bdf817acece1b2e266b51b4da220bf42ae5393d5079da4760ba1fb33c69a43faec7eada0ed44f4
SSDEEP

49152:jc7KvkYBe4g1WCtIHtDs+PrCRMJxmPFOTwQSKMhfvRtwt4Vu1HNqkIh7iFX4p4bx:YOe4g9tgrCRMjmtOTwQKc8uIh7+op6

Score

N/A

Malware Config

Signatures

Files

a1aecaa21193c3c37b59d4fa6a6651d39acccf804e4d68c1b81c553a67434fc3
.exe windows x86

2919e8b15a0a6b87952deb2183665777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW

kernel32

GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
VerifyVersionInfoW
FindClose
LockResource
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
OutputDebugStringA
CreateProcessW
GetLogicalDriveStringsW
SetHandleInformation
WaitForSingleObject
OpenProcess
GetExitCodeProcess
TerminateProcess
ReadFile
GetStdHandle
Process32FirstW
QueryDosDeviceW
CreatePipe
Process32NextW
CreateToolhelp32Snapshot
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetFilePointer
SystemTimeToFileTime
WriteFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetTickCount
FileTimeToSystemTime
CreateFileMappingW
GetFileInformationByHandle
GetComputerNameW
LocalFree
GetVolumeInformationW
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
GetVersionExW
TryEnterCriticalSection
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
SetEnvironmentVariableA
DeleteFileA
PeekNamedPipe
FileTimeToLocalFileTime
WriteConsoleW
SetStdHandle
SizeofResource
WideCharToMultiByte
GetSystemDirectoryW
CreateDirectoryW
GetCurrentProcess
VerSetConditionMask
LoadResource
GetNativeSystemInfo
FindFirstFileW
FindResourceA
GetTempFileNameW
GetCommandLineW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
Sleep
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
ReadConsoleW
HeapCompact
AreFileApisANSI
GetConsoleMode
SetFilePointerEx
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
EncodePointer
GetStringTypeW
ExitProcess
GetModuleHandleExW
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
LoadLibraryExW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

advapi32

GetTokenInformation
CryptDestroyKey
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidA
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
HttpQueryInfoA
InternetConnectA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2919e8b15a0a6b87952deb2183665777

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

advapi32

shell32

ole32

iphlpapi

rpcrt4

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 22KB - Virtual size: 50KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 67KB - Virtual size: 66KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 22KB - Virtual size: 50KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 67KB - Virtual size: 66KB