eea5ec8b335f3c7e19097154bca6fc2b4b4f23a52d0de43f138574e8d2743e32

Sharing

Copy URL

Twitter E-mail

General

Target

eea5ec8b335f3c7e19097154bca6fc2b4b4f23a52d0de43f138574e8d2743e32
Size

241KB
MD5

a3505ad89dab5befb18ea5d040edca83
SHA1

d64e0060214464decebc0abda33e15340d268c31
SHA256

eea5ec8b335f3c7e19097154bca6fc2b4b4f23a52d0de43f138574e8d2743e32
SHA512

91f18d1d498d2da6e39fd5a523c75ea7de800988798d20048b26f960b41010c7f8f8ed20889b61862e3c56a3bdd3de13bf49e9e37f924c1efd8e8ff162e473ed
SSDEEP

3072:6um4aCRhbG+e3mKO0t5grSNOeFeEganMxRcT9nUnnpu0i6pZ:VTbG+e2KtekOeFxnFT9e5pZ

Score

N/A

Malware Config

Signatures

Files

eea5ec8b335f3c7e19097154bca6fc2b4b4f23a52d0de43f138574e8d2743e32
.exe windows x86

2a765bb2aae096f3ca8394406e372f84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetLastError
CloseHandle
ReleaseMutex
CreateMutexW
InterlockedIncrement
InterlockedDecrement
lstrcpynW
CreateDirectoryW
GetEnvironmentVariableW
GetExitCodeProcess
WaitForSingleObject
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetPrivateProfileIntW
HeapCreate
HeapDestroy
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThreadId
SetLastError
TlsFree
LoadLibraryW
EnumResourceNamesW
FreeLibrary
WritePrivateProfileStringW
lstrcatW
WideCharToMultiByte
GetVersionExW
GetCurrentProcess
Sleep
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpiW
DeleteFileW
GetFileAttributesW
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindClose
lstrcmpW
FindFirstFileW
FindNextFileW
lstrlenW
lstrcpyW
GetModuleHandleW
VirtualFree

user32

EndDialog
GetDC
LoadImageW
ReleaseDC
WaitForInputIdle
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
LoadIconW
MessageBoxW
DialogBoxParamW
LoadMenuW
GetSubMenu
GetSystemMetrics
LoadStringW
EnumDisplayMonitors
BeginPaint
EndPaint
PostQuitMessage
InvalidateRect
UpdateWindow
ScreenToClient
SetDlgItemTextW
GetMonitorInfoW
FindWindowW
SendMessageW
IsWindow
SetWindowPos
KillTimer
SetTimer
GetCursorPos
GetWindowRect
PtInRect
PostMessageW
SetRect
DestroyIcon
CreateIconFromResourceEx
FillRect
DrawTextW
GetSysColor
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
DrawIconEx
DrawIcon

gdi32

GetTextExtentPoint32W
CreateSolidBrush
SetBkMode
SetTextColor
BitBlt
DeleteObject
CreateCompatibleDC
SelectObject
GetObjectW
CreateFontIndirectW

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

DragQueryPoint
ShellExecuteW
DragAcceptFiles
SHGetFileInfoW
ord727
DragFinish
ShellExecuteExW
SHAppBarMessage
SHGetSpecialFolderPathW
DragQueryFileW

ole32

CoCreateInstance
CoInitializeEx

shlwapi

SHDeleteKeyW

buffalotools

?SetWindowHandle@CDllMain@@QAEXPAUHWND__@@@Z
?UnHook@CDllMain@@QAE_NXZ
?Hook@CDllMain@@QAE_NXZ
??0CDllMain@@QAE@XZ
?SetScreenSize@CDllMain@@QAEXPAUtagRECT@@@Z
?AddHookType@CDllMain@@QAEXK@Z
??1CDllMain@@QAE@XZ

version

VerQueryValueW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a765bb2aae096f3ca8394406e372f84

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

buffalotools

version

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 152KB - Virtual size: 152KB