63bb6057f6022ae98e653679b6516f7d030b2957fd970611db25c48803f4a297

Sharing

Copy URL Twitter E-mail

General

Target

63bb6057f6022ae98e653679b6516f7d030b2957fd970611db25c48803f4a297
Size

894KB
MD5

83ea1a1e92bf938462f6937949bcae30
SHA1

c90ebef849361105f19b503451ec470b607cb0f7
SHA256

63bb6057f6022ae98e653679b6516f7d030b2957fd970611db25c48803f4a297
SHA512

c45522f3222679359c0874dc9d92fad3e988315c8074f4146a01d9ece4835156d7e73db3148ea308acfb4fbe2f500d40ae0f1e57afaf00929c497d073aa2d40c
SSDEEP

24576:OzHRtBrgOh/bMwzo41gv2Ip5mk3sHe04+N:ETsOhY+KvP5R3s+04w

Score

N/A

Malware Config

Signatures

Files

63bb6057f6022ae98e653679b6516f7d030b2957fd970611db25c48803f4a297
.exe windows x86

0f678e276a95dbfba30e8538fb164d2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
SwitchToFiber
QueueUserWorkItem
GetFileSize
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
GetTempPathW
FindClose
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetSystemDirectoryW
CreateFiber
GetPrivateProfileStringA
GetModuleHandleA
OpenProcess
WriteFile
VirtualFree
WaitForSingleObject
CreateDirectoryW
MoveFileExW
FreeResource
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
DeviceIoControl
LockResource
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
RaiseException
FlushInstructionCache
lstrlenW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
ReadFile
TerminateProcess
WideCharToMultiByte
GetPrivateProfileStringW
lstrlenA
lstrcmpiA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
CreateEventW
GetTickCount
SetEvent
CreateThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetLongPathNameW
GetStartupInfoW
CreateProcessW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
ExpandEnvironmentStringsW
DeleteFileW
GetVersion
MoveFileW
VirtualAlloc
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
LeaveCriticalSection
SizeofResource
Sleep
LoadLibraryW
InitializeCriticalSection
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
lstrcmpA
TerminateThread
GetLocalTime
HeapCreate
LCMapStringW
GetFileAttributesExW
LCMapStringA
GetCPInfo
RtlUnwind
MoveFileA
IsDebuggerPresent
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
SetFilePointer
CreateMutexW
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetFileSizeEx
SetFilePointerEx

user32

PostQuitMessage
GetAncestor
GetForegroundWindow
wsprintfW
ExitWindowsEx
FindWindowW
WindowFromPoint
GetWindowInfo
PostMessageW
GetWindowRect
UnregisterClassA
DispatchMessageW
DefWindowProcW
CallWindowProcW
GetSystemMetrics
MessageBoxW
CreateWindowExW
GetActiveWindow
ShowWindow
SetWindowLongW
PeekMessageW
GetWindowLongW
RegisterClassExW
TranslateMessage
GetClassInfoExW
BeginPaint
GetClientRect
LoadCursorW
DialogBoxParamW
CharNextW
GetMessageW
DestroyWindow
EndPaint
GetWindow
GetWindowThreadProcessId
IsWindow
EnableWindow
MonitorFromWindow
EndDialog
RedrawWindow
AdjustWindowRectEx
MapWindowPoints
SetWindowTextW
GetWindowRgn
MoveWindow
ClientToScreen
MonitorFromPoint
TrackPopupMenu
GetSubMenu
SetFocus
LoadMenuW
GetCursorPos
DestroyMenu
GetMonitorInfoW
CheckMenuItem
PtInRect
EqualRect
CopyRect
SendMessageW
RegisterWindowMessageW
SetCursor
GetParent
IsWindowEnabled
InvalidateRect
IsWindowVisible
GetWindowTextW
FindWindowExW
SetTimer
DrawTextW
KillTimer
SetRect
SystemParametersInfoW
GetDlgItem
RegisterDeviceNotificationW
SetWindowPos
GetDesktopWindow

gdi32

GetStockObject
CreateDIBSection
PtInRegion
CreateRectRgn
SetWindowOrgEx
LPtoDP
DPtoLP
GetClipBox
GetTextExtentPoint32W
SetTextColor
SetBkColor
SetBkMode
ExtTextOutW
GetObjectW
BitBlt
SetViewportOrgEx
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW

advapi32

OpenServiceW
RegEnumKeyExA
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
CloseServiceHandle
OpenSCManagerW
RegQueryValueExA
QueryServiceStatusEx
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDecrypt
RegOpenKeyExA

shell32

ShellExecuteW
ord680
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CreateBindCtx
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

SHSetValueA
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathCombineW
PathFindFileNameW
StrCmpIW
PathAppendW
PathIsDirectoryW
SHGetValueA
SHSetValueW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCreateBitmapFromFile
GdipLoadImageFromStream
GdipCloneImage
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCreateBitmapFromStream
GdipAlloc

urlmon

RegisterBindStatusCallback
CreateURLMoniker

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_Sibling
CM_Get_Child
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Device_IDW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

netapi32

Netbios

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 43KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f678e276a95dbfba30e8538fb164d2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

urlmon

version

psapi

setupapi

netapi32

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 43KB - Virtual size: 63KB

.rsrc Size: 357KB - Virtual size: 357KB

.reloc Size: 93KB - Virtual size: 96KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 43KB - Virtual size: 63KB

.rsrc
Size: 357KB - Virtual size: 357KB

.reloc
Size: 93KB - Virtual size: 96KB