ac130e7bfd94793672b7bf074e390b25c99e4e9e1aa947d551e921cdd702cb40

Sharing

Copy URL Twitter E-mail

General

Target

ac130e7bfd94793672b7bf074e390b25c99e4e9e1aa947d551e921cdd702cb40
Size

1.2MB
MD5

83c3deedf9d413107e5d1344d49ae173
SHA1

c32fd69d0119f7036df347beb06bbab1d39e5866
SHA256

ac130e7bfd94793672b7bf074e390b25c99e4e9e1aa947d551e921cdd702cb40
SHA512

ad0c67070cfea74573890064a1adf337c25cad70936a1663fc632370bc983e2127d79c74d400062066c67de274b2f1b2d53ded444bd03722d1081ab53b87c4ad
SSDEEP

24576:QpulwY4EyFTYfS1LBKq0oR2TmRzC3tmZ:QpgJujNKO2TmRzCdmZ

Score

N/A

Malware Config

Signatures

Files

ac130e7bfd94793672b7bf074e390b25c99e4e9e1aa947d551e921cdd702cb40
.exe windows x86

1b843ec8913e6ebee1bf987c26c297af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
lstrcpynA
OutputDebugStringA
GetEnvironmentVariableA
FindFirstFileA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetPrivateProfileStringW
GetVersion
Beep
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
FreeLibrary
LoadLibraryA
GetProcAddress
GetShortPathNameW
TerminateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
RtlUnwind
RaiseException
GetStartupInfoW
HeapAlloc
GetModuleHandleW
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FormatMessageA
LocalFree
GetFileAttributesA
GetFileAttributesW
CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
InterlockedCompareExchange
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
GetStringTypeA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
FindClose
FindNextFileW
CopyFileW
FindFirstFileW
InterlockedIncrement
InterlockedDecrement
CloseHandle
WriteFile
GetLastError
CreateFileW
GetCurrentThreadId
SetLastError
lstrcpynW
GetModuleFileNameW
InterlockedExchange
OutputDebugStringW
WritePrivateProfileStringW
CreateDirectoryW
DeleteFileW
SetThreadPriority
CreateThread
Sleep
ExitProcess
IsValidLocale
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteConsoleA
WaitForMultipleObjects
SetNamedPipeHandleState
ResetEvent
TransactNamedPipe
WaitNamedPipeW
SetEvent
CreateSemaphoreW
ReleaseSemaphore
LoadLibraryW
WaitForSingleObject
RtlCaptureContext
GetSystemTime
GetConsoleOutputCP
GetModuleHandleA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
TlsFree

user32

CallNextHookEx
MessageBoxW
UnregisterClassW
SetTimer
GetSystemMetrics
CharLowerW
KillTimer
DialogBoxIndirectParamW
CreateWindowExA
FindWindowW
SetCapture
InvalidateRect
WindowFromPoint
GetCursorPos
TrackMouseEvent
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetDlgItem
GetWindowRect
ScreenToClient
SetWindowPos
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfW
LoadStringW
LoadAcceleratorsW
LoadStringA
ReleaseCapture
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ReleaseDC
UpdateLayeredWindow
GetDC
SetWindowRgn
GetWindowRgn
GetParent
SetActiveWindow
IsWindowVisible
CallWindowProcW
EnumWindows
GetWindowTextW
GetClassNameW
SetFocus
SetForegroundWindow
ShowWindow
SendMessageW
GetWindowPlacement
VkKeyScanW
SetKeyboardState
GetKeyboardState
GetKeyState
SendInput
MapVirtualKeyW
PeekMessageW
keybd_event
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
DialogBoxParamW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW

gdi32

CreateSolidBrush
SetBkColor
SetTextColor
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
OffsetRgn
GetRgnBox
DeleteObject
CreateRectRgn
CreateFontA

advapi32

RegSetValueExW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteA
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathA

ole32

CoInitializeEx
CoInitialize

sqlite3

sqlite3_bind_int
sqlite3_column_text16
sqlite3_column_int
sqlite3_step
sqlite3_prepare16_v2
sqlite3_finalize
sqlite3_open
sqlite3_bind_parameter_index
sqlite3_close

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDeleteGraphics
GdipDrawImageRectRect
GdipGetImageHeight
GdipGetImageWidth
GdipDrawString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageRectI
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusStartup

wininet

InternetCrackUrlW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetOpenW
HttpAddRequestHeadersW
InternetSetOptionW
InternetQueryDataAvailable
HttpQueryInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

?OnRegisterSearchService@@YAXXZ

Sections

.text
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 428KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b843ec8913e6ebee1bf987c26c297af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

sqlite3

gdiplus

wininet

version

Exports

Exports

Sections

.text Size: 805KB - Virtual size: 805KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 52KB - Virtual size: 465KB

.rsrc Size: 30KB - Virtual size: 29KB

.vmp0 Size: 164KB - Virtual size: 428KB

.text
Size: 805KB - Virtual size: 805KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 52KB - Virtual size: 465KB

.rsrc
Size: 30KB - Virtual size: 29KB

.vmp0
Size: 164KB - Virtual size: 428KB