42c1d43123de2ea99212f34a47ab6a7727c5b51a5fb23a8ea537af1d89e61530

Sharing

Copy URL Twitter E-mail

General

Target

42c1d43123de2ea99212f34a47ab6a7727c5b51a5fb23a8ea537af1d89e61530
Size

245KB
MD5

a0eb21f25b01bab41aba5cf6c3a87d20
SHA1

6a687c584deca7f00f9884c4b87b5133fe4d6d30
SHA256

42c1d43123de2ea99212f34a47ab6a7727c5b51a5fb23a8ea537af1d89e61530
SHA512

ad4db54545777ff1f2d5ca0833f9e28d0aa83a20fa941593d373cbb012f3fc2597eb37ce99bc65639cda3b3733a28ac80bc33b386167e6d31440c81ff818423b
SSDEEP

6144:8i4ifIs9Gu8dEhQc+LeCQiEEiEEsfByAwZZS4onQF6ymgn+uy/87:r4i/8+hQJKXIB7GjF6ymgA

Score

N/A

Malware Config

Signatures

Files

42c1d43123de2ea99212f34a47ab6a7727c5b51a5fb23a8ea537af1d89e61530
.exe windows x86

4fb43a22f626584729472c8918c40c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW

kernel32

InterlockedIncrement
InterlockedDecrement
GetLastError
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
SetEvent
GetCurrentProcessId
WaitForSingleObject
TerminateThread
CloseHandle
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
SearchPathW
CreateTimerQueueTimer
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
CreateEventW
CreateThread
WaitForMultipleObjects
GetSystemWindowsDirectoryW
GetCommandLineW
SetLastError
GetCurrentThreadId
DeleteCriticalSection
Sleep
TlsAlloc
TlsFree
SystemTimeToFileTime
GetSystemTime
LocalFree
LocalAlloc
GetFileSize
ReadFile
WriteFile
GetFileAttributesW
CreateFileW
SetFilePointer
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
VirtualAlloc
VirtualFree
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetCurrentProcess

user32

CharNextW
SendMessageW
PostThreadMessageW
AllowSetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
SetWindowLongW
GetClassInfoExW
LoadCursorW
DestroyWindow
RegisterClassExW
CreateWindowExW
PostQuitMessage
LoadStringW
GetMenuItemInfoW
TrackPopupMenuEx
SetForegroundWindow
GetCursorPos
LoadIconW
RemoveMenu
GetMenuItemCount
DestroyMenu
EndMenu
EnableMenuItem
DefWindowProcW
GetWindowLongW
CallWindowProcW
InsertMenuItemW
CreatePopupMenu
UnregisterClassW
UnregisterClassA

msvcrt

_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wcslwr
__setusermatherr
_errno
__CxxFrameHandler
_vsnwprintf
_resetstkoflw
_wcsicmp
_purecall
calloc
memset
_CxxThrowException
free
malloc
??_U@YAPAXI@Z
??2@YAPAXI@Z
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UAE@XZ
realloc
_unlock
__dllonexit
_lock
_onexit
memcpy
memmove
_controlfp
towlower
_wtol
toupper
??_V@YAXPAX@Z
??3@YAXPAX@Z
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoResumeClassObjects
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SafeArrayLock
SafeArrayUnlock
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
VarBstrCmp
SafeArrayCreate
SafeArrayDestroy
SysAllocString
SafeArrayRedim
VarUI4FromStr
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen

shell32

Shell_NotifyIconW
ShellExecuteW

crypt32

CertGetCertificateChain
CertFindExtension
CryptDecodeObject
CryptProtectData
CryptBinaryToStringW
CryptVerifyDetachedMessageSignature
CertCloseStore
CryptSignMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CertOpenStore
CryptMsgClose
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptStringToBinaryW

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ymprlfw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4fb43a22f626584729472c8918c40c27

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shell32

crypt32

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 38KB - Virtual size: 39KB

ymprlfw Size: - Virtual size: 4KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 38KB - Virtual size: 39KB

ymprlfw
Size: - Virtual size: 4KB