29789f90abf064120d0c3d5725dee1868bab372c848b1d75187ed88a3eb9faa2

Sharing

Copy URL Twitter E-mail

General

Target

29789f90abf064120d0c3d5725dee1868bab372c848b1d75187ed88a3eb9faa2
Size

991KB
MD5

a0e741ac6eb01107f41e56c47f029210
SHA1

83a5592890d9907e83e0aa49244ffc32040af149
SHA256

29789f90abf064120d0c3d5725dee1868bab372c848b1d75187ed88a3eb9faa2
SHA512

84d308f13b5c38034e9de6c5cc9b96e59e9274a6b92dc86c943bac5e39cc37a27ac51c882525af024cb6c8345c38957adc928cb66c72d5ee39079ee4b5b55129
SSDEEP

24576:yqj5CuWAizKx+12Vp8IVJNvLoHojF9mZ9r/Evn:vwuWAiex1VpZJonZ1U

Score

N/A

Malware Config

Signatures

Files

29789f90abf064120d0c3d5725dee1868bab372c848b1d75187ed88a3eb9faa2
.exe windows x86

9a9b5e79b9b49a5d7f5b45bdb7956904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

SetupDiOpenDeviceInfoA
SetupDiRemoveDevice
SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiDeleteDevRegKey

kernel32

EnumResourceLanguagesA
MultiByteToWideChar
GetFileAttributesA
GetFullPathNameA
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetTickCount
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
LoadLibraryA
FreeLibrary
GetCurrentProcess
GetProcAddress
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
ExpandEnvironmentStringsA
PulseEvent
OpenEventA
ReleaseMutex
OpenMutexA
CreateMutexA
GetExitCodeThread
ResumeThread
CreateThread
GetUserDefaultLangID
GetSystemInfo
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
CopyFileA
CreateDirectoryA
lstrcatA
FlushFileBuffers
GetDiskFreeSpaceA
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
QueryDosDeviceA
lstrcmpiA
GetPrivateProfileSectionA
GetFileTime
CompareFileTime
WritePrivateProfileStringA
lstrcmpA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
WaitForMultipleObjectsEx
EnumSystemLocalesA
GetConsoleMode
GetConsoleCP
DeleteFileA
MoveFileA
GetLogicalDrives
GetDriveTypeA
LocalAlloc
GetSystemDefaultLCID
GetUserDefaultLCID
GetVersionExA
GetSystemDirectoryA
GetShortPathNameA
GetEnvironmentVariableA
GetTempPathA
GetLocaleInfoA
GetSystemDefaultLangID
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
CreateFileA
lstrcpyA
GetCurrentThread
SetThreadPriority
Sleep
FormatMessageA
LocalFree
SetLastError
GetCommandLineA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetEvent
CloseHandle
CreateEventA
ResetEvent
GetPrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProfileStringA
WriteProfileStringA
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
VirtualFree
InterlockedExchange
CompareStringA
WideCharToMultiByte
FreeEnvironmentStringsW
ConvertDefaultLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SuspendThread
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
lstrlenW
GlobalSize
GlobalFlags
GetModuleFileNameW
InterlockedDecrement
GetPrivateProfileIntA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
LocalUnlock
LocalLock
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileSizeEx
GetStringTypeExA
GetThreadLocale
ReadFile
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetCPInfo
GetOEMCP
GetAtomNameA
GetModuleHandleW
SetErrorMode
GetTempFileNameA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapDestroy
GetEnvironmentStringsW
SetHandleCount
HeapCreate

user32

PtInRect
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetClientRect
UpdateWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
MoveWindow
ShowWindow
ScrollWindowEx
InflateRect
DeleteMenu
IsClipboardFormatAvailable
MessageBeep
SetRect
GetTabbedTextExtentA
InvalidateRect
CharUpperA
GetSysColorBrush
LoadCursorA
DestroyIcon
GetMenuItemInfoA
DestroyMenu
UnregisterClassA
SetRectEmpty
SetWindowPlacement
GetNextDlgTabItem
CreateDialogIndirectParamA
TranslateAcceleratorA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetTimer
KillTimer
WindowFromPoint
GetDialogBaseUnits
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
RegisterWindowMessageA
SendMessageA
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
ReleaseDC
SetWindowLongA
GetDC
GetWindowLongA
SetWindowPos
IsWindow
FindWindowA
GetSystemMetrics
SetWindowTextA
GetWindowThreadProcessId
EnumWindows
PostQuitMessage
MsgWaitForMultipleObjects
WaitForInputIdle
MessageBoxA
MessageBoxExA
LoadStringA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetLastActivePopup
EndDialog
IsWindowEnabled

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
PlayMetaFileRecord
BitBlt
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CopyMetaFileA
CreateDCA
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
StartDocA
PatBlt
DPtoLP
GetTextMetricsA
GetCharWidthA
GetTextExtentPoint32A
StartPage
EndPage
GetWindowExtEx
GetViewportExtEx
GetObjectA
SaveDC
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetAbortProc
AbortDoc
EndDoc
CreateFontA
StretchDIBits
GetBkColor
GetMapMode
GetPixel
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
GetObjectType
GetLayout
SetLayout
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap

winspool.drv

AddMonitorA
EnumMonitorsA
EnumPortsA
EnumPrintersA
GetPrinterDriverA
DeletePrinter
OpenPrinterA
EnumPrinterDriversA
ClosePrinter
GetPrinterDriverDirectoryA
GetPrinterA
GetJobA
DocumentPropertiesA
SetPrinterA
EndPagePrinter
EndDocPrinter
StartPagePrinter
StartDocPrinterA

advapi32

RegCloseKey
SetFileSecurityA
RegSetValueA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
CreateProcessAsUserA
CloseServiceHandle
QueryServiceStatus
StartServiceA
OpenServiceA
OpenSCManagerA
ControlService
QueryServiceConfigA
FreeSid
LookupAccountSidA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA
RegCreateKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA

ole32

CoInitializeEx
CoUninitialize
CLSIDFromString
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
StringFromGUID2

oleaut32

VarBstrFromDate
OleLoadPicturePath
OleLoadPicture
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
SafeArrayGetLBound

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
UrlUnescapeA
PathRemoveFileSpecW

wininet

InternetSetCookieA
InternetGetCookieA
InternetQueryDataAvailable
InternetSetOptionExA
FtpRenameFileA
FtpCreateDirectoryA
InternetOpenA
InternetQueryOptionA
InternetCrackUrlA
FtpDeleteFileA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetCloseHandle
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetSetStatusCallback

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

comdlg32

GetFileTitleA

Sections

.text
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 39KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a9b5e79b9b49a5d7f5b45bdb7956904

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

version

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

shlwapi

wininet

oleacc

comdlg32

Sections

.text Size: 653KB - Virtual size: 653KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 39KB - Virtual size: 120KB

.rsrc Size: 41KB - Virtual size: 41KB

.1rdata Size: 76KB - Virtual size: 76KB

.text
Size: 653KB - Virtual size: 653KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 39KB - Virtual size: 120KB

.rsrc
Size: 41KB - Virtual size: 41KB

.1rdata
Size: 76KB - Virtual size: 76KB