111870c677620bfa522a31e532b2d9c9c8679714e4da2697902d1d06810f75ea

Sharing

Copy URL

Twitter E-mail

General

Target

111870c677620bfa522a31e532b2d9c9c8679714e4da2697902d1d06810f75ea
Size

664KB
MD5

9140fff3605936dd9b3382d42cf3a3c0
SHA1

4271098c4dca4f18aeab0dc5408dd730e89f1858
SHA256

111870c677620bfa522a31e532b2d9c9c8679714e4da2697902d1d06810f75ea
SHA512

f1a7db99c7d68baf973b4b2b8a93656251530f220271f692e3e05c4a19a44ad84797209432637d3faed1d8e7bc1f2471bdc98c6289f73b82efd9255e30a2c43f
SSDEEP

12288:rDQNFEyqo3PlzYKXpdqUVTaRGisvrkEBuIlpj0g:rDQNqo3PlzNoUVTacbvrkCZkg

Score

N/A

Malware Config

Signatures

Files

111870c677620bfa522a31e532b2d9c9c8679714e4da2697902d1d06810f75ea
.exe windows x86

dc0ff02c162a0587740fee88a18c8433

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
SystemTimeToFileTime
GetSystemTime
GetWindowsDirectoryA
GetTickCount
SetEvent
OpenEventA
GetPrivateProfileStringA
GetCurrentProcess
GetVersionExA
GetShortPathNameA
GetSystemDirectoryA
WinExec
ReadFile
SetFileTime
SetFileAttributesA
LoadLibraryA
FindNextFileA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
GlobalUnlock
lstrcmpA
FindFirstFileA
GetModuleHandleA
GetVersion
CreateThread
lstrcpynA
Sleep
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
GetCurrentProcessId
CreateFileW
GetLocaleInfoA
LockResource
LoadResource
FindResourceA
FindClose
CreateEventA
QueryPerformanceFrequency
CreateFileA
CloseHandle
GetDiskFreeSpaceA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
MoveFileA
DeleteFileA
CopyFileA
GlobalAlloc
GlobalLock
lstrcpyA
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileSectionA
MoveFileExA
GetModuleFileNameA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
LCMapStringW
MapViewOfFile
UnmapViewOfFile
SearchPathA
VirtualProtect
VirtualQuery
InterlockedExchange
ResetEvent
QueryPerformanceCounter
GetCurrentThread
RtlUnwind
RaiseException
TlsSetValue
ExitThread
HeapAlloc
HeapFree
GetStartupInfoA
ExitProcess
TlsAlloc
TlsGetValue
FlushFileBuffers
SetStdHandle
GetOEMCP
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
GetFileType
GetCPInfo
LCMapStringA
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
CreateFileMappingA
SetUnhandledExceptionFilter
GetACP
GetEnvironmentStrings

user32

CreateDialogIndirectParamA
CharLowerBuffA
wsprintfA
GetDesktopWindow
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperA
ExitWindowsEx
DestroyWindow
LoadStringA
CharNextA
WaitForInputIdle
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetDlgItem
SendMessageA
SetDlgItemTextA
IsDialogMessageA

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
TranslateCharsetInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegConnectRegistryA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
OpenThreadToken
RegEnumKeyExA
RegEnumValueA
AllocateAndInitializeSid
RegQueryValueA
FreeSid
EqualSid
GetTokenInformation

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

OleLoadFromStream
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
CreateFileMoniker
CLSIDFromString
CoCreateGuid
CoRegisterClassObject
StringFromCLSID
CreateItemMoniker
GetRunningObjectTable
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ProgIDFromCLSID
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoRevokeClassObject

oleaut32

RegisterTypeLi
SysStringByteLen
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayPutElement
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLi
SysAllocStringLen
SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayGetDim
LoadTypeLi
SafeArrayCopy
SysAllocString
VariantClear
VariantCopyInd

msi

ord87
ord189
ord18
ord144
ord46
ord136
ord67
ord141
ord168
ord7
ord93
ord91
ord95
ord120
ord17
ord124
ord49
ord75
ord79
ord116
ord73
ord112
ord31
ord159
ord8
ord160
ord117
ord146
ord103
ord33

rpcrt4

RpcRaiseException
NdrConformantStringUnmarshall
RpcServerUseProtseqEpA
RpcServerUnregisterIf
RpcMgmtStopServerListening
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerFree
NdrServerInitializeNew
NdrConvert
I_RpcGetBuffer
RpcServerRegisterIf
RpcServerListen

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc0ff02c162a0587740fee88a18c8433

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

comctl32

version

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 36KB - Virtual size: 121KB

.rsrc Size: 76KB - Virtual size: 72KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 36KB - Virtual size: 121KB

.rsrc
Size: 76KB - Virtual size: 72KB

.rmnet
Size: 60KB - Virtual size: 60KB