140895c2acece6cce9dfb0c8f32b79ce4df14f4e18086a982add008bc051ee37

Sharing

Copy URL Twitter E-mail

General

Target

140895c2acece6cce9dfb0c8f32b79ce4df14f4e18086a982add008bc051ee37
Size

743KB
MD5

93df26d1898ec66f87baf62090d309d0
SHA1

d5bd4daa88c4f94ef48d4dd2ce99978f25b74d01
SHA256

140895c2acece6cce9dfb0c8f32b79ce4df14f4e18086a982add008bc051ee37
SHA512

c47e94703c2b4b63f052b76b87c1b7c7e929e759c0620e7193b9163005266cd2142c8783e04a4eb8aa92f48ae40b97f2d71711b661aefdd788b2d436cad28b43
SSDEEP

12288:sR7KzH83DeUm5EOqUx9F0n3AT+tBLBVs:sR7KADZm5EOFb0Fv

Score

N/A

Malware Config

Signatures

Files

140895c2acece6cce9dfb0c8f32b79ce4df14f4e18086a982add008bc051ee37
.exe windows x86

cf3620239d0ee15db87db949629ac696

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
QueryServiceConfigW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegDeleteKeyW
GetSecurityInfo
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
IsValidSid
GetLengthSid
CopySid
EnumDependentServicesW
OpenThreadToken
SetThreadToken
RegEnumKeyExW
RegConnectRegistryW
StartServiceW
ControlService
RegQueryValueW
RegEnumKeyW
RegOpenKeyW

kernel32

OpenFileMappingW
GetCurrentDirectoryW
GetDriveTypeW
SetFileAttributesW
GetCurrentProcess
RemoveDirectoryW
lstrlenW
CopyFileW
GetWindowsDirectoryW
FormatMessageW
DeleteFileW
FindNextFileW
CreateFileW
WriteFile
FindClose
GetLastError
SetCurrentDirectoryW
CreateDirectoryW
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetDriveTypeA
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
MapViewOfFile
CreateMutexW
CreateEventW
FindFirstFileW
GetModuleFileNameW
GetCurrentProcessId
Sleep
GetExitCodeProcess
CreateProcessW
GetVersion
GetModuleHandleA
GetModuleHandleW
GetSystemDirectoryW
GetVersionExW
LocalAlloc
lstrcmpA
lstrlenA
LocalFree
GetTempPathW
OpenProcess
CloseHandle
UnmapViewOfFile
SetEvent
WaitForSingleObject
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
LoadLibraryExW
GetProcAddress
FreeLibrary
ReleaseMutex
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
InterlockedDecrement
GlobalDeleteAtom
lstrcmpW
InterlockedExchange
CompareStringA
LoadLibraryW
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomW
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileW
GetThreadLocale
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetFileTime
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
WritePrivateProfileStringW
GlobalFlags
CompareStringW
GetVersionExA
LoadLibraryA
GlobalFindAtomW
InterlockedCompareExchange
GetTickCount
GetComputerNameW
FindResourceExW
GetUserDefaultLangID
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
TerminateProcess
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
SetStdHandle
GetFileType
ExitProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate

user32

DestroyMenu
EnumWindows
UnregisterClassA
ExitWindowsEx
MessageBoxIndirectW
MessageBoxW
LoadStringW
wsprintfW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
GetSystemMetrics
CharUpperW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
SetWindowTextW
GetWindowTextW
PtInRect
GetClassNameW
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetCapture
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
CallWindowProcW
DefWindowProcW
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
WinHelpW
LoadIconW
RegisterWindowMessageW
ShowWindow

netapi32

NetShareEnum
NetShareAdd
NetApiBufferFree
NetShareDel

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

ws2_32

inet_ntoa
WSASocketW
bind
closesocket
WSAStartup
WSACleanup
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
WSAGetLastError
gethostbyname
inet_addr

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

ole32

OleRun
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SafeArrayGetElement
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
GetErrorInfo

oleacc

LresultFromObject
CreateStdAccessibleObject

userenv

UnloadUserProfile

gdi32

GetDeviceCaps
CreateBitmap
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
GetStockObject
DeleteDC
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetWindowExtEx

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf3620239d0ee15db87db949629ac696

Headers

File Characteristics

Imports

advapi32

kernel32

user32

netapi32

version

psapi

ws2_32

comdlg32

winspool.drv

shell32

shlwapi

ole32

oleaut32

oleacc

userenv

gdi32

Sections

.text Size: 528KB - Virtual size: 528KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 204KB - Virtual size: 204KB

.text
Size: 528KB - Virtual size: 528KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 204KB - Virtual size: 204KB