dc9001155405406bf381d2e320a40a1f16397de795f9e5159fbf389a4a4d0dff

Sharing

Copy URL Twitter E-mail

General

Target

dc9001155405406bf381d2e320a40a1f16397de795f9e5159fbf389a4a4d0dff
Size

1.0MB
MD5

83e90840c4b4177b438c7ef082a07228
SHA1

4897454ee015fc66d772c2f6cf6e66f832a1231a
SHA256

dc9001155405406bf381d2e320a40a1f16397de795f9e5159fbf389a4a4d0dff
SHA512

2422f8c39edd9266fcc5e7f59a791186a88789cbc2321efed2f4c1d5dcb647713e17f225b4d4c40c7f085ebbfe8d7cd5d3e710d2e0a0f7786e773f703b6d9af1
SSDEEP

24576:bwPHRe7LMDnsmFwC5idw2r58HMcEzl5TUKF:k/RyMrsmj5iWQ58Hk5F

Score

N/A

Malware Config

Signatures

Files

dc9001155405406bf381d2e320a40a1f16397de795f9e5159fbf389a4a4d0dff
.exe windows x86

a9c121f7e29b0522f47c12ce6f50cd56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
RegQueryInfoKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
ClientToScreen
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
IsChild
wsprintfA
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CharNextA
CallWindowProcA
GetClientRect
SetWindowPos
LoadImageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
MoveWindow

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetGetConnectedState
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
CompareStringW
TlsAlloc
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
EncodePointer
SetEnvironmentVariableA
VirtualQuery
IsValidCodePage
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetSystemInfo
GetVersionExA
GetThreadLocale
FindResourceW
GetSystemTime
OpenEventA
CreatePipe
SetHandleInformation
ReadFile
LoadLibraryExA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
LoadLibraryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleW
CreateFileW
DecodePointer
TlsGetValue
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LoadResource
LockResource
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTempPathA
lstrcatA
GetEnvironmentVariableA
LoadLibraryA
GetLastError
GetSystemDirectoryA
SetDllDirectoryA
SetLastError
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
SetEndOfFile
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetFileTime
GetFileSize
GetExitCodeProcess
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
InitializeCriticalSection

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 792KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9c121f7e29b0522f47c12ce6f50cd56

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 792KB - Virtual size: 2.5MB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 792KB - Virtual size: 2.5MB