95fb5a18b929e5d11ffe4730f1c1d93792eff88be30c4f34d0351f15a1154ce8

Sharing

Copy URL Twitter E-mail

General

Target

95fb5a18b929e5d11ffe4730f1c1d93792eff88be30c4f34d0351f15a1154ce8
Size

312KB
MD5

556fd89d1c99a30fdc7bf07820c06200
SHA1

ead2c126e53255457fa8a247b52fce56d361a488
SHA256

95fb5a18b929e5d11ffe4730f1c1d93792eff88be30c4f34d0351f15a1154ce8
SHA512

d6de827ed0970d49892ab44159a49a52fc469d4757473a5ba8e3d47fdb0082f801bc556d6fcc73bd9834fa4ebb04b9fa57de8f12814ecebbf0f1402cb0944973
SSDEEP

3072:3w6mlUF1SkcP9mWh5iVW7J6ebjUjWoWqGebSKtzH5YxGm88ykR9r:3JmlUzW9mM5tl6ebj6WonwxG78vR

Score

N/A

Malware Config

Signatures

Files

95fb5a18b929e5d11ffe4730f1c1d93792eff88be30c4f34d0351f15a1154ce8
.exe windows x86

f6366feb02ddffddab630269a2305cf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathFindExtensionW

psapi

GetProcessImageFileNameW
EnumProcesses

ntdll

_allshl
_aullshr
RtlUnwind
_vsnwprintf
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation
strstr
wcsstr
memmove
_alldiv

kernel32

ExitThread
FlushFileBuffers
GetLastError
GlobalFree
FindClose
FindNextFileW
CloseHandle
DeleteFileW
SetFileAttributesW
GetVolumeInformationW
GlobalMemoryStatus
FreeLibrary
QueryPerformanceCounter
GetTickCount
LoadLibraryW
GetVersionExW
GetProcAddress
GetCurrentProcessId
ExitProcess
GetEnvironmentVariableW
CreateMutexW
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
OpenProcess
CopyFileW
TerminateProcess
GetModuleFileNameW
GetSystemDirectoryA
SetThreadPriority
CreateFileW
InterlockedExchange
SetLastError
LocalAlloc
LoadLibraryExA
VirtualProtect
GetShortPathNameW
LocalFree
CreateThread
ExpandEnvironmentStringsW
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStdHandle
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetFileAttributesW
Sleep
GlobalAlloc
WriteFile
GetProcessHeap
HeapFree
HeapSetInformation
GetLogicalDriveStringsW
MoveFileExW
HeapAlloc
GetDriveTypeW
SetFilePointer
FindFirstFileW
GetFileSize
ReadFile
HeapSize
GetStringTypeW
SetStdHandle
WriteConsoleW
IsProcessorFeaturePresent
SetEndOfFile
GetCommandLineW
HeapReAlloc
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetACP
InterlockedDecrement
InterlockedIncrement
EncodePointer
GetCPInfo
DecodePointer

user32

RegisterClassExW
DefWindowProcW
CreateWindowExW
SetWindowLongW
ReleaseDC
LoadIconW
TranslateMessage
GetDC
GetMessageW
UnregisterClassW
DrawTextA
DispatchMessageW

gdi32

SetTextColor
GetDIBits
SetBkMode
CreateFontW
GetStockObject
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCreateKeyExA
LookupPrivilegeValueA
RegSetValueExA
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteExA
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

wininet

InternetCloseHandle
InternetOpenW
InternetOpenA
InternetConnectA
InternetOpenUrlW
InternetReadFile
HttpOpenRequestA
InternetSetCookieA
HttpSendRequestA

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6366feb02ddffddab630269a2305cf7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

mpr

wininet

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 644KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 644KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 13KB - Virtual size: 12KB