48131e56add799a3e8e9d8bb4a0eceb3827d4f404ca68e15931196b0e5060d1c

Sharing

Copy URL Twitter E-mail

General

Target

48131e56add799a3e8e9d8bb4a0eceb3827d4f404ca68e15931196b0e5060d1c
Size

420KB
MD5

93a02c25897377e6d1f6042986973b00
SHA1

c59faeef84604b36be426e4f4370a6490346e16d
SHA256

48131e56add799a3e8e9d8bb4a0eceb3827d4f404ca68e15931196b0e5060d1c
SHA512

4b5d0db1f7c9081e9716b6614026ef6fc06798495bd980dad2f2983b505ed6f401896e3033b97068ce381e7845d4cfcb95ab0b403a326bb120322f2da534f4f6
SSDEEP

12288:KiTK9TeXtamTDgVjzDkaBBIylwx6I9zN1ULCQIS:KiO9Te9BTsHIylwx6+HULCQf

Score

N/A

Malware Config

Signatures

Files

48131e56add799a3e8e9d8bb4a0eceb3827d4f404ca68e15931196b0e5060d1c
.exe windows x86

bd6df0d0623499f1d8c6ffd7ced38e17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtCreateFile
LdrLoadDll
LdrGetDllHandle
NtQueryInformationProcess
NtTerminateProcess

kernel32

SetThreadPriority
CreateThread
GetCurrentProcess
GetModuleFileNameW
GetCurrentProcessId
TlsFree
CreateRemoteThread
OpenProcess
GetNativeSystemInfo
GetVersionExW
GetExitCodeThread
GetEnvironmentVariableW
Thread32First
Thread32Next
GetThreadContext
SetThreadContext
FlushInstructionCache
GetCurrentThreadId
QueryPerformanceCounter
WideCharToMultiByte
lstrcmpA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
MoveFileExW
GetFileAttributesW
FileTimeToDosDateTime
GetTempFileNameW
DosDateTimeToFileTime
lstrcpynA
GetCurrentThread
LoadLibraryW
lstrcpyW
lstrcpyA
GetDriveTypeW
GetSystemDefaultUILanguage
GetLogicalDrives
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
TryEnterCriticalSection
GlobalLock
GlobalUnlock
lstrcmpiA
MultiByteToWideChar
ReadFile
RemoveDirectoryW
GetHandleInformation
GetProcessId
GetThreadPriority
TerminateThread
FindClose
WTSGetActiveConsoleSessionId
SetEndOfFile
SetFilePointerEx
SetFileTime
GetFileTime
DeleteFileW
GetFileInformationByHandle
GetComputerNameW
GetVolumeNameForVolumeMountPointW
IsBadReadPtr
VirtualAllocEx
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
FindNextFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
VirtualFree
LoadLibraryA
GetProcAddress
SetFilePointer
VirtualAlloc
FlushFileBuffers
WriteFile
FindFirstFileW
TlsAlloc
TlsSetValue
TlsGetValue
WriteProcessMemory
OpenEventW
CreateToolhelp32Snapshot
lstrcatW
lstrcmpiW
Process32NextW
WaitForMultipleObjects
Process32FirstW
GetLongPathNameW
GetTempPathW
Sleep
VirtualFreeEx
GetModuleHandleW
SetErrorMode
ExitProcess
GetTickCount
SetLastError
RegisterWaitForSingleObject
UnregisterWait
CreateEventW
ResetEvent
ReleaseMutex
OpenMutexW
CreateMutexW
GetLastError
FileTimeToLocalFileTime
GetLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
ExpandEnvironmentStringsW
SetFileAttributesW
CreateDirectoryW
ResumeThread
DuplicateHandle
SetEvent
CreateProcessW
GetCommandLineW
CloseHandle
CreateFileMappingW
GetFileSizeEx
CreateFileW
VirtualQuery
UnmapViewOfFile
MapViewOfFile
lstrlenW
lstrlenA
VirtualProtect
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
WaitForSingleObject
GetSystemTime
InitializeCriticalSection
GetSystemTimeAsFileTime

user32

GetIconInfo
GetCursorPos
CharLowerW
CharLowerA
ExitWindowsEx
GetClipboardData
TranslateMessage
PostQuitMessage
GetSystemMetrics
GetLastInputInfo
CharUpperW
ToUnicode
GetKeyboardState
DispatchMessageW
PeekMessageW
LoadCursorW
DrawIcon
MsgWaitForMultipleObjects

advapi32

InitiateSystemShutdownExW
CryptExportKey
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptGenKey
CryptDestroyKey
CryptDestroyHash
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
EqualSid
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptDeriveKey
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

shlwapi

StrCmpIW
StrChrW
StrCmpW
StrRChrA
StrChrA
PathRemoveExtensionW
PathIsURLW
PathMatchSpecW
PathAddBackslashW
PathFindExtensionW
StrStrIW
PathQuoteSpacesW
wvnsprintfW
PathRenameExtensionW
PathIsDirectoryW
ord14
PathGetDriveNumberW
StrCmpNA
PathUnquoteSpacesW
StrCmpNIA
StrCmpNIW
UrlUnescapeA
PathRemoveBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathSkipRootW
StrCmpNW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

GetUserNameExW
DecryptMessage
EncryptMessage
DeleteSecurityContext

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2

gdi32

CreateCompatibleDC
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
CreateDCW
SelectObject
CreateCompatibleBitmap

ws2_32

getservbyname
WSACloseEvent
accept
WSAIoctl
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
recvfrom
getsockname
sendto
FreeAddrInfoW
WSARecv
WSASend
GetAddrInfoW
gethostbyname
getpeername
WSAGetOverlappedResult
connect
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
WSACleanup
recv
bind
socket
freeaddrinfo
WSASetLastError
closesocket
send
listen

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipAlloc
GdiplusShutdown
GdipSaveImageToStream
GdipFree

msvcrt

_except_handler3
_errno
memcpy
memmove
strcmp
_purecall
memset
memcmp
strtoul
_vsnwprintf
_vsnprintf
memchr

Sections

.text
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd6df0d0623499f1d8c6ffd7ced38e17

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

userenv

iphlpapi

version

gdiplus

msvcrt

Sections

.text Size: 398KB - Virtual size: 398KB

.data Size: 1024B - Virtual size: 8KB

.idata Size: 10KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 398KB - Virtual size: 398KB

.data
Size: 1024B - Virtual size: 8KB

.idata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB