72bff41fd89a7dcb0e887668c4d521dd17ba815e203b8352e601064942e17dae

Sharing

Copy URL Twitter E-mail

General

Target

72bff41fd89a7dcb0e887668c4d521dd17ba815e203b8352e601064942e17dae
Size

556KB
MD5

a2d6873451a8c10e593f7e3c33819780
SHA1

7a7b938e9995342c3b2f0376b6814a703e86f033
SHA256

72bff41fd89a7dcb0e887668c4d521dd17ba815e203b8352e601064942e17dae
SHA512

4b46b7a0bfe820596296b6cb6fe57a886ab48b0daa57b0fe6b769fbd4f8c4e6ba3c84ea605488ed83d6b6c0320af409ea8c844c231bc1a2752e130dcfd042f34
SSDEEP

12288:U2AjF/cLogHVOhSEk1eUvxQPoXOTpzH1r4:U2AjF/cLogHVOhYeKxQwXOVHO

Score

N/A

Malware Config

Signatures

Files

72bff41fd89a7dcb0e887668c4d521dd17ba815e203b8352e601064942e17dae
.exe windows x86

23f3395238e8fe764a467d77c65af9a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathW
PathRemoveExtensionW
PathRemoveArgsW
PathMakePrettyW
SHGetValueW

wininet

SetUrlCacheEntryInfoW
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhMakeCounterPathA
PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryW
PdhGetFormattedCounterValue

kernel32

ExitThread
GetWindowsDirectoryW
CreateProcessW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
ResetEvent
ReleaseSemaphore
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
GetProcAddress
GetModuleHandleW
InterlockedExchangeAdd
Sleep
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLastError
CompareStringW
LCMapStringA
GetCPInfo
GetStringTypeA
GetFileInformationByHandle
GetFileSize
ReadFile
WriteFile
GetSystemInfo
CloseHandle
SetFilePointer
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
SetEvent
LocalFree
FormatMessageA
FlushInstructionCache
lstrlenA
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetStartupInfoW
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
VirtualAlloc
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

MapVirtualKeyW
VkKeyScanW
PostMessageW
IsWindow
CloseDesktop
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CallWindowProcW
SetWindowLongW
DefWindowProcW
GetWindowLongW

shell32

ord680

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23f3395238e8fe764a467d77c65af9a6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

pdh

kernel32

user32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 25KB - Virtual size: 34KB

STLPORT_ Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 25KB - Virtual size: 34KB

STLPORT_
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 43KB - Virtual size: 42KB