3ee115d555da6482cc99e02d0d8adf354aee29d2f81762faaf8166f57f2702dc

Sharing

Copy URL Twitter E-mail

General

Target

3ee115d555da6482cc99e02d0d8adf354aee29d2f81762faaf8166f57f2702dc
Size

1.7MB
MD5

9384485c15e649bf3fdb9fb90214e4fa
SHA1

37741e54971bca08b0d3b81a9ebe571528221de5
SHA256

3ee115d555da6482cc99e02d0d8adf354aee29d2f81762faaf8166f57f2702dc
SHA512

edfed4ece4608d036a405414ae5d036bcabe4840ad38d2f9830fe6de8c0633b0df2601ca09062346391735bc9fff5f5c9ea41de5c41642bc18ff0a129bc2f8d3
SSDEEP

24576:KwX5INqLYGqqPxQwok3I7/oThe2JiHniv7r7Aso9wmNeOHLhCF:9+qNqnWTuijDfU/hCF

Score

N/A

Malware Config

Signatures

Files

3ee115d555da6482cc99e02d0d8adf354aee29d2f81762faaf8166f57f2702dc
.exe windows x86

617f0fabfabbe335dbaaaf925673cf6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetLocaleInfoW
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
lstrlenW
InterlockedCompareExchange
SetDllDirectoryW
SetProcessWorkingSetSize
SystemTimeToFileTime
GetSystemTime
GetDriveTypeW
GetLogicalDriveStringsW
GetTempFileNameW
FindNextFileW
FindFirstFileW
FindClose
SetFileAttributesA
SetFileAttributesW
RemoveDirectoryW
RemoveDirectoryA
DeleteFileA
MoveFileExW
SetEnvironmentVariableW
GetExitCodeThread
TerminateThread
CreateThread
GetFileType
GetModuleHandleW
LocalFree
DuplicateHandle
lstrcpyW
IsDebuggerPresent
lstrcatW
RaiseException
GetModuleFileNameW
SetUnhandledExceptionFilter
CreateProcessW
WideCharToMultiByte
ReleaseSemaphore
CreateSemaphoreW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
EnumResourceNamesW
LoadLibraryExW
FreeResource
SetLastError
DeleteTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
QueueUserWorkItem
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrlenA
GetTickCount
GetFileSize
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
GetCurrentThreadId
ReleaseMutex
ResetEvent
WaitForMultipleObjects
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateDirectoryW
MultiByteToWideChar
DeleteFileW
CopyFileW
WriteFile
GetSystemTimeAsFileTime
GetFileAttributesW
VirtualAlloc
VirtualFree
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
InterlockedIncrement
SetThreadPriority
GetCurrentThread
TlsAlloc
TlsSetValue
TlsGetValue
GetLastError
ExitProcess
WaitForSingleObject
SetEvent
LockResource
QueryDosDeviceW
LoadLibraryW
GetVersionExW
WTSGetActiveConsoleSessionId
CloseHandle
GetCurrentProcess
Sleep
CreateEventW
FindResourceW
LoadResource
SizeofResource
GetProcAddress
FileTimeToDosDateTime
GetLocalTime
SetThreadContext
GetThreadContext
FlushInstructionCache
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeW
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
UnlockFileEx
FormatMessageA
FormatMessageW
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetFileAttributesExW
GetTempPathA
AreFileApisANSI
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetUserDefaultLangID
MoveFileW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
SetFileTime
GetStdHandle
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpA
CreateMutexW
GetVolumeInformationW
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
CompareStringW
GetModuleHandleA
GetFileSizeEx
GetFileTime
ResumeThread
SuspendThread
lstrcmpW
GlobalFlags
GlobalAddAtomW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
ExitThread
UnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualProtect
VirtualQuery
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA

user32

SetWindowLongW
SetWindowPos
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetMenu
CallWindowProcW
DefWindowProcW
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetClientRect
SetForegroundWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
LoadIconW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
DestroyMenu
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetDlgItem
CharUpperW
GetSystemMetrics
GetFocus
GetWindow
wsprintfW
CharNextW
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SetWindowsHookExW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
RegisterWindowMessageW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetWindowTextW
IsWindow
DestroyWindow

advapi32

LookupPrivilegeValueW
RegQueryInfoKeyW
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
GetUserNameW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
GetLengthSid
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegFlushKey
OpenThreadToken
LogonUserW
SetThreadToken
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
ReportEventW
CloseEventLog
OpenEventLogW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeAcl
InitializeSid
AdjustTokenPrivileges

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord165
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VarUI4FromStr
SysAllocStringLen
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
VarUdateFromDate

shlwapi

PathIsUNCW
PathStripToRootW
PathUnquoteSpacesW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathAddBackslashW
PathFileExistsW
SHDeleteKeyW
PathStripPathW
PathAppendW
PathRemoveBackslashW

userenv

UnloadUserProfile

wtsapi32

WTSQueryUserToken

fltlib

FilterGetMessage
FilterConnectCommunicationPort
FilterReplyMessage
FilterSendMessage

wininet

InternetCloseHandle
InternetQueryOptionW
InternetOpenW
InternetConnectW
FtpRenameFileW
InternetReadFile
InternetGetLastResponseInfoW
InternetSetOptionW
InternetWriteFile
FtpOpenFileW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpOpenRequestW

dbghelp

MiniDumpWriteDump

imagehlp

ImageGetCertificateData
ImageGetCertificateHeader

crypt32

CertFreeCertificateContext
CertGetNameStringW
CryptProtectData
CryptVerifyMessageSignature
CryptUnprotectData

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

msi

ord224

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

ntdll

RtlUnwind
NtResumeProcess
NtQueryObject
RtlCopyUnicodeString
NtQuerySystemInformation
NtSuspendProcess

winmm

timeGetTime

netapi32

NetApiBufferFree
NetShareEnum

mpr

WNetGetUniversalNameW

ws2_32

inet_addr
WSAGetLastError
select
sendto
ntohl
socket
inet_ntoa
send
htonl
ntohs
ioctlsocket
WSACleanup
closesocket
htons
recvfrom
gethostbyname
connect
WSAStartup
recv

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

617f0fabfabbe335dbaaaf925673cf6e

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

fltlib

wininet

dbghelp

imagehlp

crypt32

wintrust

msi

psapi

ntdll

winmm

netapi32

mpr

ws2_32

oleacc

gdi32

winspool.drv

comdlg32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 43KB - Virtual size: 87KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 43KB - Virtual size: 87KB

.rsrc
Size: 9KB - Virtual size: 9KB