3c274d903d5f959663b68d2ec657e01b00c9d6a4d467112c038ffb6a96a1896e

Sharing

Copy URL Twitter E-mail

General

Target

3c274d903d5f959663b68d2ec657e01b00c9d6a4d467112c038ffb6a96a1896e
Size

101KB
MD5

a2c1fdcdbffc3f69f2f289371d7410b0
SHA1

c4de154a6a554f0f56f235d822d2923476cc8e68
SHA256

3c274d903d5f959663b68d2ec657e01b00c9d6a4d467112c038ffb6a96a1896e
SHA512

f96cf8e4ef38a107f2ac50d64113644d0aa64e950f59a568de43d5755a72a294e2cf052e009a7cebca8e37a27e89b528602ab6be87a6821e782ccab33637ceda
SSDEEP

3072:4nqIbNMIPYKYuZvAyoonSrSri8aEpLKXES3B7V:4PbNMaYKYumyrSrN8VpM3B7V

Score

N/A

Malware Config

Signatures

Files

3c274d903d5f959663b68d2ec657e01b00c9d6a4d467112c038ffb6a96a1896e
.exe windows x86

5e456c181082f729e57520a9ff0381b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
lstrcmpiW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetSystemTime
WriteProcessMemory
CreateMutexW
CreateThread
ReadFile
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNativeSystemInfo
GetVersionExW
GetModuleFileNameW
GetUserDefaultUILanguage
WTSGetActiveConsoleSessionId
TlsGetValue
TlsSetValue
ResetEvent
GlobalLock
GlobalUnlock
GetLocalTime
HeapReAlloc
GetTempFileNameW
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
LoadLibraryW
WideCharToMultiByte
FileTimeToDosDateTime
GetEnvironmentVariableW
WriteFile
VirtualQueryEx
SetFileTime
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
ExpandEnvironmentStringsW
FindFirstFileW
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcmpiA
GetCurrentThread
LocalFree
CloseHandle
OpenEventW
GetFileAttributesExW
WaitForMultipleObjects
CreateEventW
GetProcAddress
Sleep
VirtualFree
GetModuleHandleW
SetEvent
WaitForSingleObject
SetErrorMode
GetCommandLineW
SetFileAttributesW
ExitProcess

user32

GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
RegisterClassA
GetClassNameW
DrawIcon
GetIconInfo
LoadImageW
MsgWaitForMultipleObjects
PrintWindow
GetDC
TranslateMessage
CharLowerA
ReleaseDC
EqualRect
CharLowerW
GetKeyboardState
GetClipboardData
ToUnicode
EndPaint
GetUpdateRgn
GetWindowDC
BeginPaint
GetUpdateRect
IntersectRect
RegisterClassExA
TrackPopupMenuEx
GetDCEx
GetMenuItemID
SetKeyboardState
GetSubMenu
CharLowerBuffA
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
CharUpperW
DispatchMessageW
GetMessageA
GetMessageW
SetCapture
PostMessageW
GetWindowInfo
GetCapture
SetCursorPos
PeekMessageW
PeekMessageA
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
CharToOemW
GetWindowThreadProcessId
GetMessagePos
SendMessageW
ReleaseCapture
IsWindow
GetCursorPos

advapi32

IsWellKnownSid
CryptGetHashParam
OpenProcessToken
CryptAcquireContextW
OpenThreadToken
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
ConvertSidToStringSidW
EqualSid
RegEnumKeyExW

shlwapi

wvnsprintfW
PathIsURLW
StrStrIW
StrStrIA
StrCmpNIW
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
UrlUnescapeA

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

GetUserNameExW

ole32

CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
DeleteDC
GdiFlush
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteObject
SetRectRgn

ws2_32

getpeername
send
closesocket
WSASend
WSAIoctl
WSAAddressToStringW
WSAGetLastError
socket

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e456c181082f729e57520a9ff0381b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.data Size: 1024B - Virtual size: 7KB

.idata Size: 7KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 87KB

.data
Size: 1024B - Virtual size: 7KB

.idata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB