a7ff4c0d5bf5f60f6252ae3a75498e62cd40a789414f31d21d4a247dc72f9fd2

Sharing

Copy URL Twitter E-mail

General

Target

a7ff4c0d5bf5f60f6252ae3a75498e62cd40a789414f31d21d4a247dc72f9fd2
Size

286KB
MD5

8254bada4b7fddee0e12aa081cf62de0
SHA1

932b77f3b627c30e77a162dea586fa9f0995bfac
SHA256

a7ff4c0d5bf5f60f6252ae3a75498e62cd40a789414f31d21d4a247dc72f9fd2
SHA512

ec0170054516dba9c8cd6ab82c3fdd86e715595a4768c701194bb172dfc1a9776ec3efada93b828710a948b3b69b4bd4f55e00adcb2da13f9a359619e8e3664c
SSDEEP

6144:UjWTBJ6UJ0TEdt5LQnp103t41UaDTUEeDVeiAMRcrt2kWE5:UjWTrGwdonJmaDTUEQ7R0WE

Score

N/A

Malware Config

Signatures

Files

a7ff4c0d5bf5f60f6252ae3a75498e62cd40a789414f31d21d4a247dc72f9fd2
.exe windows x86

d225b55d9bf54023d5074463593215a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtTerminateProcess
LdrGetDllHandle
NtQueryInformationProcess
RtlUnwind
LdrLoadDll

kernel32

lstrlenA
TryEnterCriticalSection
SetEvent
Sleep
CreateEventW
ResetEvent
GetExitCodeThread
SetThreadPriority
GetSystemTime
GetCommandLineW
GetNativeSystemInfo
GetDriveTypeW
GetSystemDefaultUILanguage
GetLogicalDrives
GetProcessTimes
GetModuleFileNameW
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
TlsGetValue
TlsSetValue
SetEndOfFile
SetFilePointerEx
SetFileTime
WriteFile
GetFileAttributesW
ReadFile
FlushFileBuffers
GetFileSizeEx
GetFileTime
DeleteFileW
GetFileInformationByHandle
LocalFree
CreateDirectoryW
ExpandEnvironmentStringsW
TlsAlloc
GetPrivateProfileStringW
GetPrivateProfileIntW
TlsFree
FindFirstFileW
FindClose
RemoveDirectoryW
GetThreadPriority
QueryPerformanceCounter
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
ExitProcess
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
GetHandleInformation
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
HeapReAlloc
GetProcessId
UnregisterWait
RegisterWaitForSingleObject
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
InterlockedIncrement
InterlockedDecrement
IsBadReadPtr
VirtualAllocEx
WriteProcessMemory
CreateMutexW
OpenMutexW
ReleaseMutex
lstrcatW
GetComputerNameW
GetVolumeNameForVolumeMountPointW
SetErrorMode
OpenEventW
GetCurrentProcessId
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcess
VirtualQuery
SetThreadContext
GetThreadContext
VirtualProtect
VirtualAlloc
VirtualFree
ResumeThread
DuplicateHandle
WaitForMultipleObjects
TerminateThread
GetTickCount
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
FindNextFileW
LoadLibraryA
Thread32Next
Thread32First
GetCurrentThread
CreateProcessW
GetEnvironmentVariableW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
lstrcmpiA
lstrcpyA
lstrcpyW
SetFileAttributesW
FileTimeToLocalFileTime
GetProcAddress
GetTempPathW
lstrlenW
CreateFileW
LoadLibraryW
FreeLibrary
lstrcpynA
lstrcmpA
DosDateTimeToFileTime
GetTempFileNameW
FileTimeToDosDateTime
DeleteCriticalSection
GetLastError
InitializeCriticalSection
GetModuleHandleW
SetLastError
CreateThread
WaitForSingleObject
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
OutputDebugStringA

user32

ExitWindowsEx
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
CharLowerW
CharLowerA
ToUnicode
GetKeyboardState
GetCursorPos
CharToOemW
TranslateMessage
PostQuitMessage
GetClipboardData
GetIconInfo
DrawIcon
LoadCursorW
GetSystemMetrics
GetLastInputInfo
CharUpperW

advapi32

IsWellKnownSid
ConvertSidToStringSidW
InitiateSystemShutdownExW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
EqualSid
RegCloseKey
RegCreateKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGetKeyParam
CryptVerifySignatureW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
GetLengthSid

shlwapi

PathGetDriveNumberW
ord14
PathIsDirectoryW
PathSkipRootW
PathUnquoteSpacesW
wvnsprintfW
wvnsprintfA
PathRenameExtensionW
StrChrA
PathMatchSpecW
PathIsURLW
UrlUnescapeA
PathAddBackslashW
StrStrIW
PathRemoveBackslashW
PathQuoteSpacesW
StrCmpNIA
StrCmpNW
StrCmpNIW
StrCmpW
PathFindFileNameW
PathRemoveExtensionW
StrChrW
StrCmpIW
StrRChrA
StrCmpNA
PathFindExtensionW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

DecryptMessage
DeleteSecurityContext
GetUserNameExW
EncryptMessage

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree

gdi32

BitBlt
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

FreeAddrInfoW
getaddrinfo
accept
WSASend
recv
listen
bind
WSACleanup
getservbyname
WSACloseEvent
shutdown
WSAIoctl
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
getpeername
recvfrom
getsockname
sendto
connect
WSAStartup
select
WSARecv
WSAGetOverlappedResult
freeaddrinfo
closesocket
GetAddrInfoW
gethostbyname
send
WSASetLastError
WSAGetLastError
socket

crypt32

PFXImportCertStore
CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

_except_handler3
_errno
memcpy
memcmp
_purecall
memset
memchr
memmove
strcmp
_ultow
_vsnwprintf
_vsnprintf
strtoul

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d225b55d9bf54023d5074463593215a2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

version

msvcrt

Sections

.text Size: 256KB - Virtual size: 256KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 256KB - Virtual size: 256KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 14KB - Virtual size: 13KB