b70fe64bb798ca18aafd5a380164717a5160c6345b7a7e0a56817471138056f2

Sharing

Copy URL Twitter E-mail

General

Target

b70fe64bb798ca18aafd5a380164717a5160c6345b7a7e0a56817471138056f2
Size

10.3MB
MD5

8f1c2a7aa5790d1c678fe8626102d714
SHA1

42b45758841ff609cc8ffccbfca501190aba65e5
SHA256

b70fe64bb798ca18aafd5a380164717a5160c6345b7a7e0a56817471138056f2
SHA512

3a43753b060dd7485c734b2cc6e7171346a8e7372971553577edfce23c683547be40502ee26b1b60a0317e2071de931371b0632eccf3a455d6e8a0423236d8c7
SSDEEP

196608:J/eVvjsLdgKthQZWXOEBMelTIJau/+OdeuutIKB2s3feeLVOUAe6:tMGdgKthIB2vRILLdJ4IKY+fJwv

Score

N/A

Malware Config

Signatures

Files

b70fe64bb798ca18aafd5a380164717a5160c6345b7a7e0a56817471138056f2
.exe windows x86

2b89e4778058aa8a4013cd272262968f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
SearchPathW
GetCurrentDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetLongPathNameW
UnmapViewOfFile
MapViewOfFile
SwitchToThread
DeviceIoControl
OutputDebugStringW
lstrcmpiW
LoadLibraryExW
GetTickCount64
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcpynW
LocalFree
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetVersionExW
GetTickCount
OpenProcess
GetCurrentProcess
DeleteCriticalSection
QueryDosDeviceW
GetLogicalDriveStringsW
CreateDirectoryW
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
UnlockFile
ReadFile
LockFile
GetFileSize
CreateFileW
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
CreateFileMappingW
SetFilePointer
GetFileAttributesExW
LocalAlloc
CopyFileW
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTempFileNameA
GetTempPathA
WriteFile
GetStartupInfoW
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
DeleteFileA
CreateFileA
OutputDebugStringA
GlobalAlloc
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
GetEnvironmentVariableW
lstrlenA
FormatMessageW
GetTempFileNameW
GetSystemInfo
ResetEvent
GetFileSizeEx
GetSystemDirectoryW

user32

GetShellWindow
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PostMessageW
DestroyWindow
LoadStringW
GetClassInfoExW
CreateWindowExW
IsWindow
ShowWindow
UpdateLayeredWindow
SetWindowPos
GetFocus
GetAsyncKeyState
GetMonitorInfoW
GetWindowThreadProcessId
FindWindowExW
IsWindowVisible
SendMessageTimeoutW
KillTimer
SetTimer
CopyRect
SetCapture
IsDialogMessageW
SetCursor
GetActiveWindow
EndDialog
DialogBoxParamW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetSystemMetrics
SetFocus
wsprintfW
MessageBoxW
RegisterWindowMessageW
SendNotifyMessageW
FindWindowW
OffsetRect
UnionRect
EqualRect
PtInRect
DrawFocusRect
DestroyCursor
UnregisterClassA
IsZoomed
IsIconic
MoveWindow
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
FillRect
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextW
ReleaseCapture

gdi32

BitBlt
CreateCompatibleBitmap
CreateFontW
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
EnumFontFamiliesW
SaveDC
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
RectVisible
RestoreDC
OffsetViewportOrgEx
CreateCompatibleDC

advapi32

FreeSid
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegSetKeySecurity
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
EqualSid
DeleteAce
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExA
CreateServiceW
CloseServiceHandle
CheckTokenMembership
AllocateAndInitializeSid
SetNamedSecurityInfoW
CreateWellKnownSid
GetLengthSid
SetTokenInformation
GetUserNameW
SetEntriesInAclW
GetNamedSecurityInfoW

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
ord165
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
OleInitialize
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
OleRun
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

StrStrIW
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
StrToIntExW
SHGetValueA
PathFindFileNameW
PathRemoveFileSpecW
PathIsPrefixW
wnsprintfA
wvnsprintfW
SHGetValueW
PathIsDirectoryW
SHSetValueW
wnsprintfW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
StrToInt64ExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipDeletePen

psapi

GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetCredentials
WinHttpSetOption

setupapi

SetupIterateCabinetW

Exports

Exports

InstallEntryW
_BasicEntry@12
_Start@4
_Uninst@4

Sections

.text
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b89e4778058aa8a4013cd272262968f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

winhttp

setupapi

Exports

Exports

Sections

.text Size: 978KB - Virtual size: 977KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 26KB - Virtual size: 45KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 978KB - Virtual size: 977KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 26KB - Virtual size: 45KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 49KB - Virtual size: 48KB