6b16880f1e9fe017d8d376f27c12f984dc73eac230e25c4bc51c7119380496e7

Sharing

Copy URL Twitter E-mail

General

Target

6b16880f1e9fe017d8d376f27c12f984dc73eac230e25c4bc51c7119380496e7
Size

1.1MB
MD5

01417370c4890fd3bd635d195520a5d4
SHA1

4ddd6117d13a55c1474a142859647ba5cbdf56c5
SHA256

6b16880f1e9fe017d8d376f27c12f984dc73eac230e25c4bc51c7119380496e7
SHA512

6f50d3532cc5f698947235b81ab2269ad509a954c5eaec11f22bcb74caa7b5f4c4eefdad3fcbbcad7cfd82fd0d615ad49c116c4c3a3a36cce5b7c09fb373a8b5
SSDEEP

24576:g92xHZctw89zCECwizl7KjRcWI0b6u7LUxnkCcvzYJc9j2xGpEbQO0nTJ31bWpkS:k24zmJzl7KjRW0b6u7LUxnkCcvzYJc9B

Score

N/A

Malware Config

Signatures

Files

6b16880f1e9fe017d8d376f27c12f984dc73eac230e25c4bc51c7119380496e7
.exe windows x86

1d6ccd8c6c053849be6b23b78823953c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpSendRequestW
HttpOpenRequestW
InternetOpenW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectW

kernel32

GetTempPathW
Process32FirstW
GetSystemInfo
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
CopyFileA
CopyFileW
ReadFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
FindClose
FindNextFileW
FindNextChangeNotification
GetFileSize
SetFilePointer
GetFileAttributesW
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
GetFileAttributesA
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
GetEnvironmentVariableA
GetSystemDirectoryA
CreateMutexW
OpenMutexW
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
InterlockedIncrement
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
CreateFileW
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
RtlUnwind
ExitProcess
GetCommandLineA
IsDebuggerPresent
TerminateProcess
GetExitCodeProcess
GetVersionExW
FormatMessageW
LoadLibraryW
OpenProcess
WriteFile
CreateDirectoryW
InterlockedDecrement
CreateProcessW
FreeLibrary
LocalFree
GetProcAddress
SetLastError
GetModuleHandleW
GetCurrentProcess
GetEnvironmentVariableW
CreateThread
DeleteCriticalSection
WaitForMultipleObjects
CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenW
CloseHandle
FindFirstChangeNotificationA
FindCloseChangeNotification
lstrlenA
MultiByteToWideChar
GetLastError
ResumeThread
DeleteFileW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
VirtualFree
GetTimeFormatA
WriteConsoleW
GetLocaleInfoW
GetDateFormatA
SetEnvironmentVariableA
DeleteFileA
GetTimeZoneInformation

user32

wsprintfW
PostMessageW
GetClassNameW
IsWindow
GetSystemMetrics
EnumWindows

advapi32

CryptCreateHash
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
OpenProcessToken
RegCreateKeyExW
AddAccessAllowedAce
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDecrypt
CryptDestroyKey
CryptAcquireContextA
CryptDeriveKey
CryptHashData
CryptDestroyHash
StartServiceCtrlDispatcherW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
GetLengthSid
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

StringFromGUID2
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

shell32

SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

UrlUnescapeW
PathFileExistsW

crypt32

CryptMsgGetParam
CertCloseStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject
CryptProtectData
CertFindCertificateInStore

wintrust

WinVerifyTrust

Sections

.text
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d6ccd8c6c053849be6b23b78823953c

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

crypt32

wintrust

Sections

.text Size: 679KB - Virtual size: 678KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 34KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 679KB - Virtual size: 678KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 34KB

.vmp0
Size: 192KB - Virtual size: 1.3MB