53cdb4ce4ac88dd4b4a97bb7c8c8580fce2cf39674f24027f60b61b3111b82a7

Sharing

Copy URL Twitter E-mail

General

Target

53cdb4ce4ac88dd4b4a97bb7c8c8580fce2cf39674f24027f60b61b3111b82a7
Size

105KB
MD5

36ed2cddcd90582abdecdc1dbff7d011
SHA1

1d30b386ceaed69327a4c77a4f6394b9b21e80e7
SHA256

53cdb4ce4ac88dd4b4a97bb7c8c8580fce2cf39674f24027f60b61b3111b82a7
SHA512

603c1e61410b81543bddb4b260f9fa3430600d09964a76079da6ae384e9ba95ea501ec9a285aee1cb7935579a479815543bb85591c72fbd411073738379ab4c8
SSDEEP

1536:lPuOdVFSfD+asg2a6yhkZqiWmOeOpDhnggP0QBsexdszx7nO8juk:5usxACeeo50QB07O8j

Score

N/A

Malware Config

Signatures

Files

53cdb4ce4ac88dd4b4a97bb7c8c8580fce2cf39674f24027f60b61b3111b82a7
.exe windows x86

7cac906245dd84782bde21436bc10910

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest

msvcrt

wcsncmp
_wcsicmp
wcsstr
rand
atoi
malloc
strtok
_snprintf
_vsnprintf
_snwprintf
memset
??1type_info@@UAE@XZ
_CxxThrowException
strchr
isxdigit
_strnicmp
mbstowcs
toupper
??3@YAXPAX@Z
??2@YAPAXI@Z
wcstok
wcsncpy
_wcsnicmp
strncmp
strstr
strncpy
sprintf
srand
memcpy

ntdll

NtQueryInformationThread
RtlAllocateHeap
NtReadVirtualMemory
NtFlushInstructionCache
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtWriteVirtualMemory
RtlFreeHeap
NtQueueApcThread

kernel32

OpenMutexW
GetProcessId
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
lstrcatA
MultiByteToWideChar
WideCharToMultiByte
WaitForMultipleObjects
CreateProcessW
CreateEventW
LockFile
UnlockFile
GetTempPathW
CreateDirectoryW
MoveFileW
GetDriveTypeW
GetCurrentProcessId
GetLocaleInfoA
CreateMutexW
GetLastError
GetCurrentDirectoryW
DeleteFileW
LocalFree
LoadLibraryW
InterlockedDecrement
HeapAlloc
HeapFree
CloseHandle
WriteFile
lstrlenA
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessHeap
Sleep
DisconnectNamedPipe
FlushFileBuffers
ReadFile
ConnectNamedPipe
CreateNamedPipeW
GetModuleHandleW
CopyFileW
GetCommandLineW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
VirtualAlloc
OpenProcess
CreateThread
ExitProcess
ExitThread
ReleaseMutex
WaitForSingleObject
SetProcessWorkingSetSize
GetCurrentProcess
SetErrorMode
GetTickCount
ExpandEnvironmentStringsW
SetFileAttributesW
FlushInstructionCache
VirtualProtectEx
UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
ReadProcessMemory
GetProcAddress
GetModuleHandleA
lstrlenW
GetVersionExA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileSize
GetTimeFormatW
GetDateFormatW
GetFileAttributesW

ws2_32

recv
htons
socket
connect
WSAGetLastError
WSACleanup
setsockopt
recvfrom
sendto
getsockname
gethostname
bind
listen
ioctlsocket
select
__WSAFDIsSet
accept
closesocket
send
inet_addr
gethostbyname
getpeername
inet_ntoa
WSAStartup

shlwapi

StrStrIW

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenW
InternetReadFile

ole32

CoUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CoInitialize

psapi

GetModuleFileNameExW
EnumProcessModules

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

advapi32

GetUserNameW
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

oleaut32

VariantInit
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantClear
GetErrorInfo
SysAllocString

user32

SetActiveWindow
SetForegroundWindow
PostMessageW
IsWindowVisible
wsprintfW
CharUpperBuffA
RegisterDeviceNotificationW
PostQuitMessage
DestroyWindow
LoadCursorW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
UnregisterDeviceNotification

urlmon

ObtainUserAgentString

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cac906245dd84782bde21436bc10910

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

msvcrt

ntdll

kernel32

ws2_32

shlwapi

wininet

ole32

psapi

shell32

advapi32

oleaut32

user32

urlmon

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB