bb52ff73ebbd7b0d565c6b71b888325d5b2cf8bf49385a5c407a2e0c5a7e5101

Sharing

Copy URL Twitter E-mail

General

Target

bb52ff73ebbd7b0d565c6b71b888325d5b2cf8bf49385a5c407a2e0c5a7e5101
Size

912KB
MD5

11738cec287f53c2cec326cef042a9a0
SHA1

d077bea4fc93fe24230aa99e03a81210d1e8a3d7
SHA256

bb52ff73ebbd7b0d565c6b71b888325d5b2cf8bf49385a5c407a2e0c5a7e5101
SHA512

a6ebe0071bf2a8fb4d5d83d6251868bd7e6f3b3d00bad1616e63b03e0973044ea02cba0be93e1a9f15ac5b6a2f8695f98e2befc60f016c38433ca28dd9f6dc61
SSDEEP

6144:E9JUm2y14qmQJqapPTJfk2PHnxS8VDJiNzYiAOME:oJLmQJxJfk2fxVJu1

Score

N/A

Malware Config

Signatures

Files

bb52ff73ebbd7b0d565c6b71b888325d5b2cf8bf49385a5c407a2e0c5a7e5101
.exe windows x86

7085c56a5817ef299666de81dd542668

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
EnumSystemLanguageGroupsW
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
GlobalSize
HeapDestroy
IsBadStringPtrW
LoadLibraryW
MoveFileExW
ReadFile
SetConsoleCP
TlsSetValue
WaitForSingleObjectEx
WriteConsoleOutputAttribute
lstrcpyW
VirtualAlloc
CloseHandle
GetDefaultCommConfigA
HeapCreate
ReadConsoleOutputAttribute
lstrlenW
DisableThreadLibraryCalls
EnumDateFormatsW
FindResourceW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTapeStatus
GetTickCount
GetVersionExA
GetVolumePathNameA
GlobalMemoryStatus
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LoadLibraryExW
LoadResource
OpenEventW
QueryPerformanceCounter
RaiseException
SetCommConfig
SetEvent
SizeofResource
Sleep
WriteFile
_lopen
lstrcmpiW
lstrcpy
AreFileApisANSI
CreateConsoleScreenBuffer
CreateJobObjectW
DnsHostnameToComputerNameW
FreeResource
GetExitCodeProcess
MoveFileWithProgressA
SetHandleInformation
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
SetFileAttributesA
GetFileAttributesA
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
CreateDirectoryW
HeapAlloc
HeapFree
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTimeFormatA
GetDateFormatA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
FindFirstFileW
FindNextFileW
HeapReAlloc
PeekNamedPipe
GetFileType
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCurrentDirectoryA
GetFullPathNameA
GetLogicalDrives
HeapValidate
GetFileAttributesW
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsGetValue
VirtualFree
GetACP
GetOEMCP
SetCurrentDirectoryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
IsBadWritePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
CreateFileA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetTimeZoneInformation
WaitForSingleObject
CreateProcessA
InitializeCriticalSection
HeapSize
FindNextFileA
CreateFileW
WriteConsoleA
LoadLibraryA
SetFilePointer
SetEndOfFile
FlushFileBuffers
SetConsoleCtrlHandler
GetLocaleInfoW

ole32

SNB_UserFree
OleQueryCreateFromData
OleNoteObjectVisible
HMETAFILE_UserMarshal
HMETAFILEPICT_UserFree
HICON_UserMarshal
CreateDataAdviseHolder
CoRegisterMallocSpy
STGMEDIUM_UserFree
HMETAFILE_UserFree
HENHMETAFILE_UserFree
FreePropVariantArray
CoUnmarshalHresult
OleRegEnumFormatEtc
CoTestCancel
HGLOBAL_UserMarshal
CoGetCurrentLogicalThreadId

oleaut32

VarMonthName
VarDateFromI4
VarBoolFromI2
SafeArrayUnlock
VariantTimeToDosDateTime
VarUI4FromI4
VarI1FromUI2
VarBstrFromUI4
VarBoolFromCy
SafeArrayRedim
VarUI2FromStr
VarCyFromBool

rpcrt4

I_RpcReallocPipeBuffer
I_RpcBindingInqWireIdForSnego
RpcSmFree
NdrServerInitializeMarshall
NdrProxySendReceive
I_RpcServerAllocateIpPort
RpcMgmtIsServerListening
RpcServerUseProtseqA
RpcSmDisableAllocate
NdrConformantArrayMemorySize
NdrConformantArrayMarshall
MesHandleFree
I_RpcAsyncSetHandle
NdrDllGetClassObject
IUnknown_Release_Proxy
RpcServerUseProtseqIfA
RpcObjectSetType
NdrStubCall2
RpcBindingInqAuthInfoExA

shell32

SHGetFolderLocation
SHBrowseForFolderA
SHAppBarMessage
InternalExtractIconListA
DragQueryFileW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 408KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7085c56a5817ef299666de81dd542668

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

rpcrt4

shell32

Sections

.text Size: 224KB - Virtual size: 222KB

.rdata Size: 276KB - Virtual size: 274KB

.data Size: 408KB - Virtual size: 416KB

.text
Size: 224KB - Virtual size: 222KB

.rdata
Size: 276KB - Virtual size: 274KB

.data
Size: 408KB - Virtual size: 416KB