0da8712873afc7eeb7db54f5d832ba3ed374079041f15f302c219950eedc4fbf

Sharing

Copy URL Twitter E-mail

General

Target

0da8712873afc7eeb7db54f5d832ba3ed374079041f15f302c219950eedc4fbf
Size

257KB
MD5

1072db6054c40c694a84ba26ff1a60b1
SHA1

059865254024be133bd3d09b3380e69f8ad2f525
SHA256

0da8712873afc7eeb7db54f5d832ba3ed374079041f15f302c219950eedc4fbf
SHA512

18d7bd87f7afe97d7d513d91032e3f22345ba144fb867866fad5bce7ee1bdad1511040d2eea5435fa1295cbc9703c5421a8786172260082759a40a3481f623d5
SSDEEP

6144:2fSr8qjHJLEJpazJ1fYD4PKkTLETuxJX3i6qRy:KIL4QJZYDJkTAK3X3g0

Score

N/A

Malware Config

Signatures

Files

0da8712873afc7eeb7db54f5d832ba3ed374079041f15f302c219950eedc4fbf
.exe windows x86

90708b2c7b5dd0ce924ac1e87060858f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
ReadFile
GetExitCodeThread
CreatePipe
ResumeThread
FreeLibrary
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
CreateDirectoryW
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
GetCurrentProcessId
MultiByteToWideChar
lstrlenW
GetTempPathW
TerminateThread
OpenMutexW
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
FileTimeToSystemTime
GetWindowsDirectoryW
ResetEvent
WTSGetActiveConsoleSessionId
TlsGetValue
TlsSetValue
CreateRemoteThread
GetUserDefaultUILanguage
DuplicateHandle
VirtualProtect
GetModuleHandleA
CreateEventA
LoadLibraryW
VirtualFree
GetComputerNameW
SetErrorMode
CreateMutexW
GetCommandLineW
SetHandleInformation
CreateProcessW
GetPrivateProfileIntW
FlushFileBuffers
GetPrivateProfileStringW
lstrcmpiA
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
DeleteFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
GetFileSizeEx
WriteProcessMemory
GlobalUnlock
GlobalLock
OpenEventW
GetTickCount
SetEvent
LocalFree
GetProcAddress
GetVersionExW
GetModuleHandleW
GetNativeSystemInfo
CreateThread
GetSystemTime
GetLocalTime
GetLastError
ReleaseMutex
SetFilePointer
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetThreadContext
ExitProcess
WaitForMultipleObjects
CreateEventW
SetFileAttributesW
GetLogicalDrives
GetDriveTypeW
GetModuleFileNameW
ExitThread
WaitForSingleObject
Sleep
ExpandEnvironmentStringsW
CloseHandle
lstrcmpiW
CreateFileW
TerminateProcess
GetFileAttributesW
OpenProcess
WriteFile
SetEndOfFile

user32

CharLowerA
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
CharLowerW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
GetWindowLongW
GetUserObjectInformationW
OpenWindowStationW
GetKeyboardLayoutList
ToUnicode
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
TrackPopupMenuEx
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
CharToOemW
WindowFromPoint
MsgWaitForMultipleObjects
LoadImageW
GetTopWindow
GetShellWindow
GetWindowThreadProcessId
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
DrawIcon
GetIconInfo
MessageBoxA
GetWindowRect
GetParent
GetWindowInfo
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
IsRectEmpty
RegisterWindowMessageW
GetMenuItemID
GetSubMenu
SetKeyboardState
MenuItemFromPoint
GetMenu
SetThreadDesktop
GetMenuItemRect
GetCapture
TranslateMessage
RegisterClassExW
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
PostThreadMessageW
HiliteMenuItem
SendMessageW
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMessagePos
GetWindowDC
EndMenu
DefFrameProcW
RegisterClassA
GetDC
GetSystemMetrics
MapVirtualKeyW
PostMessageW
ExitWindowsEx
CharLowerBuffA
GetKeyboardState

advapi32

InitiateSystemShutdownExW
CreateProcessAsUserA
CreateProcessAsUserW
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
ConvertSidToStringSidW
IsWellKnownSid
GetLengthSid
RegDeleteValueW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
RegOpenKeyExW
RegEnumKeyExW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
EqualSid

shlwapi

PathAddBackslashW
StrCmpNIW
wvnsprintfA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathIsURLW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
PathRemoveFileSpecW
StrStrIA
StrCmpNIA
PathQuoteSpacesW
PathUnquoteSpacesW
PathRemoveBackslashW
PathRenameExtensionW
PathFindFileNameW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoGetObject
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CLSIDFromString
CoInitializeSecurity
CoInitialize
CoInitializeEx
StringFromGUID2

gdi32

SelectObject
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
CreateCompatibleDC
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
DeleteObject

ws2_32

WSAEventSelect
WSAGetLastError
WSAWaitForMultipleEvents
WSASocketA
WSAResetEvent
closesocket
WSACreateEvent
WSAGetOverlappedResult
WSAEnumNetworkEvents
recvfrom
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
select
shutdown
setsockopt
sendto
recv
bind
socket
freeaddrinfo
WSASetLastError
listen
getsockname
accept
WSASend
WSARecv
WSACloseEvent
send
gethostbyname
getaddrinfo
inet_addr
getpeername
inet_ntoa
WSAConnect

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore

wininet

HttpOpenRequestA
InternetSetStatusCallbackA
InternetConnectA
HttpAddRequestHeadersW
InternetCrackUrlA
HttpAddRequestHeadersA
InternetGetCookieA
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

waveOutWrite
PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90708b2c7b5dd0ce924ac1e87060858f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 241KB - Virtual size: 241KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 241KB - Virtual size: 241KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 9KB