8a05a01ffdff62f807700481fbed1c4109321ae18dbc7af180a7b90838056f6a

Sharing

Copy URL Twitter E-mail

General

Target

8a05a01ffdff62f807700481fbed1c4109321ae18dbc7af180a7b90838056f6a
Size

4.1MB
MD5

99f780ef22973bc31f619db925c5f5a1
SHA1

9364d22a0ed3b0c81207dddeedfd98b573c51c51
SHA256

8a05a01ffdff62f807700481fbed1c4109321ae18dbc7af180a7b90838056f6a
SHA512

dee0690dba77f23a2d86f7d5e7cb1649b8239efd693ce7b6e5daaa4048bc5b54c9720a1463a4875fbed1993a4b784822ec17e916a9aaad8cb4c3563ba72e9f2b
SSDEEP

24576:OuE8Xz3S2RXXtrk+VK3BWNJOI05hNnQs/NmYovqPy41sY1+0zWwBeLzTWCOfi5Fh:48Xz3SmX92B0Oj/hh1mYSI1snNjfk1H

Score

N/A

Malware Config

Signatures

Files

8a05a01ffdff62f807700481fbed1c4109321ae18dbc7af180a7b90838056f6a
.exe windows x64

7742c6ce4f3fb457413f3b570486608a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetACP
IsValidCodePage
FindFirstFileExW
HeapQueryInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentThread
SetConsoleCtrlHandler
HeapValidate
GetCommandLineA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
FormatMessageA
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetEnvironmentVariableW
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
GetCPInfo
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
SetStdHandle
GetStringTypeW
FlushFileBuffers
SetEndOfFile
lstrcmpiW
LoadLibraryExW
VerifyVersionInfoW
VerSetConditionMask
FileTimeToSystemTime
SetLocalTime
GetLocalTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
ResetEvent
GetQueuedCompletionStatus
GenerateConsoleCtrlEvent
SetSystemPowerState
IsBadWritePtr
IsBadReadPtr
CopyFileW
FormatMessageW
LocalFree
GlobalFlags
VirtualQuery
GetVersionExW
GetSystemInfo
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
PeekNamedPipe
CreatePipe
GetFileAttributesExW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetOEMCP
GetEnvironmentStringsW
WakeAllConditionVariable
GetCommandLineW
GetUserDefaultLCID
LoadLibraryW
GetProcAddress
FreeLibrary
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
GetTickCount
DebugBreak
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
OutputDebugStringW
GetModuleHandleW
GetCurrentThreadId
IsDebuggerPresent
ResumeThread
SetThreadPriority
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
GetTimeZoneInformation
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
WriteFile
SetFilePointerEx
SetFilePointer
ReadFile
GetVolumeInformationW
CreateFileW
DecodePointer
VerLanguageNameW
Sleep
LeaveCriticalSection
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetLogicalDriveStringsW
CreateWaitableTimerW
SetWaitableTimer
OpenProcess
FreeEnvironmentStringsW
TerminateProcess
GetCurrentProcessId
CloseHandle
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
IsBadStringPtrW
ExitProcess
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
IsBadStringPtrA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
SetThreadpoolWait
RtlUnwind

user32

GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
GetPropW
PeekMessageW
DispatchMessageW
TranslateMessage
GetNextDlgTabItem
GetTopWindow
SetRect
IsZoomed
UnhookWindowsHookEx
IsWindow
wsprintfW
DestroyWindow
SetFocus
MsgWaitForMultipleObjects
GetFocus
MessageBoxW
GetDesktopWindow
SetWindowPos
InvalidateRect
GetWindowLongW
SetWindowLongW
GetMessageW
DefWindowProcW
ShowWindow
IsWindowVisible
GetKeyState
EnableWindow
AdjustWindowRectEx
SetCursor
ScreenToClient
SetParent
PtInRect
MessageBeep
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
GetClassNameW
IsRectEmpty
IntersectRect
SetWindowRgn
EndPaint
BeginPaint
DrawIcon
GetSystemMenu
SetMenu
IsWindowEnabled
GetDlgCtrlID
IsIconic
IsChild
IsMenu
FindWindowExW
SetPropW
RedrawWindow
GetDlgItem
GetCursorPos
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
TranslateAcceleratorW
GetParent
GetSystemMetrics
GetDC
SendMessageW
UnregisterClassW
GetActiveWindow
DrawTextW
DrawStateW
ClientToScreen
WindowFromPoint
GetWindowDC
ReleaseDC
GetClientRect
GetSysColor
DrawFocusRect
LoadStringW
RegisterClassW
GetClassInfoW
CreateWindowExW
GetWindowLongPtrW
LoadCursorW
LoadIconW
LoadImageW
CopyImage
ExitWindowsEx
AttachThreadInput
WaitForInputIdle
MoveWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
SetActiveWindow
SetForegroundWindow
EnumWindows
GetWindowThreadProcessId
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
DestroyAcceleratorTable
CreateAcceleratorTableW
PostQuitMessage
CharNextW
DestroyIcon
GetClassInfoExW
RegisterClassExW
PostMessageW
SetWindowLongPtrW
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
CallWindowProcW

gdi32

StretchBlt
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetStockObject
GetDIBits
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
DeleteObject
SetStretchBltMode
GdiAlphaBlend
CreateDIBSection
SetDIBColorTable
GetObjectW
GetTextExtentPoint32W
CreateBitmap
CreateSolidBrush
GetObjectType
GetPixel
LineTo
RoundRect
SetBkColor
SetBkMode
SetTextColor
MoveToEx
ExtTextOutW
CreateEllipticRgn
CreateRoundRectRgn
GetClipBox
ExcludeClipRect
GetTextMetricsW
CombineRgn
CreateBrushIndirect
CreateHatchBrush
CreateRectRgn
ExtCreateRegion
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
SetMapMode
SetPixel
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreatePen
CreatePatternBrush

advapi32

RegQueryValueW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
CryptAcquireContextA
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

Shell_NotifyIconW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRun
CLSIDFromProgID
IIDFromString
CLSIDFromString
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
OleCreatePictureIndirect
OleCreateFontIndirect
GetActiveObject
RegisterTypeLi
LoadTypeLi
LHashValOfNameSys
VarCmp
VariantChangeType
VariantCopyInd
VariantCopy
SysFreeString
VariantTimeToSystemTime
SysAllocString
SysStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
VarUI4FromStr

comctl32

ImageList_GetIcon
ImageList_SetBkColor
ImageList_GetImageCount
_TrackMouseEvent
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

hpsocket_u

HP_Destroy_TcpPackClient
HP_Create_TcpPackClient

libcurl

curl_global_init
curl_easy_cleanup
curl_slist_append
curl_easy_getinfo
curl_easy_perform
curl_easy_pause
curl_free
curl_easy_unescape
curl_easy_escape
curl_multi_info_read
curl_multi_cleanup
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_add_handle
curl_multi_init
curl_easy_reset
curl_easy_setopt
curl_easy_init
curl_slist_free_all
curl_global_cleanup

fbrowsercef3lib

?FBroHsDownloadItem_GetFullPath@@YA?AV?$scoped_refptr@VFBroString@@@@V?$scoped_refptr@VCefDownloadItem@@@@@Z
?FBroHsDownloadItem_GetPercentComplete@@YAHV?$scoped_refptr@VCefDownloadItem@@@@@Z
?FBroHsDownloadItem_GetDownloadOriginalUrl@@YA?AV?$scoped_refptr@VFBroString@@@@V?$scoped_refptr@VCefDownloadItem@@@@@Z
?FBroHsRequest_GetURL@@YA?AV?$scoped_refptr@VFBroString@@@@V?$scoped_refptr@VCefRequest@@@@@Z
?FBroHsBrowser_GetMainFrame@@YA?AV?$scoped_refptr@VCefFrame@@@@V?$scoped_refptr@VCefBrowser@@@@@Z
?FBroHsBrowser_GetIdentifier@@YAHV?$scoped_refptr@VCefBrowser@@@@@Z
?FBroHsBrowser_StopLoad@@YAXV?$scoped_refptr@VCefBrowser@@@@@Z
?FBroHsBrowserFrame_ExecuteJavaScript@@YAXV?$scoped_refptr@VCefFrame@@@@AEBV?$CefStringBase@UCefStringTraitsUTF16@@@@1H@Z
?FBroHsBrowserFrame_GetName@@YA?AV?$scoped_refptr@VFBroString@@@@V?$scoped_refptr@VCefFrame@@@@@Z
?FBroHsBrowserFrame_LoadURL@@YAXV?$scoped_refptr@VCefFrame@@@@AEBV?$CefStringBase@UCefStringTraitsUTF16@@@@@Z
?FBroHsBrowserFrame_GetURL@@YA?AV?$scoped_refptr@VFBroString@@@@V?$scoped_refptr@VCefFrame@@@@@Z
?FBroHsCommandLine_AppendSwitchWithValue@@YAXV?$scoped_refptr@VCefCommandLine@@@@AEBV?$CefStringBase@UCefStringTraitsUTF16@@@@1@Z
?FBroHsCreate@@YAHAEBV?$CefStringBase@UCefStringTraitsUTF16@@@@PEAUE_WINDOWS_INFO@@PEAUE_BROWER_SETTING@@V?$scoped_refptr@VCefRequestContext@@@@V?$scoped_refptr@VCefDictionaryValue@@@@V?$scoped_refptr@VFBroHsBroEvent@@@@PEAUEvent_Disable_Control@@@Z
FBroShutdown
FBroEnableHighDPISupport
FBroHsInitPro
?FBroHsBrowserHost_StartDownload@@YAXV?$scoped_refptr@VCefBrowser@@@@AEBV?$CefStringBase@UCefStringTraitsUTF16@@@@@Z
?FBroHsBrowserHost_GetWindowHandle@@YAPEAUHWND__@@V?$scoped_refptr@VCefBrowser@@@@@Z
?FBroHsBrowserHost_CloseBrowser@@YAXV?$scoped_refptr@VCefBrowser@@@@_N@Z
?FBroString_GetWcharData@@YAXV?$scoped_refptr@VFBroString@@@@PEA_W@Z
?FBroString_WSize@@YAHV?$scoped_refptr@VFBroString@@@@@Z
FBroPonitToERange
FBroPonitToCefScreenInfo
FBroPonitToEScreenInfo
FBroPonitToCefRect
FBroPonitToERect
FBroEBrowserSetToBrowserSet
?FBroHsBeforeDownloadCallback_Continue@@YAXV?$scoped_refptr@VCefBeforeDownloadCallback@@@@AEBV?$CefStringBase@UCefStringTraitsUTF16@@@@_N@Z
FBroEWindowInfoToWindowInfo
FBroWindowInfoToEWindowInfo
FBroPopupFeaturesToEPopupFeatures
?FBroHsBeforeDownloadCallback_Resume@@YAXV?$scoped_refptr@VCefDownloadItemCallback@@@@@Z
?FBroHsBeforeDownloadCallback_Pause@@YAXV?$scoped_refptr@VCefDownloadItemCallback@@@@@Z
?FBroHsDownloadItem_IsComplete@@YAHV?$scoped_refptr@VCefDownloadItem@@@@@Z

libcef

cef_string_utf16_clear
cef_string_utf16_set

shlwapi

StrFromTimeIntervalW
PathIsDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
WSACleanup

uxtheme

SetWindowTheme

gdiplus

GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSetCompositingMode
GdipGetImagePaletteSize

winmm

PlaySoundW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7742c6ce4f3fb457413f3b570486608a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

hpsocket_u

libcurl

fbrowsercef3lib

libcef

shlwapi

version

ws2_32

uxtheme

gdiplus

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 23KB - Virtual size: 75KB

.pdata Size: 196KB - Virtual size: 196KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 108KB - Virtual size: 108KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 23KB - Virtual size: 75KB

.pdata
Size: 196KB - Virtual size: 196KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 108KB - Virtual size: 108KB

.reloc
Size: 18KB - Virtual size: 18KB