eed022a95eaa1f564137ee555c770dc81fbb64c2777326be47f6d35f1fd84c57

Sharing

Copy URL Twitter E-mail

General

Target

eed022a95eaa1f564137ee555c770dc81fbb64c2777326be47f6d35f1fd84c57
Size

446KB
MD5

063157964467dedd2f839cff16ecb250
SHA1

742e9a29bced0189a14826e068b531c89ddc736e
SHA256

eed022a95eaa1f564137ee555c770dc81fbb64c2777326be47f6d35f1fd84c57
SHA512

2cb0bdab7c3e9290a0821fb4cc3f0b4c1ccb63454774cedd2fb0fa1ed60a76d3753ea5fbae8ecdca3fa50616f6acee89005462f6d354d4f4413524e0744f97fb
SSDEEP

12288:RAqFcqUZxx5e2txQvxO+CoF4hhhhhhhhhVkh0GZaO7dn:RRc5xOcQvMSYkyGoadn

Score

N/A

Malware Config

Signatures

Files

eed022a95eaa1f564137ee555c770dc81fbb64c2777326be47f6d35f1fd84c57
.exe windows x86

0003a47d5858211c7f04045032bc172c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
CopyFileW
MoveFileW
InterlockedExchangeAdd
InitializeCriticalSection
ExitProcess
MapViewOfFile
ReleaseMutex
CreateFileMappingW
WaitForSingleObject
CreateMutexW
TerminateProcess
GetCurrentProcess
TlsSetValue
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLocalTime
TlsGetValue
TlsAlloc
LoadLibraryW
GetSystemInfo
FreeLibrary
UnmapViewOfFile
InterlockedDecrement
TlsFree
DeleteCriticalSection
lstrlenW
RaiseException
GetProcAddress
GetModuleHandleW
Sleep
FlushInstructionCache
HeapFree
GetProcessHeap
HeapAlloc
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
lstrlenA
LockResource
LoadResource
FindResourceW
GetTickCount
CreateThread
DeleteFileA
GetExitCodeProcess
FreeResource
SizeofResource
FindResourceA
MoveFileExA
CreateEventW
InterlockedIncrement
SetLastError
RemoveDirectoryW
GetTempPathA
OutputDebugStringW
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetModuleFileNameA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
LCMapStringA
LCMapStringW
SetFilePointer
GetCPInfo
WriteFile
GetTimeZoneInformation
GetCurrentDirectoryW
VirtualProtect
SetStdHandle
GetDriveTypeA
WritePrivateProfileStringW
FlushFileBuffers
GetFileAttributesW
CreateDirectoryW
GetFileAttributesA
CreateDirectoryA
CloseHandle
GlobalAlloc
GlobalLock
FindFirstFileW
GetLastError
DeleteFileW
FindNextFileW
FindClose
GetCurrentProcessId
MultiByteToWideChar
GetCurrentThreadId
GetModuleFileNameW
GlobalUnlock
GlobalFree
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
InterlockedExchange

user32

FindWindowW
MapDialogRect
SetWindowContextHelpId
DefWindowProcW
CreateWindowExW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetClassInfoW
RegisterClassW
SetFocus
IsDialogMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
LoadMenuW
GetSubMenu
ModifyMenuW
GetCursorPos
SetForegroundWindow
TrackPopupMenuEx
DestroyMenu
BeginPaint
DrawTextW
EndPaint
FindWindowExW
EnableMenuItem
wsprintfW
GetActiveWindow
SendDlgItemMessageW
EndDialog
DialogBoxParamW
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
GetDlgItem
EnableWindow
IsWindowEnabled
KillTimer
SetTimer
ShowWindow
InvalidateRect
SetWindowPos
GetSystemMenu
SetWindowTextW
SendMessageW
GetWindowLongW
SetWindowLongW
DestroyWindow
LoadIconW
GetSystemMetrics
LoadImageW
PostMessageW
MessageBoxW
GetMenuState

gdi32

BitBlt
DeleteDC
StretchBlt
CreateFontW
DeleteObject
GetObjectW
SetBkColor
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

shell32

ord680
ShellExecuteExA
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
StringFromIID
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString
SysAllocString
OleLoadPicture
SysAllocStringLen
SysStringLen

atl71

ord61
ord64
ord44
ord43
ord23
ord37
ord66
ord42
ord60
ord48
ord65

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathAppendA
PathFileExistsW
PathAppendW
PathAddBackslashA
StrCmpW

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileA
URLDownloadToCacheFileW

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0003a47d5858211c7f04045032bc172c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

comctl32

msimg32

version

urlmon

wintrust

crypt32

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 184KB - Virtual size: 182KB

.prdata Size: 80KB - Virtual size: 80KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 184KB - Virtual size: 182KB

.prdata
Size: 80KB - Virtual size: 80KB