ae80adf0be2f6544d178b6803b82a6e1d4cc351d0715dd12818d01d87ac7769e

Sharing

Copy URL

Twitter E-mail

General

Target

ae80adf0be2f6544d178b6803b82a6e1d4cc351d0715dd12818d01d87ac7769e
Size

661KB
MD5

04c86e610edb9112884fddf1143e0f50
SHA1

bb7cb68336546f66be3092451991ea66f355cc99
SHA256

ae80adf0be2f6544d178b6803b82a6e1d4cc351d0715dd12818d01d87ac7769e
SHA512

a9e2e4abf015cfaa03552bacd0d99242a37a8b41780df7572957aee4dbe329aca0adf63bafef85cdb01236f32d4d1a1d65a36f45d23d1c8972c429410d0e2479
SSDEEP

12288:FOHyWKAEp7nE1Ikom9IVOUnTLqoTnwBjdpnGVmIGQs9wG7O1tuT:FSy1p7nE1IlVdTLqLjTnGVmIGn761

Score

N/A

Malware Config

Signatures

Files

ae80adf0be2f6544d178b6803b82a6e1d4cc351d0715dd12818d01d87ac7769e
.exe windows x86

cda4ac094a2bbe423e81f35e4a562a5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord155
SHGetFolderLocation
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ExtractIconExA
CommandLineToArgvW
SHChangeNotify

wininet

HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenA
InternetReadFile
HttpSendRequestW
HttpSendRequestA
HttpAddRequestHeadersA
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetConnectA
HttpOpenRequestA
HttpSendRequestExW

kernel32

VirtualQuery
SetThreadContext
GetThreadContext
VirtualProtect
LoadLibraryA
LocalAlloc
DeviceIoControl
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
GlobalAlloc
GlobalFree
MapViewOfFile
CreateFileMappingW
SetEnvironmentVariableA
InterlockedExchange
GetCommandLineW
RaiseException
SetLastError
GetProcAddress
LoadLibraryW
GetTempFileNameW
GetTempPathW
CreateThread
WaitForSingleObject
CreateEventW
SetEvent
MoveFileExW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ResumeThread
lstrlenA
GetNativeSystemInfo
IsWow64Process
GetProcessTimes
GetTickCount
FileTimeToDosDateTime
CompareStringW
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
Sleep
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetVersionExW
OpenProcess
GetModuleHandleW
QueryPerformanceCounter
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CreateFileW
GetFileTime
FindFirstFileW
FindClose
CreateDirectoryW
FindNextFileW
GetShortPathNameW
GetFileSize
ReadFile
WriteFile
UnmapViewOfFile
OpenFileMappingW
CreateToolhelp32Snapshot
Process32FirstW
LocalFree
Process32NextW
GetCurrentProcessId
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
GetProcessId
TerminateProcess
CopyFileW
CreateMutexA
CreateMutexW
ReadProcessMemory
GetLongPathNameW
GetLocalTime
ExpandEnvironmentStringsW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapAlloc
GetProcessHeap
HeapFree
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetFileAttributesW
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemDefaultLangID
GetUserDefaultLangID
GetComputerNameW
SetUnhandledExceptionFilter
GetDriveTypeW
GetSystemTimeAsFileTime
OutputDebugStringA
GetSystemInfo
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
SystemTimeToTzSpecificLocalTime
GetLocaleInfoA
GetDiskFreeSpaceW
SetFilePointer
GetFileAttributesExW
GetFullPathNameA
FreeLibrary
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
InterlockedDecrement
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LCMapStringW
HeapCreate
ExitProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
MoveFileW

user32

SetCapture
SetFocus
GetFocus
PtInRect
ScreenToClient
GetCursorPos
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
GetSystemMetrics
UnregisterClassA
LoadStringW
wsprintfW
FindWindowW
MessageBoxW
PostMessageW
CreateIconFromResourceEx
GetIconInfo
IsCharAlphaNumericW
EnumChildWindows
EnumWindows
GetClassNameW
LoadIconW
OffsetRect
PostQuitMessage
SetWindowTextW
LoadImageW
UpdateLayeredWindow
FillRect
GetDC
wsprintfA
GetWindowTextW
GetWindowThreadProcessId
IsWindowVisible
SetWindowLongW
SendMessageW
GetActiveWindow
ShowWindow
ReleaseCapture
EnableWindow
DialogBoxParamW
IsWindow
SetTimer
BeginPaint
EndPaint
SetWindowPos
KillTimer
BringWindowToTop
CallWindowProcW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
DestroyIcon
EndDialog
DrawIcon
GetWindow
GetWindowLongW
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints

gdi32

SelectClipRgn
CreateRectRgn
GetBitmapBits
GetObjectW
GetClipBox
CreateCompatibleDC
DeleteObject
CreateDIBSection
GdiFlush
CreateSolidBrush
SelectObject

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
VarBstrCmp
VariantClear
SysAllocString
SysFreeString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

StrCmpIW
SHGetValueA
SHSetValueA
SHGetValueW
PathFileExistsW
SHCopyKeyW
SHDeleteKeyW
PathCanonicalizeW
StrStrIA

winmm

timeGetTime

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmAssociateContextEx
ImmSetOpenStatus

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcessModules
GetProcessImageFileNameW
GetModuleInformation

advapi32

RegQueryValueExW
RegCloseKey
CryptAcquireContextW
RegQueryInfoKeyW
RegEnumKeyW
CryptGetKeyParam
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
OpenProcessToken
DuplicateToken
MapGenericMask
GetFileSecurityW
AccessCheck
RegCreateKeyExW
OpenEventLogW
ReadEventLogW
CloseEventLog
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW

ws2_32

WSAStartup

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�1j
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cda4ac094a2bbe423e81f35e4a562a5c

Headers

DLL Characteristics

File Characteristics

Imports

shell32

wininet

kernel32

user32

gdi32

ole32

oleaut32

version

shlwapi

winmm

imm32

psapi

advapi32

ws2_32

Sections

.text Size: 378KB - Virtual size: 378KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 44KB - Virtual size: 44KB

�1j Size: 86KB - Virtual size: 88KB

.text
Size: 378KB - Virtual size: 378KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 44KB - Virtual size: 44KB

�1j
Size: 86KB - Virtual size: 88KB