dabea0ecd354fa34f48e16e293d2062ce57c9d3f8877c0128f5046d58c8a9230

Sharing

Copy URL Twitter E-mail

General

Target

dabea0ecd354fa34f48e16e293d2062ce57c9d3f8877c0128f5046d58c8a9230
Size

2.9MB
MD5

0f7cfc5779c8957a2c5aebeb9bffbe79
SHA1

86b919741d8524dfad17739840002107c0dceaa9
SHA256

dabea0ecd354fa34f48e16e293d2062ce57c9d3f8877c0128f5046d58c8a9230
SHA512

5f2abdd10dd8bfd00a40f5d31033ff230adec51782804d70b7628bbf333e463311c80599d0cbbe0eb0af1bc2f8de254136f825ad75ae01015db9b4f2db431858
SSDEEP

24576:aoGgQe+W3D5Ot3JKseg+UScax1hx5adpljYM8mWb/W8aDs2ABeiG:aoGJMOt5KsewafLM8mWb/W8v2ABe5

Score

N/A

Malware Config

Signatures

Files

dabea0ecd354fa34f48e16e293d2062ce57c9d3f8877c0128f5046d58c8a9230
.exe windows x86

c525e9e8511fc387244467ce369ec055

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses
GetProcessImageFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoSizeA

setupapi

SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetDeviceInstallParamsW

iphlpapi

GetAdaptersInfo

kernel32

GetProcAddress
LoadLibraryW
GetExitCodeProcess
CreateProcessW
IsWow64Process
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetVersionExW
HeapFree
GetProcessHeap
GetSystemInfo
GetTickCount
GetLogicalDrives
lstrcpynW
QueryDosDeviceW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
OpenThread
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetThreadTimes
OpenProcess
GetProcessTimes
CreateMutexW
OpenMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenEventW
ResetEvent
CreateSemaphoreW
OpenSemaphoreW
ReleaseSemaphore
CreateNamedPipeW
CreatePipe
WaitNamedPipeW
CreateFileW
ConnectNamedPipe
CancelIo
WaitForMultipleObjects
DisconnectNamedPipe
GetOverlappedResult
WriteFile
FlushFileBuffers
GetCurrentThread
PeekNamedPipe
WideCharToMultiByte
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetStartupInfoW
SetLastError
DuplicateHandle
GetStdHandle
CreateDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
CopyFileW
GetModuleHandleExW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
LocalAlloc
GetVolumeInformationW
GetComputerNameW
lstrcpyA
OutputDebugStringA
lstrcpyW
GetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetSystemDefaultLangID
GetUserDefaultUILanguage
GlobalMemoryStatusEx
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadAffinityMask
GetProcessAffinityMask
GlobalFree
GlobalAlloc
GetDiskFreeSpaceExW
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LocalFree
InitializeCriticalSection
InterlockedDecrement
SetEvent
GetCurrentThreadId
WriteConsoleW
InterlockedIncrement
RaiseException
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
WaitForSingleObject
CreateEventW
CreateThread
CloseHandle
Sleep
GetCommandLineW
GetEnvironmentVariableW
OutputDebugStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
VirtualQuery
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcmpW
LCMapStringA
LCMapStringW
ReadFile
IsValidCodePage
GetOEMCP
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleA
FatalAppExitA
DebugBreak
FindFirstFileA
GetDriveTypeA
GetFileType
SetStdHandle
MoveFileW
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsBadReadPtr
HeapValidate
InterlockedCompareExchange
GetModuleFileNameA
OpenFileMappingA
GetVersion
CreateFileMappingA
VirtualAlloc
GetStringTypeW
GetStringTypeA
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCurrentProcessId
OpenEventA
lstrlenA
GetCPInfo

user32

GetMonitorInfoW
EnumDisplaySettingsW
FindWindowA
UnregisterClassW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW
MonitorFromPoint
EnumDisplaySettingsExW
EnumDisplayDevicesW
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageA
DispatchMessageA
UnregisterClassA

advapi32

RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetThreadToken
GetFileSecurityW
SetFileSecurityW
RegGetKeySecurity
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
EqualSid
DeleteAce
AddAccessAllowedAce
AddAccessDeniedAce
GetAclInformation
GetAce
AddAce
LookupAccountNameW
IsValidSid
CopySid
OpenProcessToken
GetTokenInformation
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
RevertToSelf
ImpersonateSelf
OpenThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoSetProxyBlanket
CoCreateGuid
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject

oleaut32

SafeArrayGetLBound
SafeArrayGetElement
VariantCopy
CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

shlwapi

PathGetDriveNumberW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c525e9e8511fc387244467ce369ec055

Headers

File Characteristics

Imports

psapi

version

setupapi

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 540KB - Virtual size: 536KB

.data Size: 32KB - Virtual size: 39KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 244KB - Virtual size: 244KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 540KB - Virtual size: 536KB

.data
Size: 32KB - Virtual size: 39KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 244KB - Virtual size: 244KB