ce4390cb817da478d7bf667814ce6b7ba208d5fe3ecd62c51766bda6eefe8b30

Sharing

Copy URL Twitter E-mail

General

Target

ce4390cb817da478d7bf667814ce6b7ba208d5fe3ecd62c51766bda6eefe8b30
Size

496KB
MD5

034f68f63651726bef81c47287fa8510
SHA1

ddf1bf989ff4af0f923bf8c2515cc0606a644cc8
SHA256

ce4390cb817da478d7bf667814ce6b7ba208d5fe3ecd62c51766bda6eefe8b30
SHA512

4f415b9a291dbb980d0245fe31ba77369288fc304611322d80dffaf5e28e130d3376a2b58bebd361831aaadec74f5bc7f214ea328f91f5a08ee1b2ec05059287
SSDEEP

6144:/2P3KMlBG8kATzpdrRjRgJ9B3dKeOaA//p4Y1tkJGvKFAVhLjEaLcSNqZVxcXo:ObZzRjR85OZ/5cuKFAV5pLcS4WX

Score

N/A

Malware Config

Signatures

Files

ce4390cb817da478d7bf667814ce6b7ba208d5fe3ecd62c51766bda6eefe8b30
.exe windows x86

cae4c678c3bdba06ef6c2abe78d0ab61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
OpenProcessToken
RegEnumKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

CreateFileA
GetACP
IsValidCodePage
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
GetSystemPreferredUILanguages
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
MoveFileW
CreateDirectoryW
GetVersionExA
LoadLibraryExA
GetFileSize
SetFilePointer
GetModuleHandleA
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
ReleaseSemaphore
CreateSemaphoreW
GetTempFileNameW
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
FileTimeToSystemTime
OpenEventW
CopyFileW
GetFileAttributesExW
LocalFree
SetLastError
GetVersion
SetDllDirectoryW
HeapSetInformation
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
InterlockedExchange
LockResource
SizeofResource
LoadResource
FindResourceW
RaiseException
SwitchToThread
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount64
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CloseHandle
CreateEventW
ResetEvent
SetEvent
DuplicateHandle
GetCurrentProcess
GetSystemInfo
GetFileAttributesW
SetThreadPriority
ResumeThread
CreateThread
WaitForSingleObject
FindResourceExW
lstrlenW
DeleteFileW
lstrlenA
WideCharToMultiByte
GetCurrentProcessId
OpenProcess
LoadLibraryW
CreateFileW
GetSystemTime
SystemTimeToFileTime
WerRegisterFile
VirtualQueryEx
SetThreadStackGuarantee
UnhandledExceptionFilter
OutputDebugStringW
GetTickCount
CompareStringA
CompareStringW
GetCurrentThread
ReadFile
GetEnvironmentVariableW
GetStdHandle
WriteFile
Sleep
GetCommandLineW
CreateProcessW
CompareFileTime
GetVersionExW
DeleteAtom
AddAtomW
FindAtomW
InterlockedCompareExchange
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualQuery

msvcr110

_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
__CxxFrameHandler3
??1type_info@@UAE@XZ
memset
memmove_s
wmemcpy_s
_wcsnicmp
wcsnlen
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_resetstkoflw
_wsplitpath_s
_wmakepath_s
_vscwprintf
_onexit
_strlwr_s
_ultow_s
wcsrchr
calloc
_vsnwprintf
swprintf_s
_set_purecall_handler
isprint
strcpy_s
swscanf_s
_wtoi
memmove
_wfullpath
wcspbrk
_wcslwr_s
_wfopen_s
fgetws
wcsspn
wcscspn
memcpy
_CxxThrowException
ceil
_wcsupr_s
iswspace
tolower
_ui64tow_s
wcsncmp
_wfsopen
ferror
fputws
wcscat_s
_wtol
memcmp
_swab
_itow_s
malloc
_callnewh
??3@YAXPAX@Z
_purecall
free
wcsncpy_s
wcscpy_s
fopen_s
fprintf
fclose
_wcsicmp
??_V@YAXPAX@Z
memcpy_s
wcsstr
_recalloc
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_lock
wcschr
_unlock
_calloc_crt
__dllonexit
vswprintf_s

user32

CharNextW
LoadStringW
MessageBoxW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
LoadIconW
LoadImageW
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
ShowWindow
IsWindowVisible
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
DefWindowProcW
GetSystemMetrics
SystemParametersInfoA
DispatchMessageW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
IIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
CoInitializeSecurity
OleUninitialize
CoInitialize
StringFromCLSID
CoCreateGuid
CLSIDFromString
CoUninitialize

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr
SysAllocString
SetErrorInfo
VariantTimeToSystemTime
VariantInit
VariantClear
GetErrorInfo
VarBstrCat
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SysAllocStringByteLen
SysStringByteLen
SafeArrayCreate
SafeArrayDestroy
SafeArrayUnlock

gdiplus

GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipStringFormatGetGenericDefault
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetFontHeight
GdipDeleteStringFormat

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
GetObjectW

shell32

SHGetFileInfoW
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW

shlwapi

PathAppendW
PathCombineW
PathRemoveFileSpecW
SHCreateStreamOnFileEx
StrToIntW
PathAddBackslashW
PathRemoveExtensionW
PathFindFileNameW
PathRenameExtensionW
PathFindExtensionW
PathMatchSpecW
PathStripPathW
PathIsFileSpecW
PathRemoveBackslashW
PathRemoveBlanksW
PathIsRelativeW
AssocQueryStringW
StrToIntExW
PathFileExistsW
PathIsDirectoryW
StrToInt64ExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptUnprotectData

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cae4c678c3bdba06ef6c2abe78d0ab61

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr110

user32

ole32

oleaut32

gdiplus

msvcp110

gdi32

shell32

shlwapi

version

crypt32

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 2KB - Virtual size: 9KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 94KB - Virtual size: 96KB

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 2KB - Virtual size: 9KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 94KB - Virtual size: 96KB