4a9dec7adc715fd5d06bcf34ba0bed50057ca4292b4625339f0f1733edf0b96a

Sharing

Copy URL Twitter E-mail

General

Target

4a9dec7adc715fd5d06bcf34ba0bed50057ca4292b4625339f0f1733edf0b96a
Size

247KB
MD5

0ce1d503bbcbd0f9cbe173e9405714c0
SHA1

affde69dcbeca106824217df01de57f88c7c15f0
SHA256

4a9dec7adc715fd5d06bcf34ba0bed50057ca4292b4625339f0f1733edf0b96a
SHA512

e3edf2d152f2d1333917a0fd181c0efe82afa8343f4a2010cc350d10165ef455e99d405dbef6beffb9a5facbb5c59452baf6a5ededa17a6eab3ebc7199744feb
SSDEEP

6144:fjmle2elNSM2tz6UBnjy4LWSVU1yGy4aD0UWx:Ke2elNSRtXdjyJdyP8

Score

N/A

Malware Config

Signatures

Files

4a9dec7adc715fd5d06bcf34ba0bed50057ca4292b4625339f0f1733edf0b96a
.exe windows x86

766d366efea282104be4d4bcdb542921

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetCommandLineA
MultiByteToWideChar
WaitForSingleObject
OpenProcess
lstrcmpiA
WideCharToMultiByte
FindNextFileA
FindClose
GetLocalTime
GetFullPathNameA
FindFirstFileA
CreateDirectoryA
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
WriteFile
SetFilePointer
MoveFileA
SetFileAttributesA
lstrcpynA
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetModuleHandleA
CreateProcessA
SetEvent
OpenEventA
GetVersion
GetFileAttributesA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
ResetEvent
GetTempPathA
WritePrivateProfileStringA
TerminateThread
GetExitCodeThread
ResumeThread
CreateEventA
ReadFile
WritePrivateProfileSectionA
CompareStringA
SetLastError
RemoveDirectoryA
CopyFileA
FlushFileBuffers
SetEndOfFile
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GlobalAlloc
GlobalFree
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetWindowsDirectoryA
lstrlenA
GetTickCount
Sleep
GetCurrentProcess
CreateFileA
GetVersionExA
DeviceIoControl
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
CloseHandle
GetLastError
LocalAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsBadWritePtr
LocalFree
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CompareStringW
VirtualFree
HeapCreate
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
TerminateProcess
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
EnterCriticalSection
LeaveCriticalSection

user32

CharUpperA
FindWindowA
SendMessageA
IsWindow
wsprintfA

advapi32

RegEnumKeyExA
OpenProcessToken
CloseServiceHandle
OpenServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryInfoKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSaveKeyA
AllocateAndInitializeSid
SetTokenInformation
CreateProcessAsUserA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
CreateServiceA
ChangeServiceConfigA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
GetTokenInformation

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeSecurity

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
VarBstrCat
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathSkipRootA
StrStrIA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CryptMsgClose

rpcrt4

UuidCreate

wininet

HttpQueryInfoA
InternetAttemptConnect
InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
InternetCrackUrlA
InternetSetOptionA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

766d366efea282104be4d4bcdb542921

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

crypt32

rpcrt4

wininet

version

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 72KB - Virtual size: 72KB