4567218956f23568cfcb3d25364761cb61d97549544b79ed01930e9e06688f83

Sharing

Copy URL Twitter E-mail

General

Target

4567218956f23568cfcb3d25364761cb61d97549544b79ed01930e9e06688f83
Size

754KB
MD5

0c32729f491f3eee5a6aebcf52976100
SHA1

95f5fe6d1e3aa6f37496d386c8a76f8d62343b27
SHA256

4567218956f23568cfcb3d25364761cb61d97549544b79ed01930e9e06688f83
SHA512

07b9a841a7222bfe95805fb4012db8420f8912a6936dc4389598dacf881690f87f71c0def99886c447f2c3aba778a3c69e3a79543c34b6be55135d9e3e71383e
SSDEEP

12288:82oK/viG+zR3Kh20/o3sc5KCyrdy6uFK6n5jNai+dsJX/:RzBwsc5urdfd65jcRs1

Score

N/A

Malware Config

Signatures

Files

4567218956f23568cfcb3d25364761cb61d97549544b79ed01930e9e06688f83
.exe windows x86

abe9953a5a268041f11e0c14e82ef842

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetTickCount
CreateEventW
SetWaitableTimer
CreateWaitableTimerW
GetDiskFreeSpaceExW
GetTempFileNameW
GetTempPathW
CancelWaitableTimer
WaitForMultipleObjects
GetSystemTime
OpenProcess
GetVersionExW
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcmpA
lstrcmpiA
GetModuleHandleW
GetCommandLineW
LoadLibraryA
SetErrorMode
GetPrivateProfileStringW
CreateDirectoryW
GetSystemTimeAsFileTime
CreateMutexW
GetSystemDirectoryW
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
GetCurrentProcessId
GetSystemDefaultLangID
GetModuleFileNameW
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
FileTimeToLocalFileTime
FindClose
ResetEvent
FindFirstFileW
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
LocalFree
GetLocalTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
IsBadWritePtr
CompareStringW
CompareStringA
CreateFileA
GetProcessHeap
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetCurrentThread
SetLastError
TlsGetValue
SetFileTime
WriteFile
TlsAlloc
TlsFree
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
lstrlenW
FindNextFileW
IsBadReadPtr
TlsSetValue
lstrlenA
WaitForSingleObject
Sleep
SetEvent
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetLastError
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
CloseHandle
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
CreateThread
GetCurrentThreadId
ExitThread
HeapFree
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
ReadFile
SetEnvironmentVariableA

user32

PtInRect
IsWindow
IsDlgButtonChecked
ValidateRect
RedrawWindow
UpdateWindow
SendMessageW
SetWindowPos
IsWindowVisible
GetWindow
GetWindowThreadProcessId
GetForegroundWindow
wsprintfW
SendMessageTimeoutW
CopyRect
GetMonitorInfoW
MonitorFromPoint
ReleaseDC
GetClientRect
GetDC
FindWindowExW
GetDesktopWindow
GetShellWindow
SetWindowTextW
GetWindowRect
GetCursorPos
SubtractRect
RegisterClassW
CreateWindowExW
PostQuitMessage
DefWindowProcW
EndPaint
BeginPaint
SetForegroundWindow
ScreenToClient
GetPropW
SetTimer
SetWindowRgn
SetPropW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
SetCursor
LoadCursorW
FindWindowW

gdi32

SetBkMode
CreateFontIndirectW
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExA
RegQueryValueExW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

StrToIntExW
PathFileExistsW
SHGetValueW
PathAppendW
PathGetDriveNumberW
PathRemoveFileSpecW
StrToIntW
SHDeleteKeyW
SHDeleteValueW
PathFindFileNameA
PathMatchSpecW
StrStrIW
StrStrW
SHSetValueW
SHGetValueA

gdiplus

GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipAlloc
GdipDrawImageRectI
GdipFree
GdipDisposeImage

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCrackUrlW
FtpCommandW
InternetGetLastResponseInfoW
InternetSetOptionA
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
HttpQueryInfoW
FtpGetFileSize
HttpSendRequestExW
InternetSetOptionW
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetQueryOptionW
InternetWriteFile
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetCloseHandle
HttpOpenRequestW

psapi

GetProcessImageFileNameA
EnumProcesses
EnumProcessModules
GetModuleFileNameExW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

abe9953a5a268041f11e0c14e82ef842

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

wininet

psapi

wintrust

crypt32

Sections

.text Size: 525KB - Virtual size: 524KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 13KB - Virtual size: 43KB

.rsrc Size: 114KB - Virtual size: 116KB

.text
Size: 525KB - Virtual size: 524KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 13KB - Virtual size: 43KB

.rsrc
Size: 114KB - Virtual size: 116KB