6da7cbbb17676c4646158ca97254eaa73217ffa9bdb7560ff43f431303ad0396

Sharing

Copy URL

Twitter E-mail

General

Target

6da7cbbb17676c4646158ca97254eaa73217ffa9bdb7560ff43f431303ad0396
Size

579KB
MD5

0db9400e3c8e970731c66b946ebb4e10
SHA1

839f370bb79da0493eb04626901556df353932b9
SHA256

6da7cbbb17676c4646158ca97254eaa73217ffa9bdb7560ff43f431303ad0396
SHA512

60a9a46a938072381a8587d06ac49032cc5befe57696334a80e3d959d8218b84d4525fbc9ce4b3f667a4256736d97caf46cf2553b1780077f7a13974c9d9d2ae
SSDEEP

12288:DJDhgbWAP9dA8VLQ2jWUrdNs2CZaI02VWshfDA:DJVtAP9dBFQMLrM2CZ7YWA

Score

N/A

Malware Config

Signatures

Files

6da7cbbb17676c4646158ca97254eaa73217ffa9bdb7560ff43f431303ad0396
.exe windows x86

1411211629b31907df7aacfd1be1547e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
curl_easy_init

kernel32

MulDiv
GlobalLock
GlobalUnlock
CreateThread
GetFileAttributesW
CreateEventW
CreateJobObjectW
SetInformationJobObject
WideCharToMultiByte
GetModuleHandleW
IsBadWritePtr
MultiByteToWideChar
LoadResource
SizeofResource
FindResourceW
SetEvent
lstrcmpiW
LoadLibraryExW
GetTickCount
GetCommandLineW
LocalFree
CreateFileW
FlushFileBuffers
GetFileSizeEx
ReadFile
WriteFile
SetEndOfFile
DuplicateHandle
InterlockedCompareExchange
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcpyW
SearchPathW
CreateProcessW
SetUnhandledExceptionFilter
GetModuleHandleExW
CreateFileMappingW
GetFileSize
MapViewOfFile
UnmapViewOfFile
TerminateProcess
ExitProcess
WaitForMultipleObjects
GetVersionExW
lstrcmpW
InterlockedExchange
GetFileAttributesExW
GetModuleFileNameA
InterlockedDecrement
IsDebuggerPresent
AssignProcessToJobObject
ResumeThread
GetProcessTimes
QueryPerformanceCounter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
IsBadStringPtrW
CreateFileA
SetFilePointer
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleFileNameW
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GlobalAlloc
GetCurrentProcessId
GetLocalTime
CloseHandle
GetLastError
SetLastError
GlobalAddAtomW
FreeLibrary
GetProcAddress
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetModuleHandleA

user32

SetParent
KillTimer
SetTimer
GetWindowRect
RemovePropW
SetPropW
GetPropW
CallWindowProcW
LoadCursorW
RegisterWindowMessageW
ReleaseCapture
CreateAcceleratorTableW
IsZoomed
SystemParametersInfoW
IsWindowVisible
SetLayeredWindowAttributes
UpdateLayeredWindow
MapWindowPoints
UpdateWindow
UnhookWindowsHookEx
GetDesktopWindow
PostQuitMessage
GetFocus
DestroyAcceleratorTable
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetParent
IsChild
GetWindow
SetFocus
SetCapture
RedrawWindow
InvalidateRgn
GetLastInputInfo
DrawTextW
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
SendMessageTimeoutW
ReplyMessage
IsIconic
AllowSetForegroundWindow
SetForegroundWindow
DisableProcessWindowsGhosting
FillRect
DestroyIcon
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
CharNextW
WaitForInputIdle
InvalidateRect
TrackMouseEvent
GetCursorPos
EndPaint
BeginPaint
SetCursor
GetWindowThreadProcessId
FindWindowExW
SetWindowPos
PostMessageW
ShowWindow
RegisterClassExW
LoadImageW
UnregisterClassW
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
DefWindowProcW
UnregisterClassA
GetClassInfoExW

gdi32

SetTextAlign
SetBkMode
SetTextColor
SetGraphicsMode
GdiFlush
GdiAlphaBlend
GetObjectType
SetMapMode
EnumFontFamiliesExW
GetCurrentObject
CreateFontIndirectW
CreateDIBSection
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SetBkColor
GetDeviceCaps
SelectObject

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CreateProcessAsUserW

shell32

ord680
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleInitialize
OleUninitialize
CoTaskMemRealloc
CLSIDFromString

oleaut32

LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocString

shlwapi

StrToIntExW
StrNCatW
StrStrIW
StrToInt64ExW
StrCmpIW
wnsprintfW
PathFileExistsW
PathAppendW
wnsprintfA
StrCpyNW

winmm

timeGetTime

imm32

ImmAssociateContext

dbghelp

MakeSureDirectoryPathExists

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
WSAStartup

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1411211629b31907df7aacfd1be1547e

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

imm32

dbghelp

version

ws2_32

userenv

Sections

.text Size: 375KB - Virtual size: 374KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 14KB - Virtual size: 29KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 31KB - Virtual size: 30KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 375KB - Virtual size: 374KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 14KB - Virtual size: 29KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 31KB - Virtual size: 30KB

.rmnet
Size: 56KB - Virtual size: 60KB