d4dbd179c371b6225622b5f5b634b00ec24a7a0fbacadd5295781d6a6595fd66

Sharing

Copy URL

Twitter E-mail

General

Target

d4dbd179c371b6225622b5f5b634b00ec24a7a0fbacadd5295781d6a6595fd66
Size

661KB
MD5

0cd45beff208a445909446f541b53070
SHA1

39619ecbb72cdca862664ac4b242a5912e30651c
SHA256

d4dbd179c371b6225622b5f5b634b00ec24a7a0fbacadd5295781d6a6595fd66
SHA512

8b2bc02c206d89572f8b5a2ce7e66dea19c5c80dda7c003a9284e73acd08bcdf8323067a2612d03bbf556440c755df41a7fd428842b7f27e642f5a2ae39404dc
SSDEEP

12288:7PX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+Y:rE6Ehg7mM+M6RkMkIM7gE6Eh67

Score

N/A

Malware Config

Signatures

Files

d4dbd179c371b6225622b5f5b634b00ec24a7a0fbacadd5295781d6a6595fd66
.exe windows x86

21ce449bac952d12788282110fbde738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

CreateFileW
GetWindowsDirectoryW
TerminateProcess
DeleteCriticalSection
HeapSetInformation
SetErrorMode
InitializeCriticalSection
LoadLibraryW
GetVersionExW
GetProcAddress
GetModuleHandleW
IsWow64Process
GetCurrentProcess
RaiseException
LoadLibraryA
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileTime
GetCommandLineW
LocalAlloc
ExpandEnvironmentStringsW
CreateProcessW
LocalFree
lstrlenW
SetDllDirectoryW
GetLastError
SetLastError
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
LoadResource
FindResourceExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
VerifyVersionInfoW
GetCurrentDirectoryW
GetModuleFileNameW
VerSetConditionMask

user32

CharNextW
SendMessageTimeoutW
IsWindowVisible
IsWindowEnabled
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowExW
MessageBoxW
LoadStringW

msvcrt

??2@YAPAXI@Z
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
memcpy
??3@YAXPAX@Z
bsearch
_vsnwprintf
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
iswspace
memset
_wcsnicmp
_wcsicmp

ntdll

RtlUnwind

shlwapi

PathCombineW
UrlCanonicalizeW
ord462
PathIsURLW
SHGetValueW
SHSetValueW
SHRegGetValueW
ord437
ord154
PathRemoveFileSpecW
PathAppendW
PathQuoteSpacesW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158

shell32

CommandLineToArgvW
ord147

ole32

CoInitialize
CoUninitialize

iertutil

ord31
ord58
ord44
ord9
ord46
ord650
ord163
ord74
ord85
ord81
ord79
ord32
ord325
ord42

urlmon

ord104
ord111
ord410

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ngaut
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21ce449bac952d12788282110fbde738

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 3KB - Virtual size: 2KB

.ngaut Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 3KB - Virtual size: 2KB

.ngaut
Size: 4KB - Virtual size: 4KB