ff301ef0f84ef49b56163270727c7f2d7cfac54a9a709293388779b05d47cd61

Sharing

Copy URL Twitter E-mail

General

Target

ff301ef0f84ef49b56163270727c7f2d7cfac54a9a709293388779b05d47cd61
Size

315KB
MD5

0ca2648137eb8ab29ed8826a21b8b2b0
SHA1

3d5c45060f5dca29e6c98a6061a5041c89773d84
SHA256

ff301ef0f84ef49b56163270727c7f2d7cfac54a9a709293388779b05d47cd61
SHA512

e003f647763e9ca07f6e53cddd990533de667f518a864d20e29861cda8c2c1fd9eb44bada1bbb95cb3a11b34f6aa837a71533a259e0475a80aec821f8c93f8fe
SSDEEP

6144:av46W+yNsEzUgZfzCmIlRPzLflY2DnjoOzV6SHdSxLHDwgAhFo4cwK:oW9ZLCplRPzhY2DjoOzIS9SxrDD4cL

Score

N/A

Malware Config

Signatures

Files

ff301ef0f84ef49b56163270727c7f2d7cfac54a9a709293388779b05d47cd61
.exe windows x86

e30032030fc27124ff07e4f19caeb703

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
WaitForSingleObject
OpenProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
TerminateThread
Sleep
GlobalMemoryStatusEx
SetProcessWorkingSetSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
GetModuleHandleA
lstrlenA
DeviceIoControl
CreateFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
InterlockedDecrement
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
lstrlenW
GetModuleFileNameW
SetLastError
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
GetCurrentThreadId
CreateMutexW
TerminateProcess
CreateThread
ExitThread
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
GetFileType
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSizeEx
WriteFile
SetFilePointerEx
ReadFile
GetLastError
HeapCreate
ExitProcess
HeapReAlloc
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
GetStartupInfoW
RtlUnwind
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LocalFree
GetSystemTime
FormatMessageW
LoadLibraryW
OutputDebugStringW
GetSystemTimeAsFileTime
CreateFileA
ReleaseMutex
TlsGetValue
TlsSetValue
OpenThread
TlsAlloc
IsDebuggerPresent

user32

DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
GetActiveWindow
MessageBoxW
UnregisterClassA
PeekMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
GetClassInfoExW
GetDC
ReleaseDC
CallWindowProcW
GetWindowLongW
LoadStringW
KillTimer
SetTimer
ShowWindow
SendMessageW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
ModifyMenuW
GetSubMenu
TrackPopupMenu
LoadMenuW
FindWindowW
GetCursorPos
SetForegroundWindow
LoadIconW
SystemParametersInfoW
SetWindowsHookExW
UnhookWindowsHookEx
PostQuitMessage
CallNextHookEx
PostMessageW
CharNextW
RegisterClassExW
LoadCursorW

gdi32

SetDeviceGammaRamp
GetDeviceGammaRamp

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathFindFileNameW
PathAddBackslashW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
SHGetValueW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

sfc

SfcIsFileProtected

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.yrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e30032030fc27124ff07e4f19caeb703

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

sfc

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 10KB - Virtual size: 10KB

.yrdata Size: 68KB - Virtual size: 68KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 10KB - Virtual size: 10KB

.yrdata
Size: 68KB - Virtual size: 68KB