b32a22995b701ca22d12df23891ca0e404dcaace5bcdcfbc254d81839da307bd

Sharing

Copy URL Twitter E-mail

General

Target

b32a22995b701ca22d12df23891ca0e404dcaace5bcdcfbc254d81839da307bd
Size

138KB
MD5

083e0ac11c1dd16acf5e6882d76b92c1
SHA1

7740f51ea4480010bcabcf71b5fd023edc90b33e
SHA256

b32a22995b701ca22d12df23891ca0e404dcaace5bcdcfbc254d81839da307bd
SHA512

7ba59e8e718222bb56205fc166254e3e8851def6a4734b23c384e2d08c8f2c335430403464b0d4ce4dd688b31e14b20523ee1eddf88e340446639e6a25676979
SSDEEP

3072:8HJ1aXGPOfCnMNA57PDedosW2DjAq+IYDRK1pDdYaSd8s7SPqgJKr0y:8baXDE76dosW2DWI+AhSd8LPmr0y

Score

N/A

Malware Config

Signatures

Files

b32a22995b701ca22d12df23891ca0e404dcaace5bcdcfbc254d81839da307bd
.exe windows x86

b7512b85b4e22c1b818fa9c78c40ec81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
ReleaseMutex
FindNextFileW
VirtualFree
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetSystemTime
WriteProcessMemory
CreateThread
GetLocalTime
GetCommandLineW
SetErrorMode
GetComputerNameW
GetModuleFileNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
ResetEvent
GetPrivateProfileStringW
GetPrivateProfileIntW
TlsGetValue
TlsSetValue
TerminateProcess
MoveFileExW
GetUserDefaultUILanguage
TlsFree
TlsAlloc
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
HeapReAlloc
GetTempFileNameW
GetCurrentThreadId
CreateEventW
FileTimeToDosDateTime
GetEnvironmentVariableW
SetFileAttributesW
WTSGetActiveConsoleSessionId
CreateFileW
GetFileAttributesW
LoadLibraryW
CreateDirectoryW
FreeLibrary
ExitProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
lstrcmpiW
GetProcAddress
VirtualProtect
GetModuleHandleW
CreateFileMappingW
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
LocalFree
GetVersionExW
GetNativeSystemInfo
GlobalUnlock
GetTickCount
GlobalLock
CloseHandle
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetThreadContext
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
RemoveDirectoryW
WaitForSingleObject

user32

GetMessageA
GetUpdateRgn
GetMessageW
GetWindowDC
SetCapture
BeginPaint
GetUpdateRect
GetCapture
SetCursorPos
PeekMessageW
GetDCEx
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
GetSystemMetrics
RegisterClassExA
EndPaint
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
IsRectEmpty
MenuItemFromPoint
GetDC
GetMenu
RegisterClassExW
GetMenuItemRect
CharLowerW
DrawIcon
PrintWindow
GetIconInfo
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
FillRect
GetWindowInfo
DrawEdge
IntersectRect
MapVirtualKeyW
PostMessageW
CharToOemW
EqualRect
RegisterWindowMessageW
GetTopWindow
ExitWindowsEx
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerBuffA
ToUnicode
GetWindowLongW
CharLowerA
CharUpperW
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
CallWindowProcA
EndMenu
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
OpenDesktopW
GetClipboardData
GetKeyboardState
TranslateMessage
GetShellWindow
RegisterClassA
GetWindowThreadProcessId
DefFrameProcW
DefWindowProcW
CallWindowProcW
LoadImageW

advapi32

ConvertSidToStringSidW
GetLengthSid
InitiateSystemShutdownExW
EqualSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
IsWellKnownSid
RegEnumKeyExW

shlwapi

StrCmpNIW
PathIsURLW
StrStrIW
StrStrIA
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRemoveFileSpecW
PathQuoteSpacesW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
CreateDIBSection
GdiFlush
SetViewportOrgEx
GetDIBits
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
SetRectRgn
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

getsockname
WSAEventSelect
freeaddrinfo
recv
sendto
select
getaddrinfo
recvfrom
getpeername
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
bind
socket
WSASetLastError
listen
accept
WSASend
closesocket
send
WSAGetLastError

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
InternetQueryOptionA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7512b85b4e22c1b818fa9c78c40ec81

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB