c94c487fb14138e4c225843830fb7c7024dae8fba182d76987480961d28a40fd

Sharing

Copy URL Twitter E-mail

General

Target

c94c487fb14138e4c225843830fb7c7024dae8fba182d76987480961d28a40fd
Size

417KB
MD5

130b76d12dd0655eec1942f972a54620
SHA1

a370da300daef1e55a43754cf14c3976b1502c37
SHA256

c94c487fb14138e4c225843830fb7c7024dae8fba182d76987480961d28a40fd
SHA512

fbef7fe3a1df9bdaf11fb512b2947caed1199a21941251edb474ca1412e6e05d207e47ca1c98a51bdec9af9274e99a030a918e88ec86764c26785db77c5f4263
SSDEEP

12288:WYoDGB0djf4U06BDn+Fec60P2yCEBw7csHc:yPdNBykWP7Bw73c

Score

N/A

Malware Config

Signatures

Files

c94c487fb14138e4c225843830fb7c7024dae8fba182d76987480961d28a40fd
.exe windows x86

d805d0f69945dfd1836a5d4d0f8ddc7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryInformationProcess
NtTerminateProcess
NtCreateFile
LdrLoadDll
LdrGetDllHandle

kernel32

IsBadReadPtr
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
VirtualAllocEx
WriteProcessMemory
SetEndOfFile
SetFilePointerEx
CreateDirectoryW
SetFileTime
GetFileAttributesW
ReadFile
GetTempPathW
GetFileSizeEx
GetFileTime
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
GetCurrentProcess
DuplicateHandle
ResumeThread
ExitProcess
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
lstrcmpiW
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateProcessW
GetVolumeInformationW
lstrcatW
ExpandEnvironmentStringsW
GetExitCodeThread
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
FileTimeToLocalFileTime
FlushInstructionCache
GetThreadPriority
MoveFileExW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpiA
VirtualQuery
GetEnvironmentVariableW
OpenProcess
Thread32First
Thread32Next
CreateToolhelp32Snapshot
GetCurrentThreadId
CreateRemoteThread
Process32FirstW
GetUserDefaultUILanguage
SetErrorMode
GetLongPathNameW
OpenEventW
UnregisterWait
RegisterWaitForSingleObject
DosDateTimeToFileTime
RemoveDirectoryW
GlobalLock
GlobalUnlock
FileTimeToDosDateTime
GetTempFileNameW
lstrcpynA
CreateFileMappingW
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
VirtualFree
LoadLibraryA
GetProcAddress
SetFilePointer
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetModuleFileNameW
GetProcessTimes
GetLogicalDrives
GetSystemDefaultUILanguage
GetDriveTypeW
GetNativeSystemInfo
MultiByteToWideChar
FindNextFileW
FindClose
FindFirstFileW
ReleaseMutex
OpenMutexW
CreateMutexW
ResetEvent
GetProcessId
VirtualFreeEx
SetThreadContext
GetThreadContext
VirtualProtect
SetThreadPriority
GetCurrentThread
WideCharToMultiByte
GetVolumeNameForVolumeMountPointW
GetVersionExW
GetComputerNameW
FlushFileBuffers
WriteFile
TlsSetValue
SetLastError
TlsGetValue
TryEnterCriticalSection
lstrcpyW
WaitForMultipleObjects
GetHandleInformation
GetCommandLineW
lstrcpyA
Sleep
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
CreateThread
LocalFree
TerminateThread
LoadLibraryW
FreeLibrary
lstrlenW
lstrlenA
lstrcmpA
CloseHandle
CreateEventW
GetTickCount
SetEvent
QueryPerformanceCounter
CreateFileW
WaitForSingleObject
GetModuleHandleW
InitializeCriticalSection
GetLastError
DeleteCriticalSection
Process32NextW

user32

PostQuitMessage
GetClipboardData
CharLowerA
CharLowerW
CharUpperW
GetSystemMetrics
GetLastInputInfo
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetCursorPos
GetIconInfo
DrawIcon
LoadCursorW
GetKeyboardState
ToUnicode
ExitWindowsEx

advapi32

CryptCreateHash
CryptExportKey
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptGenKey
CryptDestroyKey
CryptDestroyHash
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
RegQueryValueExW
RegQueryInfoKeyW
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptDeriveKey
InitiateSystemShutdownExW
ConvertSidToStringSidW
IsWellKnownSid
GetLengthSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
GetTokenInformation
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
CryptHashData
CryptReleaseContext
CryptGetHashParam
EqualSid
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW

shlwapi

StrCmpIW
StrChrW
StrCmpW
StrRChrA
StrCmpNW
PathSkipRootW
PathMatchSpecW
StrStrIW
PathIsDirectoryW
PathUnquoteSpacesW
StrCmpNA
PathIsURLW
ord14
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
StrCmpNIW
StrCmpNIA
UrlUnescapeA
PathGetDriveNumberW
PathAddBackslashW
PathQuoteSpacesW
PathRemoveFileSpecW
PathRemoveBackslashW
PathRenameExtensionW
StrChrA
wvnsprintfW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

GetUserNameExW
DecryptMessage
EncryptMessage
DeleteSecurityContext

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket

gdi32

CreateCompatibleDC
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
CreateDCW
SelectObject
CreateCompatibleBitmap

ws2_32

FreeAddrInfoW
WSARecv
accept
WSASend
GetAddrInfoW
gethostbyname
WSAGetOverlappedResult
getservbyname
WSACloseEvent
WSAIoctl
WSAAddressToStringW
recvfrom
WSAEnumNetworkEvents
WSAEventSelect
getsockname
setsockopt
sendto
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
getpeername
connect
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
WSACleanup
recv
bind
socket
freeaddrinfo
WSASetLastError
closesocket
send
listen

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore
PFXExportCertStoreEx

wininet

InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipAlloc
GdiplusShutdown
GdipSaveImageToStream
GdipFree

msvcrt

_except_handler3
_errno
memcpy
memmove
memcmp
memchr
_purecall
strcmp
memset
strtoul
_vsnwprintf
_vsnprintf

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d805d0f69945dfd1836a5d4d0f8ddc7b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

userenv

iphlpapi

version

gdiplus

msvcrt

Sections

.text Size: 391KB - Virtual size: 390KB

.data Size: 1024B - Virtual size: 8KB

.idata Size: 10KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.data2 Size: 4KB - Virtual size: 4KB

.text
Size: 391KB - Virtual size: 390KB

.data
Size: 1024B - Virtual size: 8KB

.idata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB

.data2
Size: 4KB - Virtual size: 4KB