7bbbe3285596c686dd67658cf9aa86e06d12341848741eda6db077794754337d

Sharing

Copy URL Twitter E-mail

General

Target

7bbbe3285596c686dd67658cf9aa86e06d12341848741eda6db077794754337d
Size

217KB
MD5

0dca2a700a70c53943b30c5ebe263aa0
SHA1

6283be0b7bc3b4003dd3c6cbcd079f426e386a20
SHA256

7bbbe3285596c686dd67658cf9aa86e06d12341848741eda6db077794754337d
SHA512

181f8cbce2f211911efcb764d6f30ece6796d4429467e0b774dccd6474e9c990a94e89e2227d4944af5c6c2d91761446fe012838d420a5dd614cdf51e43c4e64
SSDEEP

6144:ApKqqDLEi0DCCJJ/dMPyOKEXHdC6ta9Y3aQiLVOHQT:Ap/qnEi0DCCUyOKEXJwfzoM

Score

N/A

Malware Config

Signatures

Files

7bbbe3285596c686dd67658cf9aa86e06d12341848741eda6db077794754337d
.exe windows x86

a7b630392d0672a9a7b954d866d8d818

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
FindNextFileW
FileTimeToDosDateTime
CreateToolhelp32Snapshot
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
WriteFile
GetFileInformationByHandle
CreateThread
ExpandEnvironmentStringsW
MoveFileExW
CreateRemoteThread
GetThreadContext
SetThreadContext
GetProcessId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetPrivateProfileIntW
SetHandleInformation
CreatePipe
GlobalLock
GlobalUnlock
GetEnvironmentVariableW
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
TlsGetValue
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
VirtualQueryEx
SetFileTime
GetProcessHeap
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
DeleteFileW
GetTempFileNameW
LoadLibraryW
CreateDirectoryW
FreeLibrary
ReleaseMutex
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
GetFileAttributesExW
GetModuleFileNameW
VirtualFreeEx
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
WaitForMultipleObjects
GetLocalTime
GetCurrentThreadId
lstrcmpiW
LocalFree
GetProcAddress
GetVersionExW
WaitForSingleObject
GetModuleHandleW
GetNativeSystemInfo
GetSystemTime
OpenEventW
ExitThread
Sleep
GetTickCount
CloseHandle
CreateEventW
ResetEvent
EnterCriticalSection
SetLastError
GetLastError
LeaveCriticalSection
InitializeCriticalSection
SetEvent
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetFileAttributesW
IsBadReadPtr
VirtualFree
VirtualProtect

user32

WindowFromPoint
TranslateMessage
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
EndPaint
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
MsgWaitForMultipleObjects
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
CharToOemW
GetMessageA
GetWindowRect
GetMessageW
DefMDIChildProcW
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
LoadImageW
GetTopWindow
GetSystemMetrics
GetShellWindow
RegisterClassA
DefFrameProcW
CallWindowProcW
GetKeyboardState
ToUnicode
DrawIcon
GetIconInfo
GetClipboardData
CharLowerBuffA
MapVirtualKeyW
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
SystemParametersInfoW
TrackPopupMenuEx
GetClassNameW
GetMenuState
GetDCEx
DefWindowProcA
GetWindowLongW
GetAncestor
PeekMessageW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
PeekMessageA
SetWindowPos
GetCursorPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
ExitWindowsEx
GetKeyboardLayoutList
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
CallWindowProcA
SetCapture
EndMenu
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
CharLowerW
MessageBoxA
GetDC

advapi32

ConvertSidToStringSidW
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
IsWellKnownSid
GetLengthSid
EqualSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
FreeSid
RegOpenKeyExW
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
RegDeleteValueW
RegEnumValueW
CreateProcessAsUserA
RegEnumKeyExW
InitiateSystemShutdownExW

shlwapi

PathAddExtensionW
PathQuoteSpacesW
PathIsURLW
StrStrIW
StrStrIA
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrCmpNIW
PathRemoveBackslashW
PathRenameExtensionW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateDIBSection
SaveDC

ws2_32

getsockname
select
getaddrinfo
recvfrom
getpeername
accept
WSAEventSelect
listen
inet_addr
WSASend
gethostbyname
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
sendto
recv
freeaddrinfo
closesocket
WSASetLastError
socket
bind
setsockopt
shutdown
WSAGetLastError
send

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

HttpSendRequestW
GetUrlCacheEntryInfoW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetStatusCallbackA
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
InternetReadFile
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFileExA
HttpOpenRequestA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7b630392d0672a9a7b954d866d8d818

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 204KB - Virtual size: 204KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 204KB - Virtual size: 204KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB