4a5bc0c673276b86ae6c292dd90fa5f064f25063febdf6bf98816fd7480aab02

Sharing

Copy URL

Twitter E-mail

General

Target

4a5bc0c673276b86ae6c292dd90fa5f064f25063febdf6bf98816fd7480aab02
Size

295KB
MD5

06cffc6e587d5c465fe3b33a8881d380
SHA1

10834f92ce2e35287450e3fb7ccd284fbf2722ee
SHA256

4a5bc0c673276b86ae6c292dd90fa5f064f25063febdf6bf98816fd7480aab02
SHA512

322a1c97746081d7be8b8a838b5f146cb945aed76721ecdb5caf7edebeac486d2ca8451bb6dd0e2ac7a779137edd1b7deedc1c3b5a4a812b25eab2d2be9d0921
SSDEEP

6144:R/x18tNpRLpy/gbsWy5lZ85ssJ62HHYwzpUtZCNohaXF:mtNpryqy5QsZ2nZoR+F

Score

N/A

Malware Config

Signatures

Files

4a5bc0c673276b86ae6c292dd90fa5f064f25063febdf6bf98816fd7480aab02
.exe windows x86

cf20d2de5ef33db74b557bd59ed805bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
UnregisterClassA

shlwapi

PathRemoveFileSpecW
StrStrIW
SHGetValueA

oleaut32

SafeArrayLock
SafeArrayCopy
VariantChangeType
GetErrorInfo
SafeArrayDestroy
SafeArrayUnlock
SysStringByteLen
VariantCopy
SafeArrayDestroyDescriptor
VariantInit
SafeArrayGetUBound
GetRecordInfoFromGuids
SafeArrayUnaccessData
SafeArrayDestroyData
LoadTypeLi
SysAllocStringByteLen
SysAllocStringLen
VariantCopyInd
SafeArrayCreate
SafeArrayCreateVectorEx
SafeArrayGetLBound
LoadRegTypeLi
VarBstrCmp
SafeArrayGetVartype
SafeArrayAccessData
SysAllocString
VarBstrCat
SysFreeString
SysStringLen
VariantClear
SafeArrayRedim

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile

ws2_32

sendto
socket
htons
WSACleanup
inet_addr
WSAStartup
closesocket

kernel32

GetFileInformationByHandle
FindClose
IsDebuggerPresent
GetCurrentThreadId
ConnectNamedPipe
GetProcessHeap
GetShortPathNameW
SetThreadLocale
HeapReAlloc
WideCharToMultiByte
OpenEventW
GetDriveTypeW
SizeofResource
CreateFileW
FindResourceExW
HeapFree
LCMapStringW
HeapSize
GetModuleHandleA
HeapDestroy
CreateThread
CancelIo
FormatMessageA
MoveFileExW
LeaveCriticalSection
GetSystemTimeAsFileTime
VerSetConditionMask
GetLongPathNameW
ExpandEnvironmentStringsW
GetACP
LocalFree
WaitForSingleObject
ReadFile
GetOverlappedResult
GetThreadLocale
RaiseException
HeapAlloc
OpenProcess
FindResourceW
GetFileSize
WriteFile
FindFirstFileW
LockResource
OutputDebugStringA
CreateEventW
UnhandledExceptionFilter
ResetEvent
CloseHandle
WaitForMultipleObjects
CreateNamedPipeW
VerifyVersionInfoW
DisconnectNamedPipe
lstrlenA
FreeLibrary
LoadResource
QueryPerformanceFrequency
OutputDebugStringW
DeleteCriticalSection
lstrlenW
FormatMessageW
GetModuleHandleW
EnterCriticalSection
GetVolumePathNameW
SetLastError
SetUnhandledExceptionFilter
QueryDosDeviceW
GetStartupInfoW
VirtualAllocEx

ole32

CoInitializeEx
CoCreateInstance
CoUnmarshalInterface
CoImpersonateClient
CoUninitialize
CoRevertToSelf
CoMarshalInterThreadInterfaceInStream
OleRun

advapi32

CopySid
GetSecurityDescriptorControl
SetThreadToken
SetSecurityDescriptorDacl
OpenProcessToken
GetSecurityDescriptorDacl
RevertToSelf
GetTokenInformation
InitializeSecurityDescriptor
GetSidLengthRequired
OpenThreadToken
EqualSid
ImpersonateNamedPipeClient
GetSecurityDescriptorOwner
RegCloseKey
ConvertSidToStringSidW
RegOpenKeyExW
InitializeSid
GetAclInformation
AddAce
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetSidSubAuthority
InitializeAcl
GetLengthSid
ConvertStringSidToSidW
MakeAbsoluteSD
RegOpenKeyW
GetSecurityDescriptorGroup
RegQueryValueExW
GetSecurityDescriptorSacl
IsValidSid
MakeSelfRelativeSD

psapi

GetModuleFileNameExW

shell32

SHGetFolderPathW

comctl32

ImageList_LoadImageW
ImageList_SetBkColor
DrawInsert
ImageList_DragShowNolock
DestroyPropertySheetPage
CreatePropertySheetPageA
FlatSB_GetScrollInfo

kbdit

KbdLayerDescriptor

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf20d2de5ef33db74b557bd59ed805bb

Headers

File Characteristics

Imports

user32

shlwapi

oleaut32

userenv

ws2_32

kernel32

ole32

advapi32

psapi

shell32

comctl32

kbdit

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 265KB - Virtual size: 889KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 265KB - Virtual size: 889KB

.rsrc
Size: 6KB - Virtual size: 6KB