7d0e38fedafd923d0ab74059dd1e7ea71f93ccf306f5fa670f6060dbb63c5df7

Sharing

Copy URL Twitter E-mail

General

Target

7d0e38fedafd923d0ab74059dd1e7ea71f93ccf306f5fa670f6060dbb63c5df7
Size

620KB
MD5

0bdca3afffb89bf6ef12ac9be0bc58fa
SHA1

e63a1b513da60e3c111301ba8cac26dad012d47b
SHA256

7d0e38fedafd923d0ab74059dd1e7ea71f93ccf306f5fa670f6060dbb63c5df7
SHA512

f7c4cf846f8036d20eea5423e634462991b043e862e7980f9e7579629c3efb08ba02f367eb3bac33560385f49322feef141b9c620335bf7d7dacf0bab6c432f2
SSDEEP

12288:hxtzfl8EmN95SKTifcNjvYRoo1QBPP2E7ZgT7FoyNjGyDe3mj:hbl8EmN95KkFvEook2E7ivKyNjGyD3

Score

N/A

Malware Config

Signatures

Files

7d0e38fedafd923d0ab74059dd1e7ea71f93ccf306f5fa670f6060dbb63c5df7
.exe windows x86

366a15cab9ba617be7218bf386b42512

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

shlwapi

StrRChrA

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryOption
WinHttpSetOption
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen

kernel32

LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
DeleteFileW
LockResource
FindResourceExW
lstrlenA
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetShortPathNameW
GetExitCodeProcess
TerminateProcess
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetVersionExW
IsBadReadPtr
FindClose
FindFirstFileW
GetFileAttributesW
CreateDirectoryExW
lstrcpyW
GetTempPathW
lstrcatW
RemoveDirectoryW
FindNextFileW
TryEnterCriticalSection
GetTickCount
DeleteTimerQueueTimer
CreateTimerQueueTimer
LoadLibraryA
CreateFileA
lstrcmpA
lstrcmpiA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
GetModuleFileNameW
WaitForSingleObject
CloseHandle
lstrcmpiW
GetLastError
RaiseException
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
VirtualQuery
GetStringTypeW
SetEndOfFile
GetStringTypeA
GetCPInfo
LCMapStringW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
LCMapStringA
GetStartupInfoW
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetModuleHandleA

user32

UnregisterClassA
LoadStringW
PostThreadMessageW
MessageBoxW
CharNextW
TranslateMessage
CharUpperW
DispatchMessageW
GetMessageW

advapi32

CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
CryptDecrypt
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
GetErrorInfo

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

366a15cab9ba617be7218bf386b42512

Headers

File Characteristics

Imports

imagehlp

shlwapi

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 22KB - Virtual size: 42KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 22KB - Virtual size: 42KB

.rsrc
Size: 56KB - Virtual size: 56KB