f5b2a21b55a54a5db5404150bfbff416911b237048ee1667ee9fc6c1bd08311e

Sharing

Copy URL Twitter E-mail

General

Target

f5b2a21b55a54a5db5404150bfbff416911b237048ee1667ee9fc6c1bd08311e
Size

426KB
MD5

11476d83e4d953270d77241ef12a3aa0
SHA1

014c13d92872ee4de899119475e285f9d2eb9786
SHA256

f5b2a21b55a54a5db5404150bfbff416911b237048ee1667ee9fc6c1bd08311e
SHA512

259b2226b67ec0abc6da9ef44973ae34326786e963671146c778f7bf60ceeac6ceeec4c3cfa1159fc20a4b495b814ffa093727e615f2ce640ba90ca1c3e375ed
SSDEEP

12288:Y+kY5t+U1hIU4PI1wblsTwG7h/2oFEP26/fgZzA2Tk:YY7r1hIU4Quyw4h/3KPV/fmzA24

Score

N/A

Malware Config

Signatures

Files

f5b2a21b55a54a5db5404150bfbff416911b237048ee1667ee9fc6c1bd08311e
.exe windows x86

387cdb28d5f1986c2ecfc6f24da07b67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LocalFree
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
TerminateProcess
GetWindowsDirectoryW
GetUserDefaultLangID
Sleep
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetLocalTime
InterlockedDecrement
GetModuleFileNameW
OutputDebugStringW
GetCurrentProcess
FreeLibrary
LoadLibraryExW
LoadLibraryW
CloseHandle
GetVersionExW
ExpandEnvironmentStringsW
DeleteFileW
SetLastError
SetEnvironmentVariableA
CopyFileW
GetTickCount
MoveFileExW
GetCommandLineW
GetLastError
LeaveCriticalSection
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
ReadFile
CreateDirectoryW
WriteFile
GetTempPathW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode
CreateProcessW
WaitForSingleObject
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
EnterCriticalSection
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA

user32

LoadStringW
CloseDesktop
OpenDesktopW
LoadKeyboardLayoutW
SystemParametersInfoW
GetKeyboardLayoutList
GetWindowThreadProcessId
FindWindowW
UnloadKeyboardLayout

advapi32

RegUnLoadKeyW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetUserNameW
AllocateAndInitializeSid
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
GetFileSecurityW
MapGenericMask
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetAclInformation
RegQueryValueExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyW
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
FreeSid
RegOpenKeyExW
OpenProcessToken
RegEnumKeyW
RegDeleteKeyW
RegLoadKeyW
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord165
SHFileOperationW

ole32

CoInitializeEx
StringFromIID
IIDFromString
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathFileExistsW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathQuoteSpacesW

imm32

ImmSetHotKey
ImmGetHotKey
ImmInstallIMEW
ImmGetIMEFileNameW
ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

387cdb28d5f1986c2ecfc6f24da07b67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

imm32

version

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 79KB - Virtual size: 80KB