29c4a3726f4feca6a9d3fdc740dc63e7f08ae9a5d898ca610ddd8b7ff10f1f8b

Sharing

Copy URL Twitter E-mail

General

Target

29c4a3726f4feca6a9d3fdc740dc63e7f08ae9a5d898ca610ddd8b7ff10f1f8b
Size

5.9MB
MD5

4652d1eafa463807c008267a2e8800b0
SHA1

1a9035d0533834ff7f1062e3d16b8e28e6fa921d
SHA256

29c4a3726f4feca6a9d3fdc740dc63e7f08ae9a5d898ca610ddd8b7ff10f1f8b
SHA512

9000d7a945a76ae9d1f6f462950e053e33764703be9631b0d6f36a6541a9316693d5fc4660d115fe240a0e714f3d5069beaf19d57c761482c42d03e27344adb7
SSDEEP

98304:wRC0gNhja0B/DlEAT5DTsS+l9oP7ttVk4zGClluCRBZ/wyx2T:wRCPaqZEAT9wStrVt4cBZ3x2T

Score

N/A

Malware Config

Signatures

Files

29c4a3726f4feca6a9d3fdc740dc63e7f08ae9a5d898ca610ddd8b7ff10f1f8b
.exe windows x86

cff39e07d5fc1869da32ca4e170cf58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetVersion
OutputDebugStringW
ExpandEnvironmentStringsW
GetCurrentProcessId
OpenProcess
LoadLibraryW
FreeLibrary
GetLocalTime
GetModuleFileNameW
OpenMutexW
Sleep
QueryDosDeviceW
TerminateProcess
GetPrivateProfileStringW
GetDriveTypeW
OpenFileMappingW
GetDiskFreeSpaceExW
GetPrivateProfileIntW
SetCurrentDirectoryW
LocalAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetCommandLineW
IsBadReadPtr
CreatePipe
DuplicateHandle
DeviceIoControl
InterlockedExchange
InterlockedCompareExchange
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
GetSystemDefaultLangID
ExpandEnvironmentStringsA
lstrcpynW
ReleaseMutex
GetCPInfo
GetExitCodeProcess
GetLocaleInfoW
GlobalAlloc
GlobalFree
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteProcessMemory
VirtualAllocEx
SetEnvironmentVariableA
ReleaseSemaphore
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
FileTimeToSystemTime
CreateSemaphoreW
PeekNamedPipe
GetFileType
VirtualQuery
VirtualProtect
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
CreateProcessW
GetTickCount
Module32NextW
Module32FirstW
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
CopyFileW
SetLastError
GetCurrentThread
GetCurrentProcess
LocalFree
VirtualAlloc
VirtualFree
GlobalMemoryStatus
GetSystemInfo
GetLogicalDriveStringsW
GetTempPathW
SearchPathW
GetCurrentDirectoryW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
GetSystemDirectoryW
GetWindowsDirectoryW
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
ReadFile
GetModuleHandleW
GetProcAddress
MoveFileExW
DeleteFileW
GetTempFileNameW
WaitForSingleObject
WriteFile
SetEndOfFile
SetFilePointer
GetLastError
GetFileSize
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
CloseHandle
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetProcessHeap
HeapAlloc
LoadLibraryExW
RtlUnwind
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW
IsDebuggerPresent
ResetEvent
SetEvent
CreateEventW
SystemTimeToTzSpecificLocalTime
InitializeCriticalSection
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetVersionExW
DeleteCriticalSection
WriteConsoleW
FreeEnvironmentStringsW

user32

SendMessageTimeoutW
FindWindowW
SendMessageW
LoadIconW
SetDlgItemTextW
GetDlgItem
SetFocus
ShowWindow
EndDialog
MessageBoxW
DialogBoxParamW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
PostMessageW
GetWindowRect
SystemParametersInfoW
SetWindowPos
SetWindowLongW
CreateWindowExW
CharUpperW
DestroyWindow
CharLowerW
DefWindowProcW
IsWindow

advapi32

SetNamedSecurityInfoW
LookupAccountNameW
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegEnumKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyW
RegLoadKeyW
RegSetValueW
RegOpenKeyW
QueryServiceStatus
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
DeleteService
ControlService
CreateServiceW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
SetSecurityInfo
GetSecurityInfo
GetNamedSecurityInfoW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
CopySid

shell32

ShellExecuteExW
ord43
SHGetFolderPathA
ord680
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoInitializeEx
PropVariantClear
CoCreateGuid
CoUninitialize
OleInitialize
OleUninitialize
CoTaskMemFree
StgOpenStorage
CoInitialize
StgIsStorageFile

oleaut32

VariantInit
VariantCopy
SysFreeString
SysAllocString
VariantClear

shlwapi

PathRemoveBackslashW
PathFindFileNameW
PathAddBackslashW
StrStrW
StrChrW
StrCatW
PathIsDirectoryW
SHGetValueW
SHStrDupW
wnsprintfW
StrToIntExW
PathAppendW
StrStrIW
SHDeleteKeyW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

userenv

UnloadUserProfile

crypt32

CertGetNameStringW
CryptMsgGetParam
CertFindCertificateInStore
CryptQueryObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

ws2_32

htonl
ntohl
htons
socket
inet_addr
WSCDeinstallProvider
WSCEnumProtocols
__WSAFDIsSet
recv
send
gethostbyname
inet_ntoa
setsockopt
closesocket
WSACleanup
WSAStartup
ntohs
select
WSAGetLastError
connect
ioctlsocket

wininet

InternetOpenUrlW
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cff39e07d5fc1869da32ca4e170cf58f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

userenv

crypt32

version

netapi32

ws2_32

wininet

Sections

.text Size: 882KB - Virtual size: 881KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 13KB - Virtual size: 27KB

.gfids Size: 1024B - Virtual size: 992B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 286KB - Virtual size: 286KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 882KB - Virtual size: 881KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 13KB - Virtual size: 27KB

.gfids
Size: 1024B - Virtual size: 992B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 286KB - Virtual size: 286KB

.reloc
Size: 43KB - Virtual size: 43KB