d9d90f5d41bb337e1d8d4b6f769d409089bd135c5fa907327e83b20b06fe4fd1

Sharing

Copy URL

Twitter E-mail

General

Target

d9d90f5d41bb337e1d8d4b6f769d409089bd135c5fa907327e83b20b06fe4fd1
Size

722KB
MD5

101471560e4c3fc99f2945b8529777c0
SHA1

9642fb293b85dc4906f8c9942f1cdc4299b5fe7a
SHA256

d9d90f5d41bb337e1d8d4b6f769d409089bd135c5fa907327e83b20b06fe4fd1
SHA512

41b0c5e57b2e73c392cb200ed9c8cc1e10900345c7fc31fd00e2932bc9cb9b07e09232333e93e20ac6aab19ecc0123d66811f8511ed475fa7552104f5f2dc033
SSDEEP

12288:t+1vUK5O8wycNelOOl9irfMZUw+SpBLi+XPGjtv0C9TTWx1YK98DOjLFEmx:t+afNelEopBLi+OZv79TT+98DOi

Score

N/A

Malware Config

Signatures

Files

d9d90f5d41bb337e1d8d4b6f769d409089bd135c5fa907327e83b20b06fe4fd1
.exe windows x86

752d07152c8f11e9a4c0f5b0ac054edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpWriteData

kernel32

SetUnhandledExceptionFilter
Sleep
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
CreateThread
GetTickCount
CreateDirectoryW
GetTempPathW
GetTempFileNameW
MoveFileW
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
WaitForMultipleObjects
WriteFile
ReadFile
SetFilePointerEx
SetEndOfFile
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
WTSGetActiveConsoleSessionId
GetModuleFileNameW
LocalFree
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
FindClose
FindFirstFileW
GetDriveTypeW
SetErrorMode
GetVersionExW
DeleteFileA
lstrlenW
CreateFileA
GetLocalTime
OutputDebugStringA
ReleaseMutex
DeviceIoControl
SetPriorityClass
InterlockedDecrement
GetCurrentThreadId
SetLastError
TlsFree
lstrlenA
TlsSetValue
FreeLibrary
GetProcAddress
OutputDebugStringW
TlsGetValue
GetLastError
LoadLibraryW
GetLocaleInfoW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
GetProcessHeap
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedIncrement
InterlockedCompareExchange

user32

MessageBoxA
wsprintfW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
LookupAccountSidW

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ord155
ShellExecuteW
ord680

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

UrlUnescapeW
PathFileExistsW

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

752d07152c8f11e9a4c0f5b0ac054edc

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

psapi

iphlpapi

Sections

.text Size: 357KB - Virtual size: 356KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 10KB - Virtual size: 22KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 104KB - Virtual size: 104KB

.text
Size: 357KB - Virtual size: 356KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 104KB - Virtual size: 104KB