d5020de726d4bd2c5dea1106f2eb34ddae4771ea2a7ae22faa51a880f9c16e36

Sharing

Copy URL Twitter E-mail

General

Target

d5020de726d4bd2c5dea1106f2eb34ddae4771ea2a7ae22faa51a880f9c16e36
Size

527KB
MD5

0a3c95e63e07fe81bbb03b387e1a20e0
SHA1

6bb5e32a3ff9b9aee4cf8767b9487269f314af4f
SHA256

d5020de726d4bd2c5dea1106f2eb34ddae4771ea2a7ae22faa51a880f9c16e36
SHA512

c01064572467f8cbe2ad4ec3f93cbcd78a6aba684a8eb1cd2da03f01b348973a69cd647dddb341bb902dbbf599e081a4fca191b2c3f40d6324c1b0395c401664
SSDEEP

12288:9C0bWGpmzHgXkG3+BJN3+hS5+hSQ6puVMgD:99WGmzAX9uBJN3AS5ASQbT

Score

N/A

Malware Config

Signatures

Files

d5020de726d4bd2c5dea1106f2eb34ddae4771ea2a7ae22faa51a880f9c16e36
.exe windows x86

5e569bafa333eda612a695dfb2e62ae5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

TransparentBlt

shell32

ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderLocation
SHChangeNotify
Shell_NotifyIconW
CommandLineToArgvW

advapi32

RegOpenKeyExW
ControlService
DeleteService
GetTokenInformation
QueryServiceStatus
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
OpenServiceW
OpenProcessToken

shlwapi

PathFileExistsW
PathStripToRootW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW

psapi

GetModuleFileNameExW

kernel32

LoadLibraryA
InterlockedExchange
GetCurrentProcessId
GetCommandLineA
GetEnvironmentStringsW
LocalAlloc
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualAlloc
VirtualFree
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
CloseHandle
DeleteFileW
FreeResource
VerifyVersionInfoW
EnterCriticalSection
SetCurrentDirectoryW
DeleteCriticalSection
VerSetConditionMask
FindResourceExW
GetCurrentThreadId
InitializeCriticalSection
GetLastError
LeaveCriticalSection
GetCurrentDirectoryW
OutputDebugStringW
QueryPerformanceCounter
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
LocalFree
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
SetStdHandle
CreateThread
GetVersionExW
GetSystemDirectoryW
GetCommandLineW
GlobalFree
Sleep
GetModuleFileNameW
CopyFileW
WideCharToMultiByte
OpenProcess
Process32NextW
TerminateProcess
lstrcmpiW
GetCurrentProcess
CreateToolhelp32Snapshot
GetLocalTime
GetModuleHandleW
Process32FirstW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
GetTickCount
LoadLibraryW
FreeLibrary
FreeEnvironmentStringsA
WriteConsoleA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
RtlUnwind
GetConsoleMode
GetConsoleCP
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapReAlloc
HeapCreate
HeapDestroy
GetStartupInfoW
GetProcessHeap
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
SetEndOfFile
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetFileAttributesW
GetLocaleInfoW

user32

CallNextHookEx
MapVirtualKeyW
GetKeyState
wsprintfW
DrawTextW
GetWindowLongW
GetWindowTextW
GetClientRect
GetDlgCtrlID
LoadBitmapW
SetWindowsHookExW
SetWindowTextW
GetDlgItem
SetTimer
PostMessageW
FindWindowW
EndDialog
SendMessageW
GetWindowRect
KillTimer
UpdateWindow
ShowWindow
SetWindowLongW
DrawIconEx
GetWindow
FindWindowExW
SetWindowRgn
InvalidateRect
LoadImageW
TrackMouseEvent
GetParent
ReleaseDC
DestroyIcon
GetClassNameW
ReleaseCapture
GetDC
OffsetRect
DialogBoxParamW
SetWindowPos
EnableWindow
UnregisterClassA

gdi32

SelectObject
GetTextExtentExPointW
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
CreateFontW
BitBlt
DeleteDC
GetObjectW
GetStockObject
CreateCompatibleBitmap
SetBkColor
CreateRoundRectRgn

ole32

CoTaskMemFree
CreateStreamOnHGlobal

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e569bafa333eda612a695dfb2e62ae5

Headers

File Characteristics

Imports

msimg32

shell32

advapi32

shlwapi

psapi

kernel32

user32

gdi32

ole32

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 224KB - Virtual size: 224KB

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 224KB - Virtual size: 224KB