c56de63728fd5ea0f9a8fd4fde894ad711c0c218c0f2133497b1bb2284ddfb78

Sharing

Copy URL Twitter E-mail

General

Target

c56de63728fd5ea0f9a8fd4fde894ad711c0c218c0f2133497b1bb2284ddfb78
Size

525KB
MD5

173854739a3a503b088328ff18a65ca0
SHA1

ae280179394957c589dca7c255993be22da800e6
SHA256

c56de63728fd5ea0f9a8fd4fde894ad711c0c218c0f2133497b1bb2284ddfb78
SHA512

ccaa2f8cd07e112730535ef0b401108042b7e2d50aedc1b32a739f4af4512e710b702eadd85e6e962aca99fa7f1ad6c38ae55208639c9230a7e1466fa87caef9
SSDEEP

6144:ouO/6Z8CN1LFH4Ut4rnuHjmTcU2b3V0h7FulG7cBmoImqP+vifhgh3i8PRIbWII1:19Z8CbFH2oImqP+vD2W3zKBrwq+

Score

N/A

Malware Config

Signatures

Files

c56de63728fd5ea0f9a8fd4fde894ad711c0c218c0f2133497b1bb2284ddfb78
.exe windows x86

10bfac293f53a75993eabb698e546e17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
CryptDestroyHash
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA

custsat

ord5
ord4

gdi32

DeleteDC
CreateDIBitmap
CreatePalette
SelectPalette
SetBkMode
GetDeviceCaps
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
TextOutW
SetTextColor
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
RealizePalette
SetStretchBltMode

kernel32

WriteFile
GetStdHandle
LoadLibraryW
CreateDirectoryW
MoveFileW
LoadLibraryExW
FindResourceExA
GetEnvironmentVariableA
GetModuleFileNameW
CreateFileW
CloseHandle
ReadFile
GetFileSize
FreeResource
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FormatMessageW
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
Sleep
lstrcpynW
VirtualAlloc
VirtualFree
OutputDebugStringW
GlobalLock
GlobalUnlock
HeapSize
HeapReAlloc
HeapDestroy
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultLCID
GetSystemDefaultLCID
LocalFree
CreateProcessW
UnmapViewOfFile
GlobalAlloc
GlobalFree
CreateFileMappingW
MapViewOfFile
GetFileAttributesA
GetUserDefaultUILanguage
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessA
LoadLibraryA
OpenProcess
DuplicateHandle
CreateMutexA
CreateEventA
CompareFileTime
CreateFileMappingA
AddAtomW
DeleteAtom
FindAtomW
GetModuleHandleW
CopyFileW
GetFileAttributesExW
GetSystemTime
SystemTimeToFileTime
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
GetProcAddress
GetModuleHandleA
GetVersionExA
GetLastError
RaiseException
WideCharToMultiByte
lstrlenW
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
InterlockedExchange
GetFileAttributesW
GetModuleFileNameA
lstrlenA
lstrcpyA
GetCurrentThreadId
MulDiv

mscoree

LockClrVersion
CorBindToRuntimeEx

msvcr80

memcpy
memmove_s
memset
swprintf_s
_wsplitpath_s
_wmakepath_s
_vsnwprintf_s
wcsstr
wcschr
wcscat_s
calloc
_strlwr_s
_ultow_s
memmove
_wfullpath
wcspbrk
_wtoi
_wcslwr_s
_set_purecall_handler
wcsncat_s
isprint
strrchr
_vswprintf_c_l
_vsnprintf_s
_wtol
_mbscmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
??_V@YAXPAX@Z
_resetstkoflw
memcpy_s
_recalloc
strncpy_s
sprintf_s
free
wcsrchr
fprintf
_wcsnicmp
_snwprintf_s
wcsncpy_s
_wcsicmp
wcscpy_s
fclose
fgets
fopen_s
strcpy_s
_stricmp
??3@YAXPAX@Z
_callnewh
malloc

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
OleInitialize
CoInitializeSecurity
CoTaskMemRealloc
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoDisconnectObject
CoTaskMemFree
OleUninitialize
IIDFromString
StringFromCLSID

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
VarUI4FromStr
GetActiveObject
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo

shell32

SHGetFolderPathW
SHFileOperationW

shlwapi

PathAddBackslashW
SHDeleteKeyW

user32

LoadBitmapA
GetSystemMetrics
SystemParametersInfoA
LoadStringW
MessageBoxA
CharNextA
UnregisterClassA
GetDesktopWindow
RegisterClassA
UpdateWindow
DrawTextW
DestroyWindow
LoadImageA
LoadIconA
SetForegroundWindow
MessageBoxW
CharNextW
ReleaseDC
GetDC
DefWindowProcA
EndPaint
BeginPaint
SetWindowLongA
GetWindowLongA
CreateWindowExA

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10bfac293f53a75993eabb698e546e17

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

custsat

gdi32

kernel32

mscoree

msvcr80

ole32

oleaut32

shell32

shlwapi

user32

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 424KB - Virtual size: 428KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 424KB - Virtual size: 428KB