9e95ad581cb31b175219fd05945e0f41197b439b21f33845a9260a20da484427

Sharing

Copy URL Twitter E-mail

General

Target

9e95ad581cb31b175219fd05945e0f41197b439b21f33845a9260a20da484427
Size

623KB
MD5

4062435b5b6042830126697321bb9190
SHA1

7046169fbf6e7fb5e611204223b6142e392916e1
SHA256

9e95ad581cb31b175219fd05945e0f41197b439b21f33845a9260a20da484427
SHA512

b69bff29bfc4aeb198c5eea1b932b5a2b556c69900ca6190fad3c4715b795598488759651b3c9bf78de5ca470e5a73401430bee14d7aa311159d7126618dbb5a
SSDEEP

12288:zij7qqf519cklp1SzulyXRE7RZEBOX+LjU0GEfk8M7cNM:zUqqhcaAXC9ZBX+/U0GEm7aM

Score

N/A

Malware Config

Signatures

Files

9e95ad581cb31b175219fd05945e0f41197b439b21f33845a9260a20da484427
.exe windows x86

a1bcf1372f69aff81a4b9150d8727bb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFreeEx
lstrcmpiA
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetFileAttributesW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetPrivateProfileIntW
SetLastError
lstrcmpW
CreateDirectoryW
Sleep
GlobalFree
GlobalHandle
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsProcessorFeaturePresent
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
ReadFile
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetFileInformationByHandle
GetDriveTypeA
HeapReAlloc
GetDateFormatW
GetTimeFormatW
HeapAlloc
HeapFree
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileExW
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FormatMessageA
ExpandEnvironmentStringsA
GetTickCount
GetFileType
GetStdHandle
PeekNamedPipe
DuplicateHandle
CreateMutexA
WaitForMultipleObjects
GetExitCodeThread
CreateEventA
TerminateThread
SetEvent
SleepEx
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
DeviceIoControl
CreateFileA
LoadLibraryA
CreateThread
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetProcessHeap
CompareStringW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GetSystemDefaultLangID
lstrcatW
WinExec
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32FirstW
Process32NextW
GetWindowsDirectoryW
MulDiv
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
LoadLibraryExW
GetModuleHandleW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFree
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
SetCurrentDirectoryW
SetEnvironmentVariableA
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
CreateMutexW
GetModuleFileNameW
WaitForSingleObject
CreateFileW
GetFileSize
WriteFile
GetCurrentThreadId
GetCurrentProcessId
lstrlenA
OutputDebugStringW
SetFilePointer
CloseHandle
ReleaseMutex
GetFileAttributesExW
DeleteFileW
FreeEnvironmentStringsW

user32

SendMessageW
SetWindowTextW
LoadImageW
FillRect
GetDC
CreateIconIndirect
GetWindowRect
GetClientRect
ScreenToClient
InvalidateRect
UnregisterClassA
SetTimer
KillTimer
ReleaseDC
GetIconInfo
MoveWindow
TranslateMessage
GetActiveWindow
CreateDialogIndirectParamW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
SetWindowRgn
IsWindowVisible
GetClassInfoExW
SetFocus
DestroyAcceleratorTable
CallWindowProcW
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
GetFocus
EndDialog
MapDialogRect
IsWindow
IsDialogMessageW
SetWindowContextHelpId
GetDlgItem
PtInRect
SendDlgItemMessageW
CreateDialogParamW
CharNextW
PeekMessageW
GetMessageW
IsChild
DispatchMessageW
SetRect
FindWindowW
FindWindowExW
GetWindow
ClientToScreen
OffsetRect
GetWindowThreadProcessId
MessageBoxW
CreateWindowExW
DestroyWindow
GetWindowLongW
GetParent
GetWindowRgn
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetSysColor
DrawTextW
GetSystemMetrics
LoadStringW
DestroyCursor
GetCursorPos
LoadCursorW
SetCursor
ShowWindow
CopyIcon
DestroyIcon
EndPaint
BeginPaint
MonitorFromRect
GetMonitorInfoW
SetWindowPos
GetDesktopWindow
EqualRect
CopyRect
LoadBitmapW
PostQuitMessage

gdi32

CreateRoundRectRgn
GetStockObject
CreateRectRgn
PtInRegion
TextOutW
SetTextJustification
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDeviceCaps
CreateFontIndirectW
GetTextMetricsW
SetBkMode
SetTextColor
SetBkColor
CreateDIBSection
BitBlt
CreateHatchBrush
Rectangle
CreateSolidBrush
CreateCompatibleDC
StretchBlt
DeleteDC
GetObjectW
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
CreateBitmap

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleSetClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueW
RegQueryInfoKeyW

shlwapi

PathFileExistsW

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ord17
_TrackMouseEvent

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateFromHDC
GdipDrawImagePointsI
GdipCloneImage
GdiplusStartup
GdipFree

ws2_32

sendto
ioctlsocket
listen
accept
gethostbyname
select
__WSAFDIsSet
WSASetLastError
recvfrom
send
connect
WSAGetLastError
WSACleanup
WSAStartup
closesocket
getsockopt
socket
bind
recv
setsockopt
getsockname
ntohs
htons

wldap32

ord200
ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1bcf1372f69aff81a4b9150d8727bb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

gdiplus

ws2_32

wldap32

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 92KB - Virtual size: 96KB