7f903b676ff86c656eadf424f688c6fc97798270f88f1d1aae60a57f99ed11e7

Sharing

Copy URL

Twitter E-mail

General

Target

7f903b676ff86c656eadf424f688c6fc97798270f88f1d1aae60a57f99ed11e7
Size

549KB
MD5

1a3c41899ed1914fa7354b8bb440a180
SHA1

3ed62bbee30dc2ee1ca940187d8774bd423d023f
SHA256

7f903b676ff86c656eadf424f688c6fc97798270f88f1d1aae60a57f99ed11e7
SHA512

e974a0f8fc74fc570065341fc6933b3fcd0498d5c338ec1e7d693af0670741c5530f16c4bc7032bda81854041d8ed33fe340074ab694144a22a16480ace49ba1
SSDEEP

12288:hc1vWb0w9G8rC0iQY86lowLvBEqEJA+YfyrrGcTaM8MY6MfRKGRpIFS/:q1W9iJloovEJ1YfyrrGcTaM8MHME2

Score

N/A

Malware Config

Signatures

Files

7f903b676ff86c656eadf424f688c6fc97798270f88f1d1aae60a57f99ed11e7
.exe windows x86

a6dd8cea00ac969bec5983ecfa0fbd8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
inet_ntoa
htonl
ntohl

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

lstrcpyW
FindNextFileW
FindClose
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
DeviceIoControl
CreateFileW
GetCurrentProcessId
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrcmpiW
CreateMutexW
CopyFileW
GetCurrentThreadId
RaiseException
FlushInstructionCache
InterlockedIncrement
MultiByteToWideChar
LoadLibraryExW
VirtualFree
VirtualAlloc
lstrlenA
GetSystemInfo
GetModuleHandleA
ReadFile
GetFileSize
GetFileAttributesExW
MoveFileW
WritePrivateProfileStringW
GetLocalTime
OutputDebugStringA
OutputDebugStringW
CreateDirectoryW
GetStartupInfoW
GetSystemDirectoryW
FreeConsole
AttachConsole
GetVersion
GetPrivateProfileStringW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
OpenProcess
GetStringTypeA
IsValidLocale
FindFirstFileW
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MoveFileA
ExitThread
GetFullPathNameW
FreeResource
LockResource
SizeofResource
FindResourceW
LoadResource
lstrlenW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetTempPathW
GetVersionExW
CreateProcessW
WaitForSingleObject
CreateEventW
FreeLibrary
CreateThread
CloseHandle
GetProcAddress
SetLastError
GetTickCount
Sleep
GetLastError
GlobalUnlock
LocalAlloc
LocalFree
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
lstrcmpA
lstrcmpiA
GlobalFree
EnumSystemLocalesA
InterlockedCompareExchange
HeapFree
IsBadReadPtr
LoadLibraryA
IsProcessorFeaturePresent
HeapDestroy
HeapReAlloc
RtlUnwind
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
HeapSize
InterlockedExchange
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
WriteFile
GetFileSizeEx
FormatMessageW
GetProcessHeap
GetStringTypeW
HeapAlloc

user32

WaitForInputIdle
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
UnregisterClassA
BeginPaint
EndPaint
MessageBoxW
GetActiveWindow
SetWindowLongW
AdjustWindowRectEx
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DrawTextW
EndDialog
GetWindowLongW
SetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
RedrawWindow
SetTimer
ExitWindowsEx
BringWindowToTop
GetKeyboardState
keybd_event
AllowSetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SetFocus
CharNextW
DestroyWindow
DialogBoxParamW
wsprintfW
DefWindowProcW
KillTimer

gdi32

SelectObject
CreateFontIndirectW
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
GetObjectW
SetBkMode
GetStockObject

advapi32

AdjustTokenPrivileges
QueryServiceConfigW
StartServiceW
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptImportKey
CryptSetKeyParam
CryptContextAddRef
CryptGenRandom
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
InitiateSystemShutdownW
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
CloseServiceHandle
ChangeServiceConfigW

shell32

SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantInit
VarUI4FromStr
VariantClear
VariantChangeType

shlwapi

PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW
SHSetValueA
PathFileExistsW
PathCombineW
PathFindFileNameW
ord176
SHGetValueA
SHGetValueW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
EnumProcessModules

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

iphlpapi

GetIpAddrTable

netapi32

Netbios

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.trdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6dd8cea00ac969bec5983ecfa0fbd8e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

psapi

wintrust

crypt32

iphlpapi

netapi32

Sections

.text Size: 327KB - Virtual size: 326KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 17KB - Virtual size: 16KB

.trdata Size: 80KB - Virtual size: 80KB

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 17KB - Virtual size: 16KB

.trdata
Size: 80KB - Virtual size: 80KB