65d9216447d1ce8d82d5f297a1b9515746afe333865b13d9e31e01684b1131f0

Sharing

Copy URL Twitter E-mail

General

Target

65d9216447d1ce8d82d5f297a1b9515746afe333865b13d9e31e01684b1131f0
Size

347KB
MD5

09fea428b83c969b97f5b2ccfc481ad0
SHA1

027761c53c280e27cae32ffc6c89086026233407
SHA256

65d9216447d1ce8d82d5f297a1b9515746afe333865b13d9e31e01684b1131f0
SHA512

f707d080ee0e1e2d4b31897c3088c092e1371fdaf8860922f71abe78b9d2c63c22ac34213d157e87423908e3a91e7aa8759f9712e267155dfa8edfdd828eb7a8
SSDEEP

6144:gD8xKXkJcQSAabGBxkfUo6SdGWMeVgnVk8S+UcLqntr7z+E:gQxKXina6kfUidGlEgnVBUiqnhd

Score

N/A

Malware Config

Signatures

Files

65d9216447d1ce8d82d5f297a1b9515746afe333865b13d9e31e01684b1131f0
.exe windows x86

45f925626e151b98a0509e9353b7c693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crt

ord3
ord88
ord70
ord29
ord61
ord6
ord66
ord67
ord1
ord99
ord2

api

ord11
ord19
ord30
ord34
ord6

crash

ord2
ord1

http

ord12

dzip

ord1
ord2

ral

ord1
ord2
ord10
ord11

gdiplus

GdipFree
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectRect
GdipFillRectangle
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipAlloc
GdipReleaseDC

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
lstrcpynW
GetModuleFileNameW
WaitForSingleObject
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetCurrentThreadId
OutputDebugStringW
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
SetLastError
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrcmpW
DeleteCriticalSection
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
CreateFileW
GetVersionExW
lstrcpyW
lstrcmpiA
GetFileSize
ReadFile
GlobalFree
GlobalReAlloc
GetProcessHeap
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
DecodePointer
EncodePointer
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException

user32

FindWindowA
GetWindowDC
SetParent
GetPropA
CopyRect
OffsetRect
MonitorFromPoint
DrawIconEx
TrackPopupMenu
PtInRect
SetCursor
GetCursorPos
EnableMenuItem
GetMenuItemID
GetMenuItemCount
GetSystemMenu
GetWindowRect
IsRectEmpty
UpdateWindow
IsZoomed
EqualRect
SetRect
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromWindow
SetRectEmpty
GetWindowTextLengthW
BeginPaint
SetWindowTextA
SetFocus
GetWindow
IsWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
InflateRect
GetMenuItemInfoW
GetMessageW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
TranslateMessage
DispatchMessageW
SetMenuItemInfoW
RemoveMenu
GetMenuState
SetMenuInfo
GetMenuInfo
GetClassNameA
CallNextHookEx
SetWindowsHookExW
SetPropA
KillTimer
SetTimer
SetWindowRgn
PostQuitMessage
EndPaint
PeekMessageW
GetClientRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowTextW
GetWindowTextW
DrawTextW
FindWindowW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetDlgItem
SendMessageW
RegisterWindowMessageW
FlashWindowEx
MessageBoxW
GetFocus
SetWindowPos
IsIconic
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
PostMessageW
ShowWindow
LoadIconW
IsWindowVisible
LoadCursorW
UnhookWindowsHookEx
UnregisterClassW
IsChild

gdi32

DeleteObject
GetStockObject
CreateCompatibleDC
CombineRgn
ExtCreateRegion
DeleteDC
CreateDIBitmap
GetDIBits
RealizePalette
SelectPalette
CreateCompatibleBitmap
SelectObject
BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
ExtTextOutW
CreateDIBSection
CreatePen
CreateFontIndirectW
GetClipBox
ExcludeClipRect
Rectangle
CreateFontW
StretchBlt
GetPixel
GetRgnBox
CreateDCW

advapi32

RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

shell32

ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
StringFromGUID2
OleLockRunning

oleaut32

LoadRegTypeLi
VariantClear
VarUI4FromStr
SysAllocStringLen
LoadTypeLi
SysAllocString
SysStringLen
OleCreateFontIndirect
VariantInit
SysFreeString

shlwapi

PathFindExtensionW
StrChrW
StrStrIW
PathIsDirectoryW
PathFileExistsW
StrChrIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z

msvcr110

memcpy_s
wcsnlen
memmove_s
wmemcpy_s
vswprintf_s
??3@YAXPAX@Z
_vscwprintf
_wtoi
memmove
wcscpy_s
_mbslwr_s
memset
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_wcsicmp
wcschr
wcsstr
_wcslwr_s
??2@YAPAXI@Z
wcsncpy_s
??_V@YAXPAX@Z
_purecall
_wtol
wcsrchr
_snwscanf_s
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__CxxFrameHandler3
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
free
_recalloc
swprintf_s
malloc
_CxxThrowException
__RTDynamicCast
memcpy

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45f925626e151b98a0509e9353b7c693

Headers

DLL Characteristics

File Characteristics

Imports

crt

api

crash

http

dzip

ral

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp110

msvcr110

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 106KB - Virtual size: 108KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 106KB - Virtual size: 108KB