52009aaadb425ceb63df3652ea7ed70ebc1ef06cb63a4a4b04bff4381977fc6f

Sharing

Copy URL Twitter E-mail

General

Target

52009aaadb425ceb63df3652ea7ed70ebc1ef06cb63a4a4b04bff4381977fc6f
Size

441KB
MD5

20974a09aca4f30f3b4446096be26880
SHA1

3d4d367c5c57ebbc77a001dbf1283f2dc442cf43
SHA256

52009aaadb425ceb63df3652ea7ed70ebc1ef06cb63a4a4b04bff4381977fc6f
SHA512

73582f81ed29d32f77f9082b0f25a593cb3aed0a38982428126da9fc4525a3f346ef7600090f1e4495a8cb5306a12c4670fe2674551cc406d7dda56c4bd0bc77
SSDEEP

6144:Z2IPquunFIgX4z9ReQQdrM5h827oLLoXAHblMezciTwdcy96TI9twRv9yph8:nWI3neQQdrM5h8vHowpMeJUaTbP

Score

N/A

Malware Config

Signatures

Files

52009aaadb425ceb63df3652ea7ed70ebc1ef06cb63a4a4b04bff4381977fc6f
.exe windows x86

09ebc51a9510816c53064273dd833166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
IsWow64Process
VirtualAllocEx
OpenProcess
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
LocalFree
LocalAlloc
GlobalFree
LockResource
SetEvent
GetTempFileNameW
GetTempPathW
WriteFile
SetCriticalSectionSpinCount
WaitForSingleObject
ResumeThread
CreateEventW
HeapFree
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
ReadProcessMemory
WideCharToMultiByte
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapDestroy
HeapCreate
HeapSize
HeapReAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
Sleep
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
InterlockedCompareExchange
LCMapStringA
VirtualFreeEx
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
InterlockedExchange
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
OutputDebugStringW
DebugBreak
lstrlenA
CreateMutexW
LoadLibraryW
ExitProcess
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
RaiseException
InterlockedIncrement
FindResourceW
GetLastError
SizeofResource
LoadResource
CreateThread
lstrlenW
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA

user32

SetWindowPos
GetWindowRect
EnumChildWindows
SetParent
SetLayeredWindowAttributes
EndPaint
BeginPaint
DefWindowProcW
CallWindowProcW
SendMessageW
GetParent
GetClientRect
MoveWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
CopyRect
OffsetRect
LoadMenuW
LoadAcceleratorsW
DrawTextW
DestroyIcon
SetCursor
GetSubMenu
TrackPopupMenuEx
SetForegroundWindow
TranslateAcceleratorW
IsWindowVisible
IsMenu
GetDoubleClickTime
CreateDialogIndirectParamW
FindWindowExW
GetWindowThreadProcessId
IsZoomed
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
MonitorFromWindow
LoadIconW
GetSystemMetrics
InflateRect
SetRect
SetWindowRgn
SetTimer
GetClassInfoExW
LoadCursorW
EqualRect
GetClassNameW
GetWindow
IsWindow
DestroyWindow
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
PostQuitMessage
TrackPopupMenu
GetCursorPos
RegisterClassExW
UnregisterClassA
CreateWindowExW
ShowWindow
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
PostMessageW
SetWindowTextW
GetMenu
BringWindowToTop
GetDC
ReleaseDC
AdjustWindowRectEx
ReleaseCapture
UpdateLayeredWindow
MessageBoxW
GetSysColor
UnregisterClassW
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
PtInRect
DrawEdge
DrawFocusRect
GetCapture
SystemParametersInfoW
GetDlgCtrlID
IsWindowEnabled
KillTimer
UpdateWindow
CreateAcceleratorTableW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
FillRect
GetDlgItem
IsChild

gdi32

OffsetRgn
CombineRgn
CreateDIBSection
SetViewportOrgEx
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
CreateSolidBrush
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
DeleteObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateRectRgn
GetDeviceCaps

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SetErrorInfo
VarUI4FromStr
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysAllocStringLen
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
CreateErrorInfo
LoadTypeLi
VariantChangeType
GetErrorInfo
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayUnaccessData
SysFreeString

shlwapi

PathFileExistsW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW
PathRemoveArgsW
PathGetArgsW
PathRemoveBackslashW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_Create
ImageList_GetIconSize
InitCommonControlsEx
ImageList_AddMasked
ImageList_Destroy

msimg32

TransparentBlt

wininet

InternetOpenW
InternetCrackUrlW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetSetStatusCallbackW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW

gdiplus

GdipSaveImageToFile
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDrawImagePointRectI
GdipCloneBitmapAreaI
GdipCloneImage
GdipFree

sensapi

IsNetworkAlive

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CryptMsgClose

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09ebc51a9510816c53064273dd833166

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

gdiplus

sensapi

version

wintrust

crypt32

iphlpapi

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 65KB - Virtual size: 68KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 65KB - Virtual size: 68KB