49d906ebf9d53982906394e15433476d73442bbd6a9e6f38907e65b2aaa58342

Sharing

Copy URL Twitter E-mail

General

Target

49d906ebf9d53982906394e15433476d73442bbd6a9e6f38907e65b2aaa58342
Size

432KB
MD5

3b0acdd4c4abca17354dccdf547ccb40
SHA1

9a3f03bee586925e0c09f2b765cca70aec9bb3cb
SHA256

49d906ebf9d53982906394e15433476d73442bbd6a9e6f38907e65b2aaa58342
SHA512

62370ab1642e67cee955d71c31c221928096ce770fbaa513ca46f6ac0644e077aa3aa6d600fd2aa492eb41d967f369775d5f2fbc304a86ec96ed85db47246562
SSDEEP

12288:7SyHgj+yzKPTBLvk8V1uVJvs4HgcT4uBW:+j+SKPTBLlunsEgcTTBW

Score

N/A

Malware Config

Signatures

Files

49d906ebf9d53982906394e15433476d73442bbd6a9e6f38907e65b2aaa58342
.exe windows x86

7e4121731cdd56f2c1b768bc5840de04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
DuplicateTokenEx
CryptGenRandom
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityInfo
CopySid
IsValidSid
GetLengthSid
InitializeAcl
AddAce
GetUserNameW

kernel32

CreateProcessW
OpenProcess
GetTempPathA
GetFullPathNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
InterlockedCompareExchange
GetTempPathW
GetLocalTime
GetFullPathNameW
ReadFile
GetUserDefaultLangID
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
OpenMutexW
LocalAlloc
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
GetEnvironmentVariableW
GetFileAttributesW
CreateDirectoryW
GetPrivateProfileStringW
ReleaseMutex
CreateFileW
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
EnumResourceNamesW
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ExpandEnvironmentStringsW
FindResourceExW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
CopyFileW
LoadLibraryW
GetComputerNameW
GetStringTypeW
GetStringTypeA
LCMapStringW
WideCharToMultiByte
LCMapStringA
LoadLibraryA
HeapSize
Sleep
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LockResource
WaitForSingleObject
CompareStringW
CloseHandle
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
HeapSetInformation
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FreeLibrary
FormatMessageW
GetLastError
LocalFree
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA

user32

GetKeyState
GetFocus
RegisterClassExW
InvalidateRect
PtInRect
UpdateWindow
IsWindowEnabled
KillTimer
NotifyWinEvent
GetNextDlgTabItem
CreateAcceleratorTableW
CharNextW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
EnumChildWindows
DestroyAcceleratorTable
GetLayeredWindowAttributes
SetLayeredWindowAttributes
EnableWindow
PostQuitMessage
RegisterWindowMessageW
SetCursor
DefWindowProcW
IsWindowVisible
SetFocus
ShowWindow
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
GetDesktopWindow
SystemParametersInfoW
CopyRect
GetSysColor
MessageBoxIndirectW
BeginPaint
EndPaint
RedrawWindow
MessageBeep
CreateDialogIndirectParamW
DialogBoxIndirectParamW
LoadCursorW
DefDlgProcW
TrackMouseEvent
GetDCEx
SetWindowRgn
GetWindowThreadProcessId
GetShellWindow
SetProcessDefaultLayout
DispatchMessageW
PostMessageW
SetWindowLongW
SetWindowTextW
LoadStringW
GetMessageW
FillRect
InflateRect
GetWindowLongW
AdjustWindowRectEx
SetWindowPos
GetSystemMetrics
DrawTextW
LoadIconW
ReleaseDC
GetDC
EndDialog
GetWindowRect
GetClientRect
GetParent
CreateWindowExW
UnregisterClassA
IsWindow
DestroyWindow
SendMessageW
SetRect

urlmon

CreateAsyncBindCtx
CreateURLMoniker
CoInternetGetSession

msi

ord195
ord173
ord203
ord70
ord205
ord113

comctl32

ord413
ord410
ord412
ord17

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData

userenv

UnloadUserProfile

crypt32

CryptStringToBinaryW
CertVerifyCertificateChainPolicy

uxtheme

SetWindowTheme

shlwapi

PathIsDirectoryW
PathFileExistsW
SHCreateStreamOnFileA
StrRChrW
PathIsRelativeW
PathFindExtensionW
SHCreateStreamOnFileW
PathFindFileNameA
PathFindFileNameW
UrlCreateFromPathW

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCombineUrlW

gdiplus

GdipDrawImagePointRectI
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipFree
GdipAlloc
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDrawImageI
GdipCreateFont
GdipGetLogFontW
GdipCloneImage
GdipDrawImageRectRect
GdipCreateFromHWND

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect

cabinet

ord11
ord14
ord13
ord10

shell32

SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathAndSubDirW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
OleRun
OleLockRunning

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr

gdi32

CreateRectRgn
GetClipRgn
IntersectClipRect
CreateSolidBrush
CreatePen
GetTextMetricsW
SetTextColor
DeleteObject
GetObjectW
ExcludeClipRect
BitBlt
DeleteDC
SelectObject
RestoreDC
SetLayout
SetBkColor
SaveDC
GetStockObject
CreateFontIndirectW
CreateCompatibleDC
SetBkMode

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e4121731cdd56f2c1b768bc5840de04

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

urlmon

msi

comctl32

wintrust

userenv

crypt32

uxtheme

shlwapi

wininet

gdiplus

winhttp

cabinet

shell32

ole32

oleaut32

gdi32

Sections

.text Size: 286KB - Virtual size: 286KB

.data Size: 9KB - Virtual size: 21KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 30KB - Virtual size: 29KB

.edata Size: 68KB - Virtual size: 68KB

.text
Size: 286KB - Virtual size: 286KB

.data
Size: 9KB - Virtual size: 21KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 30KB - Virtual size: 29KB

.edata
Size: 68KB - Virtual size: 68KB