ebe4d53a6f38f9f9a3335b23109a76a51a4129fdb9c9a1f96f50c67cd5056b44

Sharing

Copy URL

Twitter E-mail

General

Target

ebe4d53a6f38f9f9a3335b23109a76a51a4129fdb9c9a1f96f50c67cd5056b44
Size

309KB
MD5

2f2e2da43cc4e96a4a43a26215417203
SHA1

1bd58661f13eacd4944b0021419b8327517d8215
SHA256

ebe4d53a6f38f9f9a3335b23109a76a51a4129fdb9c9a1f96f50c67cd5056b44
SHA512

e21d266961f2d3f707d5a9bdb169b436ac631c28d14bc3f861db3b430a7666f6f0b097c91942ad452f4dfc02920d72275951a25257bc4ae76efacb9ee9c4e3e2
SSDEEP

6144:hUDiZpmr/8j45O2VgKYye6vGu8gT99Jf9cugrp0K/+PDb3q/pjZ3vKQk2u:hjSfO2SK3eiG50PfS9p0K/8X3qZu

Score

N/A

Malware Config

Signatures

Files

ebe4d53a6f38f9f9a3335b23109a76a51a4129fdb9c9a1f96f50c67cd5056b44
.exe windows x86

06598a9de43ed982a5857731f655a9ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GlobalFree
WriteFile
WTSGetActiveConsoleSessionId
GetTempFileNameW
GetTempPathW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
TerminateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualProtect
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ExitThread
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVolumeInformationW
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
CreateProcessW
LocalAlloc
LocalFree
CopyFileW
DeleteFileW
SetLastError
lstrcpynW
lstrlenA
lstrcpynA
lstrcmpW
GetCurrentProcessId
lstrcpyW
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
GetTickCount
Sleep
GetFileSize
SetFilePointer
ReadFile
GetCurrentProcess
RaiseException
FlushInstructionCache
GetVersionExW
CloseHandle
CreateFileW
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
ExitProcess

user32

DestroyWindow
IsWindow
GetWindowLongW
SetWindowLongW
DialogBoxParamW
wvsprintfW
GetWindow
MonitorFromWindow
GetDC
ShowWindow
SetWindowPos
RemoveMenu
AppendMenuW
CreatePopupMenu
LoadBitmapW
LoadStringA
PostQuitMessage
GetWindowRect
DefWindowProcW
CharNextW
EndDialog
TranslateAcceleratorW
SetMenuDefaultItem
SetMenu
GetMenu
GetSubMenu
PeekMessageW
PtInRect
IsMenu
SetWindowsHookExW
GetClassNameW
OffsetRect
RegisterClassExW
LoadImageW
LoadCursorW
GetClassInfoExW
CreateWindowExW
DestroyMenu
LoadAcceleratorsW
LoadMenuW
LoadStringW
SendMessageW
PostMessageW
GetClientRect
ScreenToClient
MapWindowPoints
UpdateWindow
InvalidateRect
IsWindowVisible
IsWindowEnabled
SetFocus
UnregisterClassA
CallNextHookEx
GetKeyState
CharLowerW
UnhookWindowsHookEx
InflateRect
SystemParametersInfoW
SetRectEmpty
GetSystemMetrics
RegisterWindowMessageW
GetSysColorBrush
GetSysColor
ReleaseDC
GetWindowDC
TrackPopupMenuEx
GetMessagePos
WindowFromPoint
MessageBeep
DrawEdge
FrameRect
ModifyMenuW
MonitorFromPoint
GetMonitorInfoW
DrawFrameControl
DrawTextW
GetFocus
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
CallWindowProcW
FillRect
GetActiveWindow
GetWindowThreadProcessId
GetParent

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
SetBkMode
SetTextColor
SetBrushOrgEx
SetBkColor
PatBlt
CreateBitmap
DeleteDC
CreatePatternBrush
CreateDIBSection
GetStockObject
GetCurrentObject
DeleteObject
SelectObject

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenSCManagerW
CreateServiceW
ControlService
QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
DuplicateTokenEx
RegQueryValueExW
GetTokenInformation
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
SetServiceStatus

shlwapi

PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_Draw
ImageList_DrawIndirect
CreateStatusWindowW
ord8
ImageList_Create
ImageList_LoadImageW
ImageList_AddMasked
ImageList_Destroy

winhttp

WinHttpSetOption
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06598a9de43ed982a5857731f655a9ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

winhttp

wtsapi32

userenv

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB