1cfea9f427878ae0519cb64d6693c89f2906403cdb8d61d9f77e0842dcff7534

Sharing

Copy URL

Twitter E-mail

General

Target

1cfea9f427878ae0519cb64d6693c89f2906403cdb8d61d9f77e0842dcff7534
Size

815KB
MD5

3188566fa17fd954ad69242c1ad54b80
SHA1

291877b2053c3a6382fdd08d81002395493cf04b
SHA256

1cfea9f427878ae0519cb64d6693c89f2906403cdb8d61d9f77e0842dcff7534
SHA512

1cb75ab931cae1fba63e346bd1706e3f440530ac0a22c1704ce65aa5b66d402c7106c3ebcd4871dd01c4afea184e0e87ff7c8b3cff0ee5240f38f8153561807e
SSDEEP

3072:elhHrp4INpOnfSrwOnsg83Mjk2b0V/9lW10TS6FlBwGety:+RrpTNsfS8OnHjF0jl9TJxwbc

Score

N/A

Malware Config

Signatures

Files

1cfea9f427878ae0519cb64d6693c89f2906403cdb8d61d9f77e0842dcff7534
.exe windows x86

1362cce5b0a9b2b6bbff4eccbe0b81ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaRemovePrivilegesFromAccount
RegCloseKey
RegQueryValueA
SetFileSecurityA
ObjectCloseAuditAlarmA
BuildTrusteeWithObjectsAndSidW
CryptEncrypt
ImpersonateLoggedOnUser
RegQueryValueExW
RegSetValueExW
SystemFunction034
LsaDeleteTrustedDomain
LsaRemoveAccountRights
LsaSetInformationTrustedDomain
SetNamedSecurityInfoA
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
CancelOverlappedAccess

kernel32

CreatePipe
ExpandEnvironmentStringsW
GetCompressedFileSizeW
GetCurrentProcess
GetFileAttributesW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetVersion
LocalAlloc
LocalFree
OutputDebugStringA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
lstrcpyW
lstrcpynW
GetCurrentThreadId
GetDevicePowerState
GlobalHandle
GlobalSize
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
MultiByteToWideChar
OpenWaitableTimerA
VirtualAlloc
VirtualFree
lstrlenW
CloseHandle
CreateFileW
CreateProcessW
CreateThread
DeviceIoControl
FindClose
FindFirstFileW
FindResourceW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
LoadResource
LockResource
OutputDebugStringW
DosDateTimeToFileTime
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVolumeNameForVolumeMountPointA
GlobalAlloc
GlobalFree
InterlockedCompareExchange
InterlockedExchange
LocalFileTimeToFileTime
Sleep
WaitForDebugEvent
WriteFile
_lclose
_lread
lstrcmpiW
DisableThreadLibraryCalls
GetEnvironmentStrings
GetWindowsDirectoryW
lstrcmpW
CreateDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
RemoveDirectoryA
WideCharToMultiByte
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileW
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
SetFileAttributesW
VirtualProtect
GetSystemInfo
VirtualQuery
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetFileType
CreateFileA
HeapDestroy
HeapCreate
IsBadWritePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RtlUnwind
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
IsBadReadPtr
IsBadCodePtr
RaiseException
InitializeCriticalSection
SetFilePointer
ReadFile
SetEndOfFile
SetStdHandle
HeapSize
GetTimeZoneInformation
FlushFileBuffers
SetConsoleCtrlHandler
CompareStringA
CompareStringW

ole32

StgOpenAsyncDocfileOnIFillLockBytes
OleSetClipboard
CoUninitialize
CoInitializeEx
CoCreateInstance
WriteClassStm
CoUnloadingWOW
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitializeWOW
StringFromGUID2
OleInitialize
CoCreateGuid

oleaut32

DispInvoke
VarUI4FromDec
VarUI4FromI1
QueryPathOfRegTypeLi

shell32

ExtractIconW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW
SHBindToParent
SHBrowseForFolderW
SHGetSpecialFolderLocation

user32

InsertMenuW
GetSubMenu
IsCharLowerA
LoadMenuW
LockWindowUpdate
RegisterClipboardFormatW
RemoveMenu
SetMenuDefaultItem
ChangeDisplaySettingsW
DialogBoxParamW
EnumDisplayDevicesW
WinHelpW
ActivateKeyboardLayout
InsertMenuItemW
SetClipboardData
CheckMenuRadioItem
CreateIconIndirect
DefWindowProcW
EnableWindow
EndDialog
GetActiveWindow
GetClientRect
GetDlgItem
GetForegroundWindow
IsDlgButtonChecked
IsWindowEnabled
LoadStringW
MessageBoxExA
OemToCharA
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
SetFocus
SetWindowLongW
UpdateWindow
GetKeyboardState
GetQueueStatus
InvalidateRect
MsgWaitForMultipleObjects
SendNotifyMessageW
CheckDlgButton
DialogBoxIndirectParamW
GetParent
GetWindowLongW
IsCharAlphaNumericA
LoadCursorW
MessageBoxW
SetCursor
SetWindowTextW
CreatePopupMenu
DdeKeepStringHandle
DdeUninitialize
DeleteMenu
DestroyMenu
DrawIcon
EnableMenuItem
FillRect
GetComboBoxInfo
GetMenuItemCount
GetMenuItemInfoW

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1362cce5b0a9b2b6bbff4eccbe0b81ac

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

shell32

user32

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 596KB - Virtual size: 595KB

.data Size: 80KB - Virtual size: 88KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 596KB - Virtual size: 595KB

.data
Size: 80KB - Virtual size: 88KB