ea468ddd624277ed6bf0756c1ac1ccb0571f76930348dc255b8b2547caf1ca12

Sharing

Copy URL

Twitter E-mail

General

Target

ea468ddd624277ed6bf0756c1ac1ccb0571f76930348dc255b8b2547caf1ca12
Size

1.3MB
MD5

0a474e9bfcfd122f3adfa56efdbeb6b5
SHA1

922d961ec641e2d1d2d3b9ce74187c37a720f3dc
SHA256

ea468ddd624277ed6bf0756c1ac1ccb0571f76930348dc255b8b2547caf1ca12
SHA512

6d3c14cece7fb841dc8f0b6cd40a2046035979d2deeb17a9e343651120e24431eeac0f0c46f4ccf610d212d63cf9f92d7bded0a8e2f58bb4b242cb6884f0b6ef
SSDEEP

24576:m6ghwDYuiu9ZXVz4++99W0IU3valUQ0nr3eEaOiG9+/t/4rEX7tqHCsNkILH7aRb:BywDYui+VVzBg9tRreRG8/tAE7tqHCAo

Score

N/A

Malware Config

Signatures

Files

ea468ddd624277ed6bf0756c1ac1ccb0571f76930348dc255b8b2547caf1ca12
.exe windows x86

38d6bc894c420310ffb65b77f8b6d847

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleA
PrintDlgA
GetSaveFileNameW
ChooseColorA
ChooseFontW
ChooseColorW
GetOpenFileNameW
FindTextW
PageSetupDlgW
ReplaceTextW
FindTextA
ReplaceTextA
PrintDlgW
GetFileTitleW
PageSetupDlgA
LoadAlterBitmap

shell32

SHGetNewLinkInfo
DragQueryPoint
SHBrowseForFolder
ShellAboutA
SHQueryRecycleBinW
SHGetMalloc
SHGetPathFromIDList
RealShellExecuteExW
SHGetSpecialFolderPathW
SheGetDirA
SHGetFileInfo
SHGetFileInfoA
DragQueryFileA
SHFormatDrive
SHAddToRecentDocs
SHGetDataFromIDListW
SHGetDataFromIDListA
DoEnvironmentSubstA
DuplicateIcon
DragQueryFileW
ShellExecuteW
FindExecutableW
SHFreeNameMappings
SHLoadInProc
ShellExecuteA
DragQueryFile
ExtractIconA
SHInvokePrinterCommandA
SHGetDiskFreeSpaceA
SHFileOperationA
SHGetPathFromIDListW
ExtractAssociatedIconA
ExtractIconExA
ExtractAssociatedIconExA
SHGetDesktopFolder
ExtractAssociatedIconW
RealShellExecuteA
InternalExtractIconListW
ShellAboutW
ShellHookProc
SheSetCurDrive
SHInvokePrinterCommandW
FreeIconList
ExtractAssociatedIconExW
FindExecutableA
SHChangeNotify
SHEmptyRecycleBinA
SHGetSettings
RealShellExecuteW
SHQueryRecycleBinA
CheckEscapesW
SHGetSpecialFolderLocation
SHFileOperation
ShellExecuteExW
SHBrowseForFolderW
DragFinish

wsock32

getprotobynumber
gethostname
WSAGetLastError
ord1141
recv
bind
gethostbyaddr
ord1107
WSAAsyncGetHostByName
WSAIsBlocking
send
WSAAsyncGetProtoByName
sendto
setsockopt
ord1000
shutdown
htons
ntohl
WSASetLastError
connect
ord1114
ord1142
getsockopt
ord1119
getservbyname
ord1109
WSAAsyncSelect
WSAAsyncGetServByName
listen
ord1118
getprotobyname
socket
ord1110
WSACancelAsyncRequest
closesocket
WSAAsyncGetServByPort
inet_addr
WSASetBlockingHook

advapi32

RegQueryValueA
InitiateSystemShutdownA
CryptDuplicateKey
CryptAcquireContextW
CryptCreateHash
RegLoadKeyA
CryptEnumProvidersW
RegCreateKeyA
RegEnumKeyW
RegCloseKey
CryptAcquireContextA
CryptImportKey
RevertToSelf
RegSaveKeyW
CryptDeriveKey
InitializeSecurityDescriptor
CryptExportKey
CryptSetProviderExA
CryptSetProviderExW
DuplicateTokenEx
RegReplaceKeyA
RegEnumKeyExA
CryptEnumProviderTypesW
GetUserNameA
AbortSystemShutdownW
RegSetKeySecurity
ReportEventA
CryptSetProviderW
CryptDestroyHash
LogonUserW
CryptVerifySignatureA
CreateServiceW
RegSetValueExW
CryptGetKeyParam
StartServiceW
GetUserNameW
CryptEncrypt
CryptGenKey
LookupAccountNameW
CryptSignHashW
DuplicateToken
RegEnumKeyA
AbortSystemShutdownA
RegOpenKeyW
CryptDecrypt
CryptGetProvParam
RegDeleteKeyW
CryptGetDefaultProviderA
LookupAccountSidW
CryptVerifySignatureW
RegRestoreKeyA
RegLoadKeyW
RegOpenKeyA
RegEnumKeyExW
RegReplaceKeyW
RegCreateKeyExA
CryptSignHashA
RegDeleteValueW
RegSetValueExA
CryptSetProvParam
RegEnumValueW
RegConnectRegistryW
RegQueryInfoKeyA
LookupPrivilegeNameW
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExW
RegFlushKey
RegQueryMultipleValuesA
RegQueryValueExW

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
Heap32Next
CreateSemaphoreW
SetConsoleTextAttribute
GetProfileSectionA
FindFirstChangeNotificationA
SearchPathW
SetConsoleWindowInfo
Thread32Next
MultiByteToWideChar
EnumCalendarInfoW
FreeLibrary
DefineDosDeviceW
EraseTape
TransactNamedPipe
OpenEventA
GetProfileStringA
WriteConsoleInputW
GetProcessHeaps
SetThreadContext
PulseEvent
HeapDestroy
GetProcessPriorityBoost
FindAtomA
TlsAlloc
TransmitCommChar
GetFullPathNameW
CreateDirectoryExA
SystemTimeToFileTime
HeapValidate
GetPrivateProfileSectionW
InterlockedIncrement
PeekConsoleInputA
FillConsoleOutputAttribute
CreateConsoleScreenBuffer
lstrlen
ReadConsoleOutputCharacterW
FileTimeToLocalFileTime
lstrcmpA
LeaveCriticalSection
WaitNamedPipeW
EnumSystemCodePagesA
SetCurrentDirectoryA
SetVolumeLabelA
LoadModule
DebugActiveProcess
GetNumberOfConsoleMouseButtons
OutputDebugStringW
CreateNamedPipeW
WriteFileEx
SetFileTime
EnumDateFormatsExW
RemoveDirectoryW
HeapWalk
GetModuleFileNameW
GlobalUnWire
GetNamedPipeHandleStateW
CreateFileMappingW
WriteConsoleOutputCharacterA
DefineDosDeviceA
GetQueuedCompletionStatus
lstrcmpi
GetLongPathNameW
CreateMailslotW
CreateMailslotA
OpenProcess
LocalShrink
SetConsoleTitleW
GetEnvironmentStringsW
SetComputerNameA
FindFirstFileA
InitializeCriticalSectionAndSpinCount
RtlMoveMemory
GetSystemTime
GetThreadPriorityBoost
GetNumberOfConsoleInputEvents
CreateWaitableTimerW
GetPrivateProfileSectionA
CommConfigDialogW
LocalFlags
GetProcessShutdownParameters
GetProcAddress
LocalCompact
WriteProfileStringA
GetConsoleCP
ExitThread
GetEnvironmentStrings
ReadConsoleOutputCharacterA
CreateProcessA
CreateFileMappingA
LocalFree
SetThreadPriorityBoost
GetNamedPipeInfo
GlobalAlloc
PeekConsoleInputW
GetSystemTimeAdjustment
GlobalCompact
GetDriveTypeW
GetCommandLineW
WaitForDebugEvent
WritePrivateProfileStringW
VirtualQueryEx
GetProfileStringW
VirtualProtect
GlobalAddAtomA
OpenSemaphoreA
GetTimeFormatA
GetLogicalDrives
Toolhelp32ReadProcessMemory
RemoveDirectoryA
CreateDirectoryW
DeleteFileA
GetModuleHandleW
SetEnvironmentVariableA
ReadConsoleInputA
GetThreadTimes
GetNamedPipeHandleStateA
GetThreadContext
SystemTimeToTzSpecificLocalTime
LoadLibraryW
GetStringTypeW
GetCompressedFileSizeA
FindAtomW
GlobalFindAtomA
GetLocalTime
LocalLock
FoldStringA
ReadFileEx
IsDebuggerPresent
ResumeThread
GetNumberFormatW
GetProcessHeap
GetFileAttributesW
DisableThreadLibraryCalls
GetComputerNameA
HeapUnlock
GetLongPathNameA
CreateEventW
HeapCreate
LocalSize
LoadResource
CreateMutexW
GetCommandLineA
lstrcmp
WritePrivateProfileStructW
VirtualLock
TlsGetValue
GetLogicalDriveStringsW
WriteProfileSectionW
EnumResourceNamesA
GetProfileSectionW
SetThreadAffinityMask
SetEvent
WriteConsoleOutputAttribute
LoadLibraryExW
ReadConsoleOutputA
DebugBreak
CreateSemaphoreA
SignalObjectAndWait
GetACP
GetShortPathNameW
FreeLibraryAndExitThread
GetPrivateProfileStructA
ExpandEnvironmentStringsA
GlobalLock
FindResourceA
GetStringTypeExA
GetCalendarInfoW
OpenWaitableTimerW
GlobalReAlloc
SetThreadExecutionState
BeginUpdateResourceW
GetPrivateProfileIntA
WideCharToMultiByte
TlsSetValue
SetVolumeLabelW
InitializeCriticalSection
EnumDateFormatsW
SetConsoleOutputCP
GlobalWire
ReadConsoleW
LockFile
WaitForSingleObject
MulDiv
lstrcmpiW
SetPriorityClass
GlobalFree
EnumCalendarInfoExA
EnumResourceLanguagesA
GetUserDefaultLangID
FoldStringW
WaitNamedPipeA
GetFullPathNameA
SetConsoleMode
FindResourceW
CreateDirectoryExW
CreateDirectoryA
CreateFileA
CreateWaitableTimerA
UpdateResourceA
SetLastError
SetEnvironmentVariableW
GetThreadSelectorEntry
FormatMessageW
GetVolumeInformationA
SetConsoleActiveScreenBuffer
HeapCompact
AddAtomA
SetHandleCount
InitAtomTable
GetWindowsDirectoryW
FindFirstFileExW
GetStartupInfoW
GetWriteWatch
GetAtomNameW
DuplicateHandle
GetVolumeInformationW
ConvertDefaultLocale
GlobalGetAtomNameW
CompareFileTime
GetCurrentDirectoryA
ReadProcessMemory
GlobalSize
GlobalUnfix
SetComputerNameW
EscapeCommFunction
PeekNamedPipe
LockFileEx
GetPrivateProfileIntW
lstrcpynA
GetTempFileNameW
SetThreadIdealProcessor
GetCompressedFileSizeW
GetProfileIntW
DeleteFiber
GetThreadPriority
lstrlenW
TerminateThread
RtlFillMemory
UnmapViewOfFile
GetStdHandle
WaitForSingleObjectEx
WriteFileGather
GetTempPathA
SetTimeZoneInformation
GetCurrentThread
IsValidCodePage
GetPrivateProfileSectionNamesA
Sleep
GetDateFormatA
FreeEnvironmentStringsA
DosDateTimeToFileTime
GetTempFileNameA
OpenFileMappingW
OutputDebugStringA
GetSystemDirectoryA
CreateNamedPipeA
FindNextFileW
WinExec
SetFileAttributesW
MoveFileExA
GetFileSize
GetCurrencyFormatW
WriteConsoleOutputCharacterW
GetSystemPowerStatus
FindResourceExW
GetHandleInformation
Heap32ListFirst
GetConsoleCursorInfo
RtlZeroMemory
GetSystemDefaultLangID
GetThreadLocale
FindFirstFileW
GetProcessTimes
CloseHandle
lstrcatA
GetNumberFormatA
FlushConsoleInputBuffer
WriteConsoleOutputW
FindNextChangeNotification
Module32Next
AllocConsole
EnumResourceLanguagesW
GetAtomNameA
WriteConsoleW
ReadFileScatter
GlobalUnlock
MoveFileA
GetFileAttributesExA
ExpandEnvironmentStringsW
GetEnvironmentStringsA
TlsFree
GlobalFindAtomW
MoveFileW
OpenFileMappingA
SetLocaleInfoA
ReadConsoleA
GetCalendarInfoA

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 749KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38d6bc894c420310ffb65b77f8b6d847

Headers

File Characteristics

Imports

comdlg32

shell32

wsock32

advapi32

kernel32

Sections

.text Size: 297KB - Virtual size: 296KB

.data Size: 122KB - Virtual size: 122KB

.bss Size: 135KB - Virtual size: 134KB

.idata Size: 749KB - Virtual size: 752KB

.text
Size: 297KB - Virtual size: 296KB

.data
Size: 122KB - Virtual size: 122KB

.bss
Size: 135KB - Virtual size: 134KB

.idata
Size: 749KB - Virtual size: 752KB