0f9ebc205e37c7621bfc19e0a241ffdc25fbb910696b6512b3e3de8c93b4c98a

Sharing

Copy URL

Twitter E-mail

General

Target

0f9ebc205e37c7621bfc19e0a241ffdc25fbb910696b6512b3e3de8c93b4c98a
Size

286KB
MD5

20d4bba4eaf4ef7f7e01d33c93e0067c
SHA1

38eea7c9c8da4e860187b9f78e9aa79409a8bddf
SHA256

0f9ebc205e37c7621bfc19e0a241ffdc25fbb910696b6512b3e3de8c93b4c98a
SHA512

12145d7487fbdb40fa2b928a94582fc67e521da791de9860ee7ee2ec17044038cf00339053a4c69a1d30010114ee04f5609f666c55b1f01b12052f0b08325b9e
SSDEEP

6144:9NK9TBtjtuCgSlaMQqs6rJhBF5ejXfxnEvipIxppKfERhINpCJIDHi+b2:9NK9T3oSQD6rJhBFojXfBSYIYChhqHJ6

Score

N/A

Malware Config

Signatures

Files

0f9ebc205e37c7621bfc19e0a241ffdc25fbb910696b6512b3e3de8c93b4c98a
.exe windows x86

f9f53499d9174280e883ca5818169d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
LdrGetDllHandle
NtQueryInformationProcess
LdrLoadDll

kernel32

GetFileInformationByHandle
SetFileAttributesW
ExpandEnvironmentStringsW
VirtualProtect
SetThreadPriority
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ResumeThread
TlsGetValue
TlsSetValue
FindFirstFileW
FindClose
FindNextFileW
InterlockedIncrement
InterlockedDecrement
lstrcmpA
CreateRemoteThread
Process32FirstW
Process32NextW
GetDriveTypeW
GetLogicalDrives
UnregisterWait
RegisterWaitForSingleObject
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
GetSystemTime
ResetEvent
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
CreateMutexW
HeapReAlloc
GetProcessHeap
GlobalLock
GlobalUnlock
GetVolumeNameForVolumeMountPointW
TerminateThread
TryEnterCriticalSection
GetHandleInformation
lstrcpyA
TerminateProcess
GetExitCodeThread
DosDateTimeToFileTime
GetTempFileNameW
MoveFileExW
QueryPerformanceCounter
OpenMutexW
lstrcmpiA
VirtualFree
GetTempPathW
RemoveDirectoryW
FileTimeToDosDateTime
lstrcpynA
FileTimeToLocalFileTime
GetProcessId
GetSystemDefaultUILanguage
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
GetTickCount
GetNativeSystemInfo
GetModuleHandleW
GetVersionExW
GetProcAddress
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
SetEvent
VirtualFreeEx
Sleep
GetModuleFileNameW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
lstrcatW
OpenEventW
DuplicateHandle
CloseHandle
GetCurrentProcessId
LocalFree
WriteProcessMemory
GetCurrentThreadId
lstrlenA
FreeLibrary
CreateDirectoryW
SetFilePointer
OutputDebugStringA
LoadLibraryW
lstrlenW
WTSGetActiveConsoleSessionId
lstrcpyW
DeleteFileW
GetEnvironmentVariableW
CreateProcessW
GetCurrentThread
OpenProcess
Thread32First
Thread32Next
GetLastError
LoadLibraryA
CreateToolhelp32Snapshot
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
SetLastError
TlsAlloc
TlsFree
IsBadReadPtr
VirtualAllocEx
SetEndOfFile
SetFilePointerEx
SetFileTime
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
GetFileTime

user32

GetMessageA
GetUpdateRgn
GetMessageW
GetWindowDC
SetCapture
DefDlgProcW
OpenInputDesktop
BeginPaint
GetUpdateRect
GetDC
IsWindow
SendMessageTimeoutW
SetWindowPos
GetAncestor
GetWindowLongW
GetClassLongW
GetWindowInfo
GetParent
PostMessageW
GetWindowRect
GetShellWindow
PostThreadMessageW
SetWindowLongW
EndPaint
ToUnicode
GetKeyboardState
IntersectRect
DrawEdge
FillRect
RegisterWindowMessageW
SendMessageW
PrintWindow
EqualRect
GetClassNameW
GetWindow
GetLastInputInfo
GetSystemMetrics
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
CharUpperW
CharLowerW
IsRectEmpty
GetWindowThreadProcessId
SystemParametersInfoW
GetCapture
TranslateMessage
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
MsgWaitForMultipleObjects
DispatchMessageW
DrawIcon
GetIconInfo
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMessagePos
DefFrameProcW
CharToOemW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
CharLowerA
GetTopWindow
LoadImageW
WindowFromPoint
MapWindowPoints
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
ExitWindowsEx
MapVirtualKeyW
DefFrameProcA

advapi32

CryptReleaseContext
GetLengthSid
ConvertSidToStringSidW
EqualSid
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
CryptDestroyHash
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptHashData
CryptCreateHash
IsWellKnownSid
CryptAcquireContextW
CryptGetHashParam
RegSetValueExW

shlwapi

PathGetDriveNumberW
ord14
PathUnquoteSpacesW
PathSkipRootW
StrChrA
StrCmpNA
StrChrW
StrCmpIW
StrRChrA
wvnsprintfA
wvnsprintfW
PathRenameExtensionW
PathAddExtensionW
PathIsDirectoryW
SHDeleteKeyW
SHDeleteValueW
PathAddBackslashW
PathFindExtensionW
PathMatchSpecW
StrCmpNW
PathQuoteSpacesW
PathRemoveBackslashW
PathIsURLW
PathFindFileNameW
StrCmpNIW
PathRemoveFileSpecW
StrCmpNIA
UrlUnescapeA
PathRemoveExtensionW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW
EncryptMessage
DecryptMessage
DeleteSecurityContext

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

gdi32

CreateDIBSection
GdiFlush
GetDIBits
CreateDCW
BitBlt
SetRectRgn
SaveDC
RestoreDC
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx

ws2_32

WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
WSACleanup
recv
bind
connect
WSACloseEvent
getpeername
WSAIoctl
WSAAddressToStringW
recvfrom
WSAEnumNetworkEvents
WSAEventSelect
getsockname
setsockopt
sendto
WSACreateEvent
getsockopt
socket
freeaddrinfo
WSASetLastError
closesocket
send
listen
accept
WSASend
WSARecv
WSAStringToAddressW
WSAAddressToStringA
WSAGetOverlappedResult

crypt32

CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CryptUnprotectData
CertCloseStore
CertOpenSystemStoreW
PFXImportCertStore

wininet

InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetCrackUrlA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetUserGetInfo
NetUserEnum
NetApiBufferFree

iphlpapi

GetAdaptersAddresses

msvcrt

_except_handler3
_errno
memset
memcpy
memmove
strcmp
memcmp
_ultow
_purecall
strtoul
abs
_vsnwprintf
_vsnprintf
memchr

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f53499d9174280e883ca5818169d83

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

msvcrt

version

Sections

.text Size: 268KB - Virtual size: 268KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 268KB - Virtual size: 268KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 15KB - Virtual size: 14KB