9f5e454335e74c61401f51559f449d8b974267cf80fc801d2c2b0c803ddf62df

Sharing

Copy URL Twitter E-mail

General

Target

9f5e454335e74c61401f51559f449d8b974267cf80fc801d2c2b0c803ddf62df
Size

205KB
MD5

430c8144a8027e9ce2f5cd10aae92144
SHA1

e390965126f2b97d1a9ca8a05ca004c92077ba92
SHA256

9f5e454335e74c61401f51559f449d8b974267cf80fc801d2c2b0c803ddf62df
SHA512

0d651fcef841b80514861eb28277c9edf27214993eb4a8ace2da42476e605fbf98bcb0001590eae647c70717dccc06599e4fb4e51645d6404ada170b7bdc9f2d
SSDEEP

6144:Aojl/qqDL91tGe9fff0qjK+CV8uPI/byOp9qYI:AojliqntGlqjtqfIyeqb

Score

N/A

Malware Config

Signatures

Files

9f5e454335e74c61401f51559f449d8b974267cf80fc801d2c2b0c803ddf62df
.exe windows x86

0aa3c1a0fb65cb155146b98c392a2857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetEnvironmentVariableW
GetSystemTime
WriteProcessMemory
CreateThread
MapViewOfFile
Thread32First
CreateFileMappingW
GetCurrentThreadId
TlsAlloc
TlsFree
GetCommandLineW
SetErrorMode
GetComputerNameW
GetVersionExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetNativeSystemInfo
GetPrivateProfileStringW
GetPrivateProfileIntW
TlsGetValue
TlsSetValue
TerminateProcess
GetThreadContext
SetThreadContext
GetProcessId
MoveFileExW
GetUserDefaultUILanguage
SetThreadPriority
GetCurrentThread
GetLocalTime
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
SetFileAttributesW
VirtualQueryEx
SetFileTime
GetProcessHeap
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
UnmapViewOfFile
FileTimeToDosDateTime
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
Sleep
LoadLibraryW
CreateDirectoryW
FreeLibrary
CreatePipe
ReadFile
WriteFile
SetHandleInformation
CreateProcessW
ExitThread
ResetEvent
SetLastError
GetLastError
SetEvent
ExpandEnvironmentStringsW
GetModuleHandleA
LoadLibraryA
ExitProcess
GetFileAttributesW
IsBadReadPtr
GlobalUnlock
GetTickCount
GlobalLock
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
ReleaseMutex
CloseHandle
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
GetFileAttributesExW
lstrcmpiW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LocalFree

user32

HiliteMenuItem
GetUserObjectInformationW
SendMessageW
EndMenu
GetWindowThreadProcessId
GetShellWindow
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerW
GetWindowLongW
CharLowerA
CharUpperW
PostThreadMessageW
GetWindow
DispatchMessageW
CharLowerBuffA
CharToOemW
ExitWindowsEx
MessageBoxA
GetKeyboardState
ToUnicode
GetSystemMetrics
RegisterWindowMessageW
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
SetCapture
GetMenuItemCount
GetMenuState
GetClassNameW
SystemParametersInfoW
TrackPopupMenuEx
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
MapVirtualKeyW
FillRect
PostMessageW
GetWindowInfo
DrawEdge
IntersectRect
EqualRect
PrintWindow
IsRectEmpty
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
OpenWindowStationW
SetThreadDesktop
DrawIcon
GetIconInfo
SendMessageTimeoutW
GetKeyboardLayoutList
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
OpenDesktopW
MenuItemFromPoint
BeginPaint
GetUpdateRect
GetDC
GetCapture
TranslateMessage
RegisterClassExW
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
GetMenu
EndPaint
GetMenuItemRect
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMessagePos
DefFrameProcW
RegisterClassA
SetWindowLongW

advapi32

CreateProcessAsUserA
CreateProcessAsUserW
InitiateSystemShutdownExW
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
EqualSid
GetLengthSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
IsWellKnownSid
ConvertSidToStringSidW
SetSecurityInfo
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW

shlwapi

PathAddExtensionW
PathQuoteSpacesW
StrStrIW
StrStrIA
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRenameExtensionW
StrCmpNIW
PathIsURLW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

SelectObject
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateDIBSection
CreateCompatibleDC
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
DeleteObject

ws2_32

WSASend
getaddrinfo
accept
getsockname
WSAEventSelect
WSAGetLastError
listen
WSASetLastError
inet_addr
getpeername
recvfrom
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
closesocket
gethostbyname
send
socket
bind
recv
sendto
setsockopt
shutdown
select
freeaddrinfo

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

InternetReadFileExA
InternetReadFile
HttpSendRequestW
HttpOpenRequestA
HttpEndRequestA
InternetSetStatusCallbackA
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
InternetQueryDataAvailable
InternetSetFilePointer
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
HttpOpenRequestW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aa3c1a0fb65cb155146b98c392a2857

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 193KB - Virtual size: 193KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 193KB - Virtual size: 193KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB