fe2e30e1bf2a70d83d30114033db5f2e023972705939f815f97a5283a61bb9f4

Sharing

Copy URL Twitter E-mail

General

Target

fe2e30e1bf2a70d83d30114033db5f2e023972705939f815f97a5283a61bb9f4
Size

143KB
MD5

5be076f80b45bb239c8cdf8b2d8731d0
SHA1

7356a4e0bf1393e8bca7ba4fd1503f46e351cbe8
SHA256

fe2e30e1bf2a70d83d30114033db5f2e023972705939f815f97a5283a61bb9f4
SHA512

a4c0ee5e8d337cce9244294d4244e8dfeef16b28111b111c86be378a5da230a450534607e6cb6acf50cf289b1ccf4d33a0dd5fa6e9d57d851221eef43915812b
SSDEEP

3072:QL5i76OHZLXjbj6WYlUA1cy5F5zw3b0du4G12/+apK4wc8dS4EDLogrloKjeSAKI:QlyNHp6VaA1cy5Hzwr0I4G12/+2DedRV

Score

N/A

Malware Config

Signatures

Files

fe2e30e1bf2a70d83d30114033db5f2e023972705939f815f97a5283a61bb9f4
.exe windows x86

31e4b384da914f71af0fe0c8ef661ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
GetSystemTime
CreateThread
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
LoadLibraryW
ReadProcessMemory
HeapDestroy
HeapCreate
TerminateProcess
Thread32Next
GetUserDefaultUILanguage
GetTimeZoneInformation
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
ExpandEnvironmentStringsW
GlobalLock
GlobalUnlock
lstrcmpiA
WTSGetActiveConsoleSessionId
TlsSetValue
TlsGetValue
MoveFileExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
GetProcessId
VirtualAlloc
SetThreadContext
TlsFree
TlsAlloc
GetThreadContext
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
OpenEventW
WaitForMultipleObjects
GetModuleFileNameW
Sleep
VirtualFreeEx
VirtualFree
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
ReadFile
ResetEvent
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
LocalFree
GetVersionExW
GetNativeSystemInfo
GetFileAttributesExW
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
WaitForSingleObject
CloseHandle
EnterCriticalSection
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
lstrcmpiW
LoadLibraryA
GetProcAddress
FreeLibrary

user32

GetClassNameW
GetMenuState
GetMenuItemCount
PostThreadMessageW
HiliteMenuItem
GetUserObjectInformationW
EndMenu
GetShellWindow
EndPaint
GetUpdateRgn
RegisterClassExA
GetWindowDC
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
SystemParametersInfoW
TranslateMessage
RegisterClassExW
GetClipboardData
GetDCEx
ReleaseDC
DefWindowProcA
DefMDIChildProcW
SetThreadDesktop
DefDlgProcA
DefMDIChildProcA
RegisterClassW
CallWindowProcA
CallWindowProcW
MapVirtualKeyW
GetSystemMetrics
CloseDesktop
CharLowerW
CharLowerBuffA
GetKeyboardState
ToUnicode
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
OpenWindowStationW
ExitWindowsEx
GetMenuItemRect
FillRect
GetProcessWindowStation
GetDC
DrawEdge
TrackPopupMenuEx
EqualRect
PrintWindow
GetCursorPos
GetIconInfo
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetKeyboardState
DefWindowProcW
DefFrameProcW
RegisterClassA
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetSubMenu
OpenDesktopW
MenuItemFromPoint
GetMenu
SwitchDesktop
DrawIcon
IsRectEmpty
GetWindowThreadProcessId
GetMessagePos
MapWindowPoints
SendMessageW
ReleaseCapture
IsWindow
SendMessageTimeoutW
IntersectRect

advapi32

ConvertSidToStringSidW
IsWellKnownSid
GetLengthSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
RegEnumKeyExW
EqualSid
InitiateSystemShutdownExW

shlwapi

PathQuoteSpacesW
PathRemoveBackslashW
PathIsURLW
StrCmpNIW
StrStrIW
StrStrIA
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRemoveFileSpecW
PathRenameExtensionW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

SetViewportOrgEx
GdiFlush
CreateDIBSection
SetRectRgn
SaveDC
RestoreDC
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

WSAEventSelect
getpeername
listen
WSASetLastError
freeaddrinfo
socket
bind
recv
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
setsockopt
getsockname
accept
WSASend
closesocket
send

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31e4b384da914f71af0fe0c8ef661ce6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 6KB