0f56f9f92543921f3f758ec94787f090c128298d069410071d80f381b96d140f

Sharing

Copy URL

Twitter E-mail

General

Target

0f56f9f92543921f3f758ec94787f090c128298d069410071d80f381b96d140f
Size

269KB
MD5

538ec551581a30d3fa77f907f3259110
SHA1

724140be4c86154f69b552233dd625ea46fa60c8
SHA256

0f56f9f92543921f3f758ec94787f090c128298d069410071d80f381b96d140f
SHA512

dd263c11db8544d789a8254a23d24b5a74412d6c9c444d6c0a92a342508a8fc840e5e0084e1d39015a55adac2dc5d21cebd507f674d82830ee94b9c7b26f37cc
SSDEEP

6144:8dWTBJgjdeusIAeCw6/XcRqUz9B/7erlv08tNdU+2Opv8bxz0sk:8dWTrg0TIFC/eT/6JJ12O+Vz0sk

Score

N/A

Malware Config

Signatures

Files

0f56f9f92543921f3f758ec94787f090c128298d069410071d80f381b96d140f
.exe windows x86

391eb2f87de775c56acbf1002c694e7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtTerminateProcess
LdrGetDllHandle
NtQueryInformationProcess
RtlUnwind
LdrLoadDll

kernel32

CreateFileMappingW
ResumeThread
GetComputerNameW
GetVolumeNameForVolumeMountPointW
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
CreateProcessW
lstrcmpA
lstrcmpiA
WriteFile
FlushFileBuffers
VirtualFree
LoadLibraryA
GetTempFileNameW
MoveFileExW
GetFileAttributesW
IsBadReadPtr
VirtualAllocEx
DosDateTimeToFileTime
ReadFile
GetTempPathW
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
CreateRemoteThread
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
TlsAlloc
TlsFree
GetDriveTypeW
GetSystemDefaultUILanguage
GetLogicalDrives
GetProcessTimes
CreateFileW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
GetExitCodeThread
CreateMutexW
OpenMutexW
ReleaseMutex
GlobalLock
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
UnregisterWait
RegisterWaitForSingleObject
GetHandleInformation
GetProcessId
GetEnvironmentVariableW
Thread32First
Thread32Next
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
SetEndOfFile
SetFilePointerEx
SetFileTime
GetFileTime
DeleteFileW
GetFileInformationByHandle
InterlockedIncrement
InterlockedDecrement
FileTimeToDosDateTime
lstrcpynA
FileTimeToLocalFileTime
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetVersionExW
GetNativeSystemInfo
lstrcpyA
GetSystemTime
TerminateThread
FindNextFileW
FindClose
SetLastError
FindFirstFileW
lstrcpyW
lstrcmpW
WTSGetActiveConsoleSessionId
LoadLibraryW
CreateDirectoryW
FreeLibrary
ExpandEnvironmentStringsW
lstrlenW
GetProcAddress
SetThreadPriority
GetCurrentThread
ResetEvent
TlsSetValue
TlsGetValue
GetTickCount
GetLastError
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
lstrcatW
lstrcmpiW
GetModuleFileNameW
VirtualFreeEx
GetModuleHandleW
SetErrorMode
GetCommandLineW
ExitProcess
CreateThread
lstrlenA
CloseHandle
WaitForMultipleObjects
CreateEventW
Sleep
SetEvent
WaitForSingleObject
TryEnterCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
OutputDebugStringA

user32

GetIconInfo
GetCursorPos
GetKeyboardState
ToUnicode
MsgWaitForMultipleObjects
PeekMessageW
DrawIcon
LoadCursorW
CharToOemW
ExitWindowsEx
PostQuitMessage
DispatchMessageW
TranslateMessage
CharLowerW
CharLowerA
GetSystemMetrics
GetLastInputInfo
CharUpperW
GetClipboardData

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
InitiateSystemShutdownExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGetKeyParam
CryptVerifySignatureW
EqualSid
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid

shlwapi

StrCmpNA
StrChrA
StrCmpNIA
ord14
PathSkipRootW
PathUnquoteSpacesW
StrRChrA
PathGetDriveNumberW
PathQuoteSpacesW
StrStrIW
UrlUnescapeA
PathFindExtensionW
StrChrW
PathIsDirectoryW
StrCmpIW
StrCmpNW
wvnsprintfA
wvnsprintfW
PathRemoveBackslashW
PathAddBackslashW
PathFindFileNameW
PathRemoveExtensionW
PathRenameExtensionW
PathMatchSpecW
StrCmpNIW
PathRemoveFileSpecW
PathAddExtensionW
PathIsURLW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

DecryptMessage
DeleteSecurityContext
GetUserNameExW
EncryptMessage

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoSetProxyBlanket
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeSecurity

gdi32

BitBlt
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

select
shutdown
getaddrinfo
recv
bind
connect
sendto
getsockname
getservbyname
WSACloseEvent
recvfrom
WSAIoctl
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
FreeAddrInfoW
WSARecv
WSASend
WSAGetOverlappedResult
GetAddrInfoW
gethostbyname
getpeername
WSACleanup
socket
freeaddrinfo
WSASetLastError
closesocket
send
listen
accept
WSAGetLastError
WSAStartup

crypt32

CryptUnprotectData
PFXImportCertStore
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcrt

_except_handler3
_errno
memcpy
memcmp
memset
memchr
_purecall
strcmp
_vsnwprintf
_vsnprintf
_ultow
memmove
strtoul

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

391eb2f87de775c56acbf1002c694e7c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

version

msvcrt

Sections

.text Size: 253KB - Virtual size: 253KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 253KB - Virtual size: 253KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 13KB - Virtual size: 13KB