7c90255dee59df16e7b1d64cca4c5adca724e54c857a7d19e12b36c1f53e0e57

Sharing

Copy URL Twitter E-mail

General

Target

7c90255dee59df16e7b1d64cca4c5adca724e54c857a7d19e12b36c1f53e0e57
Size

221KB
MD5

44b9e09067589c773b4ff2618ba24bb0
SHA1

1f75ffc359c9cc8496e82ba5c06cdfad97bdbb6e
SHA256

7c90255dee59df16e7b1d64cca4c5adca724e54c857a7d19e12b36c1f53e0e57
SHA512

68e3fc2b365d55c9083ac26785e16934c003419ef6ac4b7bdc57441f22712c25c51dcea38e9598593c40c85db78f90b763264b5466796d2356aaebd4b124cc72
SSDEEP

6144:VmM6qqDLNz6Ei0DAni3wO6Hjoo8Q1xWTG35HztjGuSAtv5wXL:VmMPqnN3i0DmoLQoo8NTGJTVBtRwXL

Score

N/A

Malware Config

Signatures

Files

7c90255dee59df16e7b1d64cca4c5adca724e54c857a7d19e12b36c1f53e0e57
.exe windows x86

6b73efe9f2f518f9f05ef474fc692fd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
WaitForMultipleObjects
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
WriteProcessMemory
CreateThread
ExpandEnvironmentStringsW
HeapFree
GetUserDefaultUILanguage
GetLocalTime
ReadFile
SetThreadContext
GetProcessId
GetFileAttributesExW
SetHandleInformation
CreatePipe
GlobalLock
GlobalUnlock
GetCommandLineW
SetErrorMode
GetComputerNameW
GetVersionExW
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetNativeSystemInfo
GetModuleHandleA
CreateRemoteThread
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
Thread32Next
lstrcpynW
HeapCreate
HeapDestroy
ReadProcessMemory
VirtualFreeEx
WideCharToMultiByte
Thread32First
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
GetThreadContext
VirtualFree
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
LoadLibraryW
CreateDirectoryW
FreeLibrary
ExitProcess
LocalFree
GetCurrentThreadId
lstrcmpiW
GetSystemTime
ResetEvent
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsGetValue
EnterCriticalSection
GetProcAddress
MoveFileExW
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
OpenEventW
CreateEventW
ExitThread
GetTickCount
SetEvent
DeleteFileW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
Sleep
OpenProcess
WaitForSingleObject
GetModuleFileNameW

user32

SetCapture
GetParent
GetClassLongW
GetCapture
SetCursorPos
GetAncestor
PeekMessageA
SetWindowPos
GetCursorPos
IsWindow
ReleaseCapture
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
LoadImageW
GetWindowRect
WindowFromPoint
TranslateMessage
GetWindowLongW
CharLowerA
PeekMessageW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
HiliteMenuItem
DispatchMessageW
CharToOemW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
GetMessageA
ExitWindowsEx
GetSystemMetrics
ToUnicode
GetClipboardData
GetKeyboardState
GetKeyboardLayoutList
MessageBoxA
DrawIcon
GetIconInfo
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
SwitchDesktop
DefMDIChildProcW
GetMenuItemCount
DefDlgProcA
MsgWaitForMultipleObjects
DefMDIChildProcA
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
RegisterClassW
CallWindowProcA
EndMenu
CallWindowProcW
DefFrameProcW
RegisterClassA
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
CharLowerW
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
GetShellWindow
GetWindow
MapVirtualKeyW
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
CharLowerBuffA
GetTopWindow

advapi32

RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
EqualSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
FreeSid
RegOpenKeyExW
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
RegEnumKeyW
CreateProcessAsUserA
IsWellKnownSid
GetLengthSid
RegEnumKeyExW
ConvertSidToStringSidW

shlwapi

PathCombineW
PathQuoteSpacesW
StrStrIW
StrStrIA
PathIsURLW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathUnquoteSpacesW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRenameExtensionW
StrCmpNIW
PathRemoveFileSpecW
PathRemoveBackslashW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateDIBSection
SaveDC

ws2_32

send
closesocket
WSASetLastError
freeaddrinfo
socket
bind
recv
sendto
recvfrom
getpeername
inet_addr
WSASend
gethostbyname
WSAEventSelect
WSAIoctl
listen
accept
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAAddressToStringW
connect
setsockopt

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetSetOptionA
HttpAddRequestHeadersW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetSetStatusCallbackA
HttpEndRequestW
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
HttpOpenRequestW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetCrackUrlA
InternetOpenA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b73efe9f2f518f9f05ef474fc692fd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 208KB - Virtual size: 207KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 208KB - Virtual size: 207KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB