1a8077d87a63137f157448c2e045c6c28e17c92d0fcba7242bedcf85ef1258d9

Sharing

Copy URL

Twitter E-mail

General

Target

1a8077d87a63137f157448c2e045c6c28e17c92d0fcba7242bedcf85ef1258d9
Size

2.8MB
MD5

b7819ca99bb7ea097b61113f0ab6e7e5
SHA1

f9ee8b46af06ff22a1aa4ccf43be27a0d64858ed
SHA256

1a8077d87a63137f157448c2e045c6c28e17c92d0fcba7242bedcf85ef1258d9
SHA512

bfc012c1dc0b0fb3199a343957a46ce855b89d2b8336e8ecb3d142fa167904b60c3a7112de8969968c4e79bd549b65383745558647bd5831a735ff1de73916f9
SSDEEP

49152:oMlpCDaGHVnHNf+bqOhrXXw9nGZEw01G4feSPbVkwTTKWF3W:oMloGGlNfg3hrXg9GHEVk

Score

N/A

Malware Config

Signatures

Files

1a8077d87a63137f157448c2e045c6c28e17c92d0fcba7242bedcf85ef1258d9
.exe windows x86

6dc589c58fd939d86258ca49a8ac2573

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
ExitProcess
GetTickCount
LoadLibraryW
FreeLibrary
CreateDirectoryW
ReadFile
FindFirstFileW
GetCommandLineW
FindNextFileW
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
PeekNamedPipe
FindClose
GetFileAttributesExW
GetCurrentDirectoryW
IsBadReadPtr
VirtualQuery
FileTimeToSystemTime
GetSystemTimeAsFileTime
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryA
SetLastError
InitializeCriticalSection
EnterCriticalSection
HeapCreate
IsDebuggerPresent
CreateEventW
CloseHandle
CreateThread
WaitForSingleObject
SetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
Sleep
DeleteFileW
GetProcessHeap
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleOutputCP
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WaitForMultipleObjects
MapViewOfFileEx
CreateFileMappingW
GetModuleHandleW
GetFileSize
GetProcAddress
LeaveCriticalSection
CreateFileW
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
EncodePointer
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
VerSetConditionMask
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
SystemTimeToFileTime
HeapFree
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ResetEvent
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetNativeSystemInfo
CreateSemaphoreW
SwitchToThread
GetCurrentProcessId
GetEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentVariableW
ConvertFiberToThread
QueryPerformanceCounter
FormatMessageW
DeleteFiber
WriteFile
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc

user32

MonitorFromWindow
DefWindowProcW
MessageBoxW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
GetClassInfoW
RegisterClassW
LoadIconW
LoadCursorW
GetDesktopWindow
LoadImageW
GetDC
ReleaseDC
MsgWaitForMultipleObjects
PeekMessageW
LoadStringW

gdi32

CreateFontIndirectW
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject

advapi32

CryptEncrypt
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptHashData
CryptImportKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked

crypt32

CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetCertificateContextProperty
CertFreeCertificateChain

wldap32

ord33
ord32
ord27
ord26
ord79
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord30
ord35
ord301
ord22
ord200

ws2_32

ntohs
WSAGetLastError
htons
setsockopt
ioctlsocket
sendto
freeaddrinfo
htonl
getsockopt
WSAAddressToStringW
send
getsockname
getpeername
getaddrinfo
WSAStringToAddressW
WSASetLastError
shutdown
ntohl
closesocket
WSAIoctl
connect
socket
WSAStartup
bind
WSACleanup
WSAEnumNetworkEvents
recv
gethostname
select
__WSAFDIsSet
inet_pton
accept
recvfrom
listen
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents

shlwapi

StrChrW
StrPBrkW

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod
timeGetDevCaps

gdiplus

GdipCreateBitmapFromFile
GdipGetImageWidth
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 957KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dc589c58fd939d86258ca49a8ac2573

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

crypt32

wldap32

ws2_32

shlwapi

winmm

gdiplus

bcrypt

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 957KB - Virtual size: 957KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 957KB - Virtual size: 957KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 80KB - Virtual size: 79KB