ba4afb5de2dd5dc739aeff5f631a3480f2fbd29e652e832efbef4b1aa06f0137

Sharing

Copy URL

Twitter E-mail

General

Target

ba4afb5de2dd5dc739aeff5f631a3480f2fbd29e652e832efbef4b1aa06f0137
Size

588KB
MD5

e16b70b1511c14e0edc63915ce1644e6
SHA1

0161cf33e2b5411f60173716d532c13ed85b6ad3
SHA256

ba4afb5de2dd5dc739aeff5f631a3480f2fbd29e652e832efbef4b1aa06f0137
SHA512

b0db013a67eb9ec818b9c6e58ef6f6dad2a240001093338a93d72eb00e4f89e2310d12995113807ab538bd1ca0d64550614355c4afca45482228222e42a904b1
SSDEEP

6144:doJZ/3vvcwdPTWFoamGI17U0VIg93Z0EmBf+4Cfhok5ArnI+dwq7CiJzecD6h0Ey:ujhx95LWIJqG+rJ

Score

N/A

Malware Config

Signatures

Files

ba4afb5de2dd5dc739aeff5f631a3480f2fbd29e652e832efbef4b1aa06f0137
.exe windows x86

4edf9dbe9913726c72baffcb43120687

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CreateEventA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
SystemTimeToFileTime
QueryPerformanceFrequency
GetSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetDiskFreeSpaceA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
LoadLibraryA
lstrcmpiA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStringA
SetEvent
CreateThread
Sleep
GetCurrentThreadId
GetCommandLineA
SetErrorMode
GetShortPathNameA
GetModuleHandleA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
OpenEventA
SetFilePointer
ReadFile
LockResource
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
GetCurrentProcess
GetVersionExA
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
SetFileTime
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
RemoveDirectoryA
WideCharToMultiByte
CloseHandle
GetFileAttributesA
MoveFileA
DeleteFileA
CopyFileA
CreateDirectoryA
GetACP
SetLastError
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
CreateFileA
lstrcpyA
MultiByteToWideChar
lstrlenA
GetLastError
HeapSize
GetCPInfo
HeapReAlloc
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadCodePtr
VirtualAlloc
VirtualFree
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
TlsAlloc
TlsGetValue
HeapAlloc
ExitProcess
HeapFree
GetStartupInfoA
ExitThread
GetVersion
RaiseException
RtlUnwind
TlsSetValue
GetCurrentThread
TerminateProcess
InterlockedExchange
LCMapStringA
CreateFileMappingA
MapViewOfFile
ResetEvent
lstrcpynA
SearchPathA
VirtualQuery
QueryPerformanceCounter
GetOEMCP
UnmapViewOfFile
VirtualProtect

user32

GetDesktopWindow
PostThreadMessageA
wsprintfA
CharLowerBuffA
CharNextA
DispatchMessageA
GetMessageA
LoadStringA
TranslateMessage
ExitWindowsEx
CharUpperA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumValueA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
OpenThreadToken
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegCloseKey
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

StringFromCLSID
CoUninitialize
CoGetClassObject
ProgIDFromCLSID
OleSaveToStream
WriteClassStm
CLSIDFromString
CoTaskMemFree
CoTreatAsClass
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StgOpenStorage
StgCreateDocfile
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
OleLoadFromStream

oleaut32

RegisterTypeLi
LoadTypeLi
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayCopy
SafeArrayGetLBound
SysAllocStringByteLen
VariantChangeType
SafeArrayDestroy
SafeArrayPutElement
CreateErrorInfo
LoadRegTypeLi
SysReAllocStringLen
VariantCopyInd
SetErrorInfo
VariantInit
SysAllocString
VariantCopy
SysAllocStringLen
VariantClear
SysStringLen
SysFreeString
SafeArrayCreate
SafeArrayGetElement
SysStringByteLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4edf9dbe9913726c72baffcb43120687

Headers

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 424KB - Virtual size: 421KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 16KB - Virtual size: 105KB

.rsrc Size: 56KB - Virtual size: 55KB

.text
Size: 424KB - Virtual size: 421KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 16KB - Virtual size: 105KB

.rsrc
Size: 56KB - Virtual size: 55KB