137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c

Sharing

Copy URL

Twitter E-mail

General

Target

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
Size

550KB
MD5

439efae84238ce54fd613fa3268d4e06
SHA1

b6e6c16bf1b53368f503aaf2e189bba809cec5ee
SHA256

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
SHA512

a9c17968eabdc8fef199c9b255f48c92112f1b5c0d173b3921ed00e23c82a08d47784ebcc00c03c0a3682c4d60e30de43af0911a93f4ccae2e0c59b247b0609d
SSDEEP

6144:u9Mtzp5vblDqMCYghSWYg8aKYEFjdc555WMHSYgIxs6HGSYEU5B3A+Owq:mMtvzlDxihSS8aKQ7yYimFYbbA9wq

Score

N/A

Malware Config

Signatures

Files

137ea5e98932f21acbdc1e465d68fcd80b37d25ef251890b2380c8eb10ac469c
.exe windows x86

fe0f3176428f56cabd1f5e101e84ad46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA

user32

PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
SetWindowContextHelpId
MapDialogRect
GetWindowRect
PtInRect
SetCursor
GetDlgCtrlID
LoadBitmapA
EnableWindow
EndDialog
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetDesktopWindow
MsgWaitForMultipleObjects
SetWindowLongA
GetWindowLongA
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
CharNextA
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
wsprintfA
GetSystemMetrics
UnregisterClassA
LoadImageA
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetGetConnectedState
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetOpenA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpSendRequestA
InternetErrorDlg
HttpQueryInfoA
InternetTimeToSystemTime
InternetReadFile
InternetCloseHandle
InternetTimeFromSystemTime

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

InterlockedExchange
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetStdHandle
CompareStringW
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetEnvironmentVariableA
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetEnvironmentVariableA
GetSystemInfo
GetVersionExA
GetTempPathA
GetThreadLocale
GetSystemTime
OpenEventA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetUnhandledExceptionFilter
CompareStringA
ExitProcess
HeapReAlloc
LoadLibraryA
GetProcAddress
CreatePipe
SetHandleInformation
ReadFile
GetModuleHandleA
LoadLibraryExA
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
lstrlenA
WaitForSingleObject
CloseHandle
lstrcmpA
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
GetLastError
FileTimeToSystemTime
GetFileTime
GetFileSize
CreateFileA
lstrcatA
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LoadResource
CreateFileW

ole32

OleLockRunning
CoGetClassObject
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoUninitialize
CoInitialize
StringFromCLSID
CLSIDFromProgID

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 275KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe0f3176428f56cabd1f5e101e84ad46

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 275KB - Virtual size: 276KB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 275KB - Virtual size: 276KB