f5035cd720c297a196344ed49ba7915b022b356b154ec92c8df1b2c57e1052e8

Sharing

Copy URL

Twitter E-mail

General

Target

f5035cd720c297a196344ed49ba7915b022b356b154ec92c8df1b2c57e1052e8
Size

273KB
MD5

15c7650d46e19c0ae55dbea8d3ecc940
SHA1

cfcbffcff0fddcde3419523976ea51da23dcd545
SHA256

f5035cd720c297a196344ed49ba7915b022b356b154ec92c8df1b2c57e1052e8
SHA512

a2b9548bdf6b9e4bee0c419da7cf772fd1c0f032231397bf3be103b4b38b39ea1dc817a172ee398fc2e5bc5e8e846b5ee78112b26e99f7cbc556baf793954c33
SSDEEP

6144:D7h5/pz9wkWtQvMIangc2+UvQ/KpmOq02:D7TNeIK6vQ/Kp0

Score

N/A

Malware Config

Signatures

Files

f5035cd720c297a196344ed49ba7915b022b356b154ec92c8df1b2c57e1052e8
.exe windows x86

f3f42da3b8b86b86a9f4301e07e217d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
CloseServiceHandle
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitiateShutdownW
ControlService
OpenServiceW
OpenSCManagerW
CloseTrace
RegOpenKeyExW
OpenProcessToken
CheckTokenMembership
CreateWellKnownSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
DuplicateTokenEx
DuplicateToken
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegQueryValueExW
GetTokenInformation
StartTraceW
EnableTrace
ControlTraceW

kernel32

SetThreadPreferredUILanguages
OpenProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetUserDefaultLCID
GetLocaleInfoW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
ExpandEnvironmentStringsW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetWindowsDirectoryW
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
GetVolumeInformationW
MoveFileExW
DeviceIoControl
FindFirstFileW
FindNextFileW
GetTimeZoneInformation
FormatMessageW
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CloseHandle
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetSystemTimeAsFileTime
GlobalFree
GetCommandLineW
WaitForSingleObject
GetLastError
SetEvent
CreateThread
CreateEventW
LocalFree
CreateDirectoryW
DeleteFileW
GetFileAttributesW
CreateProcessW
FreeLibrary
RegisterApplicationRestart
GetCurrentProcess
HeapSetInformation
LoadLibraryExW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
FindClose
EncodePointer
SetErrorMode
InitializeCriticalSection
DeleteCriticalSection
DecodePointer
SetLastError
GetProcAddress
CreateFileW

gdi32

SetLayout
CreateCompatibleDC
SetTextColor
SetBkMode
DeleteObject
GetDeviceCaps
CreateDIBSection
ExtTextOutW
SetBkColor
DeleteDC
GdiFlush
SelectObject
CreateFontIndirectW

user32

GetDesktopWindow
CopyRect
SetWindowPos
GetWindowThreadProcessId
SendMessageTimeoutW
EnumWindows
GetWindowTextW
BeginPaint
GetWindowRect
MapWindowPoints
EndPaint
GetAncestor
GetClassNameW
GetDlgItemTextW
MessageBoxW
SetDlgItemTextW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx
LoadStringW
SystemParametersInfoW
LoadIconW
SetForegroundWindow
DialogBoxParamW
DestroyWindow
ShowWindow
CreateDialogParamW
ReleaseDC
GetDC
RegisterWindowMessageW
CallWindowProcW
SendMessageW
SetWindowLongW
GetDlgItem
GetKeyState
SetClassLongW
GetSysColorBrush
EndDialog
GetClientRect
UpdateWindow
SetFocus
GetWindowLongW
IsWindow
SetWindowTextW
GetParent
PostMessageW
EnableWindow
GetSystemMetrics
GetSysColor
InflateRect
DrawFrameControl
OffsetRect

msvcrt

memset
_wcsicmp
_wcsnicmp
??2@YAPAXI@Z
wcschr
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
_initterm
??3@YAXPAX@Z
_vscwprintf
iswspace
memmove
_vsnwprintf
memcpy
strchr

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetStockIconInfo

ole32

CoInitializeSecurity
CoTaskMemRealloc
CLSIDFromString
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString

comctl32

ord344
ImageList_Create
ImageList_Add
ImageList_Destroy
ImageList_AddMasked
InitCommonControlsEx
ord345
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream
NtShutdownSystem
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlGetLastNtStatus
RtlNtStatusToDosError
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
WinSqmAddToStreamEx
EtwTraceMessage

srcore

SrFreeRestoreStatus
SrFreeRpPropArray

spp

SppFreeExternalGroupPropArray
SxTracerGetThreadContextRetail
SxTracerDebuggerBreak
SxTracerShouldTrackFailure

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3f42da3b8b86b86a9f4301e07e217d4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

ole32

oleaut32

comctl32

ntdll

srcore

spp

Sections

.text Size: 143KB - Virtual size: 143KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 24KB - Virtual size: 27KB

.text
Size: 143KB - Virtual size: 143KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 24KB - Virtual size: 27KB