ed0c4570d4ee89f01686fca9d3892458567c00ed9ccb65cc6851e36752768304

Sharing

Copy URL

Twitter E-mail

General

Target

ed0c4570d4ee89f01686fca9d3892458567c00ed9ccb65cc6851e36752768304
Size

240KB
MD5

14e9cc44cb78f1cb15a2b4bfda6b29e2
SHA1

7bc81654df4ca0fe8d2d0081d2ab5559ffa0a80c
SHA256

ed0c4570d4ee89f01686fca9d3892458567c00ed9ccb65cc6851e36752768304
SHA512

985f6678022c8038e193a686e5c701dc79ef510fda0e64960523462748d5a3a4a9299737eaad63d3dcec8ed4759015b5e2baefdf93511bada1a7cd9a3dc352c7
SSDEEP

6144:XjO8lIlQb04EC0Wkjrml+xyLy0Ya/OGojd3Ole:XjToY+oL//OGwee

Score

N/A

Malware Config

Signatures

Files

ed0c4570d4ee89f01686fca9d3892458567c00ed9ccb65cc6851e36752768304
.exe windows x86

681de32c63477490cbbbd958ea28484a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCheckConnectionA

urlmon

URLDownloadToFileA

wtsapi32

WTSEnumerateSessionsA

kernel32

GetLocaleInfoA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
IsValidCodePage
GetACP
ExitProcess
HeapSize
HeapReAlloc
VirtualAlloc
RaiseException
RtlUnwind
HeapAlloc
GetStartupInfoA
GetSystemTimeAsFileTime
CreateThread
ExitThread
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GlobalFlags
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcmpA
WriteConsoleA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetCurrentThreadId
lstrlenA
GetCurrentProcessId
InterlockedDecrement
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
SetLastError
GetVersionExA
GetModuleFileNameA
GetExitCodeThread
LoadLibraryA
SetFileAttributesA
MultiByteToWideChar
Sleep
TerminateThread
WideCharToMultiByte
GetCommandLineA
SetEvent
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CloseHandle
Module32Next
CreateToolhelp32Snapshot
GetModuleHandleA
GetSystemInfo
GetConsoleCP
LockResource
CreateFileMappingA
Process32Next
GetProcAddress
lstrcmpiA
GetLastError
Module32First
GlobalUnlock
TerminateProcess
CreateProcessA
CreateEventA
SizeofResource
GlobalAlloc
OpenProcess
GetWindowsDirectoryA
WaitForSingleObject
GlobalLock
Process32First
GetCurrentProcess
LoadResource
FreeResource
FindResourceA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
HeapFree

user32

LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
RegisterWindowMessageA
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetKeyState
PeekMessageA
ValidateRect
SetWindowTextA
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
GetMessageA
SetTimer
KillTimer
TranslateMessage
DispatchMessageA
WaitForInputIdle

gdi32

PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CheckTokenMembership
FreeSid
CryptCreateHash
CryptEncrypt
AllocateAndInitializeSid
CryptAcquireContextA
CryptReleaseContext
GetTokenInformation
CryptDeriveKey
OpenProcessToken

shell32

CommandLineToArgvW
ShellExecuteExA

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

681de32c63477490cbbbd958ea28484a

Headers

DLL Characteristics

File Characteristics

Imports

wininet

urlmon

wtsapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

oleacc

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 31KB - Virtual size: 30KB