670052b5340debd201a6642c3c33b4eb2fad2f39a452d939c2e215eb3e9ca1c8

Sharing

Copy URL Twitter E-mail

General

Target

670052b5340debd201a6642c3c33b4eb2fad2f39a452d939c2e215eb3e9ca1c8
Size

126KB
MD5

3fbe6805fb9bb9312a5044cb159395ac
SHA1

148ab43f6cdcb629f215020572dc5cc16404fe0e
SHA256

670052b5340debd201a6642c3c33b4eb2fad2f39a452d939c2e215eb3e9ca1c8
SHA512

6b0937915def8fafb0643955244e9a88ea3f60b81dac26551a36f02553f847701220a1edaf14b02d7d1a8d1c54e269804098bc69147ad38c5318187bf3979faf
SSDEEP

3072:ccqlewIroNcrlIXlPTo0Sx/MsuJbi8KpQv:fqlewI8OJkTzSxkXb1K4

Score

N/A

Malware Config

Signatures

Files

670052b5340debd201a6642c3c33b4eb2fad2f39a452d939c2e215eb3e9ca1c8
.exe windows x86

51de79c9a1a0a0c31ceae1f467564449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CreateMutexW
OpenMutexW
GetLastError
GlobalLock
GlobalAlloc
GlobalFree
FindResourceW
LoadResource
SizeofResource
LockResource
InterlockedDecrement
GetComputerNameW
GetLocaleInfoW
lstrcpyW
FindFirstFileW
SetFilePointer
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
GetLogicalDrives
WriteFile
FileTimeToSystemTime
ReadFile
CreateFileW
GetFileSizeEx
FindClose
ResetEvent
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
CreateToolhelp32Snapshot
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
FlushFileBuffers
HeapReAlloc
GetConsoleMode
GetConsoleCP
LoadLibraryW
SetErrorMode
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
Process32NextW
Process32FirstW
ReadProcessMemory
OpenProcess
LocalFree
CreateEventW
LocalAlloc
GetTempPathW
TerminateProcess
SetSystemPowerState
SetEvent
GetCurrentProcess
GetTempFileNameW
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetStdHandle
lstrlenW
GetModuleFileNameW
CopyFileW
GetSystemDirectoryW
CreateDirectoryW
GetModuleHandleW
MoveFileExW
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
CreateThread
ResumeThread
CloseHandle
IsProcessorFeaturePresent
ExitProcess
GetProcAddress
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
DecodePointer
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
TerminateThread

user32

GetClientRect
SetWindowsHookExW
ExitWindowsEx
GetDlgCtrlID
GetDesktopWindow
GetWindowTextLengthW
GetDC
GetSysColorBrush
SetWindowPos
DispatchMessageW
DefWindowProcW
SetWindowTextW
UpdateWindow
SendMessageW
CreateWindowExW
ShowWindow
GetSysColor
EndDialog
GetDlgItem
DialogBoxParamW
GetWindowTextW
FlashWindowEx
LoadIconW
RegisterClassExW
TranslateMessage
LoadCursorW
GetWindowRect
GetMessageW
EnumDisplaySettingsW
GetSystemMetrics
PostQuitMessage
wsprintfW
EnumDisplayDevicesW
SendInput
CallNextHookEx
UnhookWindowsHookEx
SetCursorPos
ReleaseDC

gdi32

GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
SetTextColor
SetBkColor
CreateFontW
GetStockObject
StretchBlt

advapi32

InitializeAcl
RegDeleteValueW
GetUserNameW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
CreateWellKnownSid
AdjustTokenPrivileges
SetKernelObjectSecurity
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AddAccessDeniedAce
InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
RegCloseKey
RegCreateKeyW

shell32

SHGetFolderPathW
SHFileOperationW
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString

urlmon

URLDownloadToFileW

gdiplus

GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdipCreateBitmapFromGdiDib
GdipFree
GdipSaveImageToStream
GdiplusStartup
GdiplusShutdown
GdipAlloc

ws2_32

inet_ntoa
send
closesocket
recv
htons
WSAGetLastError
connect
GetAddrInfoW
WSACleanup
inet_addr
WSAStartup
FreeAddrInfoW
socket

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleInformation

shlwapi

ord12

powrprof

SetSuspendState

comctl32

InitCommonControlsEx

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51de79c9a1a0a0c31ceae1f467564449

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

gdiplus

ws2_32

psapi

shlwapi

powrprof

comctl32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB