619b526f663b1b8ed107711baad64ecaba1b9b2b096332b08a24a716d5b25cda

Sharing

Copy URL Twitter E-mail

General

Target

619b526f663b1b8ed107711baad64ecaba1b9b2b096332b08a24a716d5b25cda
Size

176KB
MD5

6c14fb2a38d62e787d684d2fdb30e185
SHA1

f8dafd973306d7c219c38f141cc476537cd20251
SHA256

619b526f663b1b8ed107711baad64ecaba1b9b2b096332b08a24a716d5b25cda
SHA512

19a2fcad1866f258b5b781cbef3d039813247a3f5951b08852e82a5deefef2c8e05f593c60d08774b6156ddd30fc616b6186823082820717f7c9f5179430b0fa
SSDEEP

3072:D0xC/MuDqrLpgUeYnikIlnMIejH11M6gibHKOHD5Ilg9xceheyHM:YxCVqRn6qVi6eOj5agfcehey

Score

N/A

Malware Config

Signatures

Files

619b526f663b1b8ed107711baad64ecaba1b9b2b096332b08a24a716d5b25cda
.exe windows x86

69c4e21726596723ec540ba03d7aab91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
SetLastError
GetSystemInfo
OpenEventA
SetErrorMode
lstrcpyW
WinExec
lstrcmpiA
Process32Next
Process32First
Module32Next
Module32First
GetModuleHandleA
GetCurrentThreadId
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
HeapAlloc
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
CancelIo
CreateEventA
InterlockedExchange
lstrcpyA
ResetEvent
Sleep
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
HeapFree
GetLocalTime
ExitProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
FindFirstFileA
GetCurrentProcess
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GlobalMemoryStatusEx

user32

GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
GetCursorInfo
CharNextA
OpenClipboard
SetClipboardData
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ExitWindowsEx
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenWindowStationA
EmptyClipboard
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
BlockInput
DestroyCursor
LoadCursorA
GetAsyncKeyState
wsprintfA
GetMessageA
GetForegroundWindow
GetProcessWindowStation
GetWindowTextA
DispatchMessageA
SetProcessWindowStation
TranslateMessage
IsWindow
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

BuildExplicitAccessWithNameA
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegRestoreKeyA
RegSaveKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
AbortSystemShutdownA
LsaFreeMemory

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

msvcrt

calloc
??1type_info@@UAE@XZ
_strnicmp
_snprintf
_beginthreadex
_mbscmp
_mbsstr
atol
sprintf
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncmp
atoi
realloc
strncat
strncpy
strrchr
_except_handler3
free
strcmp
malloc
strcpy
strcat
strchr
memcmp
strstr
strlen
_ftol
ceil
memmove
memcpy
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
putchar
??2@YAPAXI@Z
memset

shlwapi

SHDeleteKeyA

winmm

waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutWrite
waveOutClose
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInOpen
waveInPrepareHeader
waveInStart
waveInAddBuffer
waveOutUnprepareHeader

ws2_32

htons
gethostbyname
socket
connect
setsockopt
WSAStartup
ntohs
recv
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
WSACleanup
listen
accept
getpeername
bind
inet_addr
inet_ntoa
getsockname
gethostname
send
select
closesocket
WSAIoctl

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

msvfw32

ICSeqCompressFrame
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSFreeMemory
WTSQuerySessionInformationA
WTSDisconnectSession
WTSLogoffSession
WTSQueryUserToken

userenv

CreateEnvironmentBlock

netapi32

NetLocalGroupAddMembers
NetUserDel
NetUserSetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum
NetUserAdd

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69c4e21726596723ec540ba03d7aab91

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

shlwapi

winmm

ws2_32

msvcp60

wininet

msvfw32

wtsapi32

userenv

netapi32

psapi

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 2KB