a2836938ccaf2e51a4977d596cfd56d3bf702754e83db98fadbec02c866dcaea

Sharing

Copy URL

Twitter E-mail

General

Target

a2836938ccaf2e51a4977d596cfd56d3bf702754e83db98fadbec02c866dcaea
Size

3.2MB
MD5

bac7653939d4b05299a8d9ca9e11178a
SHA1

9d842ea11cab959747489de4d8c1e32637dd25ab
SHA256

a2836938ccaf2e51a4977d596cfd56d3bf702754e83db98fadbec02c866dcaea
SHA512

ce6056b3b60e421df15dfd79e20d50748364b5d04f8947cccd226da1e612241dfe372fb9effeb4f48fccdc44e2ca8ac6b97dbe9b9e68960bd6eedff3a651179b
SSDEEP

49152:XPb00VBcOecqC2+dlGE8Fp2ZqcUPjcGVwpWOCy3ReHpa5tj4l:XPDB8cqC2/E8FpQUrc6oRYl

Score

N/A

Malware Config

Signatures

Files

a2836938ccaf2e51a4977d596cfd56d3bf702754e83db98fadbec02c866dcaea
.exe windows x86

dda569c712288b599acbea1e31adfa4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetStdHandle
LCMapStringA
RtlUnwind
CreateThread
ExitThread
GetLogicalDrives
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
TlsSetValue
OpenEventA
TlsGetValue
GetLastError
TlsAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LocalAlloc
SetFileTime
CreateFileA
FormatMessageA
HeapReAlloc
GetTimeFormatA
UnlockFileEx
GetTickCount
GetFullPathNameA
DeleteFileA
AreFileApisANSI
HeapValidate
GetDateFormatA
LoadLibraryA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
EnterCriticalSection
InterlockedExchange
FreeLibrary
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
WriteFile
FlushFileBuffers
LocalFree
GetVersion
GlobalLock
GlobalUnlock
GlobalAlloc
SetFilePointer
ReadFile
SetFilePointerEx
DeviceIoControl
GetCompressedFileSizeW
LockFile
HeapCreate
GetTempPathA
UnlockFile
GetFileAttributesA
InterlockedCompareExchange
GetCurrentProcessId
HeapDestroy
LockFileEx
HeapSize
UnmapViewOfFile
MapViewOfFile
lstrcmpA
lstrlenA
SetEndOfFile
MoveFileExW
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
GetCurrentThread
GetUserDefaultLangID
FindClose
OutputDebugStringA
GetLocalTime
BackupSeek
GetModuleFileNameA
GetSystemTimeAsFileTime
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
BackupRead
GetFileSize
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualProtect
GetModuleHandleA
CompareStringA
GetDiskFreeSpaceA
RaiseException
SetLastError
GetCurrentThreadId
LeaveCriticalSection
CreateEventA
WaitForSingleObject
GetCurrentProcess
ResetEvent
OpenProcess
FlushInstructionCache
HeapFree
GetProcessHeap
CloseHandle
HeapAlloc
SetEvent
TlsFree
TerminateProcess

advapi32

CopySid
OpenProcessToken
GetTokenInformation
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeNameW
RegNotifyChangeKeyValue
DuplicateToken
GetFileSecurityW
AccessCheck
MapGenericMask
AdjustTokenPrivileges
LookupPrivilegeValueW
AllocateAndInitializeSid
GetSidSubAuthority
OpenThreadToken
EqualSid
FreeSid
LookupAccountSidW
GetLengthSid
RegCloseKey
LookupAccountNameW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount

user32

DrawEdge
SetWindowPos
EndDialog
GetParent
GetWindow
GetDesktopWindow
UnregisterClassA
SetClipboardData
CharLowerA
CloseClipboard
EmptyClipboard
OpenClipboard
ExitWindowsEx
WaitForInputIdle
MonitorFromWindow
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
GetMenuItemID
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
SetMenuDefaultItem
PostQuitMessage
IsZoomed
SetActiveWindow
LockWindowUpdate
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
GetScrollPos
ScrollWindowEx
SetScrollInfo
SetScrollPos
GetScrollInfo
SetRectEmpty
SetCursorPos
UpdateWindow
IsWindowEnabled
GetSystemMetrics
IsChild
MoveWindow
ChildWindowFromPoint
DispatchMessageA
DestroyMenu
GetMessageA
GetSysColorBrush
CreatePopupMenu
GetDlgCtrlID
MsgWaitForMultipleObjects
EnableMenuItem
GetSystemMenu
BringWindowToTop
GetMessagePos
GetCursorPos
KillTimer
SetTimer
DestroyWindow
TranslateMessage
GetWindowDC
GetIconInfo
TrackPopupMenu
IsWindow
DrawFocusRect
DestroyCursor
DestroyIcon
FrameRect
FillRect
ScreenToClient
CopyRect
GetFocus
GetKeyState
GetSysColor
OffsetRect
InflateRect
ReleaseDC
GetDC
SetCapture
GetCapture
SetRect
SetCursor
PtInRect
EndPaint
ReleaseCapture
WindowFromPoint
BeginPaint
ClientToScreen
InvalidateRect
RedrawWindow
SetFocus
IsIconic
EnumWindows
SetForegroundWindow
OpenIcon
ShowWindow
IsWindowVisible
GetActiveWindow
GetWindowRect
GetDlgItem
MapWindowPoints
GetClientRect

gdi32

Ellipse
GetClipBox
CreatePatternBrush
CreateBitmap
PatBlt
CreateDIBSection
GetDeviceCaps
GetStockObject
RestoreDC
SaveDC
StrokeAndFillPath
EndPath
CreatePen
BeginPath
CreateRectRgn
LineTo
MoveToEx
CreateSolidBrush
ExcludeClipRect
SelectClipRgn
GetClipRgn
CombineRgn
SetBkColor
CreateRectRgnIndirect
GetDIBColorTable
StretchBlt
BitBlt
SetTextColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
CreateCompatibleDC

rpcrt4

UuidFromStringA

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemRealloc
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
CoTaskMemAlloc
DoDragDrop
CoInitializeSecurity
PropVariantClear
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromString
CoSetProxyBlanket
CoTaskMemFree
RegisterDragDrop

oleaut32

SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
VarUI4FromStr
VariantClear
VarBstrFromR8
SysAllocString
VariantTimeToSystemTime

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathRemoveArgsW
PathUnquoteSpacesW
PathCombineW
PathRemoveExtensionA
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
PathRemoveBackslashW
PathCompactPathW
PathMatchSpecW
PathFindExtensionW
PathIsRelativeW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathIsUNCW
PathStripPathA
PathIsURLW
PathCreateFromUrlW
StrRetToStrW
PathFindFileNameW
PathIsDirectoryEmptyW
SHStrDupW

comctl32

ImageList_Destroy
ImageList_Replace
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_Duplicate
ImageList_Remove
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

crypt32

CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose

wintrust

WinVerifyTrust

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 157KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 505KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dda569c712288b599acbea1e31adfa4c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

rpcrt4

ole32

oleaut32

shlwapi

comctl32

wtsapi32

netapi32

crypt32

wintrust

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 594KB - Virtual size: 593KB

.data Size: 157KB - Virtual size: 177KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 505KB - Virtual size: 508KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 594KB - Virtual size: 593KB

.data
Size: 157KB - Virtual size: 177KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 505KB - Virtual size: 508KB