ef9a08cab3d4048e18bdafe6c027876dba5da59fcacd3c919a5a71458ac7d40d

Sharing

Copy URL Twitter E-mail

General

Target

ef9a08cab3d4048e18bdafe6c027876dba5da59fcacd3c919a5a71458ac7d40d
Size

343KB
MD5

8de1e2290675ea87fd95ff2edb88f628
SHA1

018dfcfd06c5e4c51b1b8f0dfeaffd8829b48ceb
SHA256

ef9a08cab3d4048e18bdafe6c027876dba5da59fcacd3c919a5a71458ac7d40d
SHA512

80bf7668d1b900e212436a0e9eb76873b76f5a73677dfba4383ffc998ee8a1cde141346ac280b60b59341b33fd3205c66cc08597b725b81b24ee2deb08ff6fd1
SSDEEP

6144:Z47FV5Q1jwBpaOC00jjOotkLhyYDvs9FZQl94Ezr1ynNJssKCTIn:y7FVz3C0kSoMh5DvCFZYuee

Score

N/A

Malware Config

Signatures

Files

ef9a08cab3d4048e18bdafe6c027876dba5da59fcacd3c919a5a71458ac7d40d
.exe windows x86

206502c81343f68f904b2d94c327ccc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
LockResource
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
InitializeCriticalSectionAndSpinCount
lstrlenA
ExitProcess
SetEvent
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
GetCommandLineW
LocalFree
lstrcpyW
FreeResource
GetProcessId
TerminateProcess
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
ReadFile
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
DeleteFileW
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
LoadLibraryW
FindFirstFileW
FindClose
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
SetFilePointer
SetStdHandle
IsValidLocale
EnumSystemLocalesA
LoadLibraryExW
GlobalFree
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapReAlloc
GetConsoleMode
GetConsoleCP
HeapCreate
GetStdHandle
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindResourceW
LoadResource
GlobalHandle
SetLastError
Sleep
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetUserDefaultLCID
GetModuleFileNameW
GetLastError
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetLocaleInfoA

user32

GetWindowTextLengthW
GetWindowTextW
ShowWindow
DestroyWindow
MoveWindow
SetWindowPos
wsprintfW
GetDlgItem
SetActiveWindow
InvalidateRect
MessageBoxW
KillTimer
SendMessageW
GetWindowThreadProcessId
IsWindow
GetForegroundWindow
PtInRect
ScreenToClient
GetClientRect
LoadIconW
CharNextW
DispatchMessageW
SetWindowLongW
GetWindowLongW
DialogBoxIndirectParamW
RegisterClassExW
SetWindowTextW
LoadCursorW
DefWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
UnregisterClassA
GetParent
ClientToScreen
TranslateMessage
GetMessageW
PostMessageW
PostThreadMessageW
SendDlgItemMessageW
MapDialogRect
SetWindowContextHelpId
EndDialog
RegisterWindowMessageW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush

advapi32

RegDeleteKeyW
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegQueryValueExA

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
ExtractIconW
Shell_NotifyIconW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoCreateInstance
OleUninitialize
OleInitialize
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket

oleaut32

LoadTypeLi
VariantCopy
VariantClear
SafeArrayCreateVector
SysAllocString
SysFreeString
VariantInit
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
DispCallFunc
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

StrStrIW

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpReadData

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

206502c81343f68f904b2d94c327ccc6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

shlwapi

winhttp

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 19KB - Virtual size: 19KB