1f5dcdc5407c5a9aecaffab49157a05760a39f22c7dc69321dc06b55c5ecd32d

Sharing

Copy URL Twitter E-mail

General

Target

1f5dcdc5407c5a9aecaffab49157a05760a39f22c7dc69321dc06b55c5ecd32d
Size

461KB
MD5

ad155f0c1e78728e7b4213f8842f521f
SHA1

3d61e4e77381270fa56e992565a86caf1c7caa82
SHA256

1f5dcdc5407c5a9aecaffab49157a05760a39f22c7dc69321dc06b55c5ecd32d
SHA512

66ba8ba90f56ab6dc8e4f271b9c0573c18f3072acb161f1d2029df338b160fff3e9e0d9bb79dcdbaf7a5407a19d9c0c9ec5a510f26441859bd6348f7890084c1
SSDEEP

6144:u9EOzn8GFxjmVpS2mS3PtkrbM4ijuas/bkWLsd9IpnKtosnWRTOcE9A5s:LurjGpSrctE49vwkW4d9I9KtVn4Nn2

Score

N/A

Malware Config

Signatures

Files

1f5dcdc5407c5a9aecaffab49157a05760a39f22c7dc69321dc06b55c5ecd32d
.exe windows x86

c4ef15243f980a6a2ebc1916b634573a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
SetFileAttributesW
MultiByteToWideChar
GetEnvironmentVariableA
GetFileAttributesW
GetVolumeInformationA
GetWindowsDirectoryA
CreateDirectoryW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
Sleep
FreeLibrary
CreateProcessW
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetModuleHandleW
GetProcessHeap
OpenProcess
LoadLibraryW
GetVersionExW
TerminateProcess
GetLastError
GetProcAddress
LoadLibraryA
DuplicateHandle
CloseHandle
GetCurrentProcessId
LocalFree
InterlockedIncrement
InterlockedDecrement
CreateMutexW
ReleaseMutex
CreateFileA
FindFirstFileW
MoveFileExW
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
MoveFileA
GetModuleFileNameA
FindNextFileW
DeleteFileW
DeleteFileA
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteFile
CreateFileW
GetTickCount
GlobalAlloc
GlobalFree
DeviceIoControl
GetFileSize
ReadFile
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
GetSystemInfo
CreateProcessA
GetStartupInfoA
SetFilePointer
PeekNamedPipe
WaitForMultipleObjects
CreatePipe
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
ResetEvent
SetEvent
InterlockedExchange
CreateEventA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetExitCodeThread
GetCurrentThreadId
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileType
InterlockedCompareExchange
InitializeCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
HeapSize
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpReceiveResponse

psapi

GetModuleBaseNameW
EnumProcessModules

setupapi

SetupDiGetDeviceInfoListDetailW
SetupCopyOEMInfW
SetupGetStringFieldW
SetupCloseInfFile
SetupFindFirstLineW
SetupFindNextLine
CM_Locate_DevNodeW
CMP_WaitNoPendingInstallEvents
SetupOpenInfFileW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Reenumerate_DevNode
SetupDiGetClassDevsW

ws2_32

ntohs

shlwapi

PathFileExistsW

user32

CallWindowProcW
RegisterClassW
CreateWindowExW
ShowWindow
SetWindowLongW
GetWindowLongW
DefWindowProcW
wvsprintfW
wsprintfW
DestroyWindow
SetTimer
PostQuitMessage
PostMessageW
KillTimer
RegisterDeviceNotificationW
UnregisterDeviceNotification
FindWindowW
GetMessageW
TranslateMessage
IsWindow
FindWindowExW
SendMessageW
DispatchMessageW
LoadCursorW

advapi32

SetEntriesInAclW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExW
RegEnumValueW
QueryServiceStatus
SetSecurityInfo
RegQueryInfoKeyW
RegQueryValueExW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderPathA

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4ef15243f980a6a2ebc1916b634573a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

psapi

setupapi

ws2_32

shlwapi

user32

advapi32

shell32

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB