a8a535f52086bc89ff8cbe425d436b2e7e12a35f920de0120262024842f0d2ce

Sharing

Copy URL Twitter E-mail

General

Target

a8a535f52086bc89ff8cbe425d436b2e7e12a35f920de0120262024842f0d2ce
Size

1.5MB
MD5

fe2e7f9bb2a8aafe8e118b0085fd0209
SHA1

dddf44b45f6c3d081fb1745ae947d5a97968c364
SHA256

a8a535f52086bc89ff8cbe425d436b2e7e12a35f920de0120262024842f0d2ce
SHA512

5ac35448e0a997ea2dfe0beccc44c673954ac5ae66e464d04e91d862ce5596cc92b06a6811daa6fbbf8f8399f138c7e6c3c78336da5e36d151568484d74cae18
SSDEEP

24576:c0PjVeW/5vAcZoc0WDIS3LvO8BLgUNdz+yXS8owLEMo5C/kBx/:hj80LZo/WbLGM7HlLERCC/

Score

N/A

Malware Config

Signatures

Files

a8a535f52086bc89ff8cbe425d436b2e7e12a35f920de0120262024842f0d2ce
.exe windows x86

a059993434318258aa05f71516208c2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_wcsicmp
RtlCreateUnicodeStringFromAsciiz
NtQueryInformationProcess
RtlFreeHeap
RtlEnterCriticalSection
RtlInsertElementGenericTable
RtlFormatCurrentUserKeyPath
RtlAddAccessAllowedAce
RtlFreeUnicodeString
atol
wcscpy
RtlInitializeCriticalSectionAndSpinCount
swprintf
RtlValidRelativeSecurityDescriptor
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlCreateUserThread
RtlSetOwnerSecurityDescriptor
NtFsControlFile
RtlSetSaclSecurityDescriptor
NtDeleteKey
NtTerminateProcess
NtCreateKey
_wcslwr
RtlGUIDFromString
NtSetInformationProcess
NtSetInformationThread
RtlMakeSelfRelativeSD
NtQueryKey
RtlOemToUnicodeN
NtOpenSymbolicLinkObject
RtlCreateTimer
NtOpenThreadToken
RtlUnicodeToOemN
RtlUpcaseUnicodeStringToOemString
RtlAcquireResourceExclusive
_wcsupr
NtWaitForMultipleObjects
RtlRegisterWait
RtlDetermineDosPathNameType_U
RtlCopyUnicodeString
RtlMultiByteToUnicodeN
NtCreateSection
RtlExtendedLargeIntegerDivide
RtlGetVersion
NtOpenProcessToken
RtlGetAce
RtlxAnsiStringToUnicodeSize
strchr
RtlInitString
wcstoul
RtlInitializeGenericTable
RtlSizeHeap
RtlReleaseResource
RtlLeaveCriticalSection
RtlCompareMemory
RtlInitAnsiString
strrchr
RtlAnsiStringToUnicodeString
RtlExpandEnvironmentStrings_U

shlwapi

SHDeleteValueA
PathRemoveExtensionW
StrChrIW
SHSetValueW
SHStrDupW
StrCmpNIA
StrTrimW
UrlIsW
PathSkipRootW
PathStripToRootW
StrCpyW
PathAppendW
PathCombineW
StrDupW
SHDeleteValueW
wnsprintfA
PathFindExtensionA
StrToIntExW
PathRemoveBlanksW
StrStrW
StrRetToBufW
PathCreateFromUrlW
wnsprintfW
StrCatW
UrlUnescapeW
PathIsUNCW
PathAppendA
StrChrW
StrToIntW
StrCmpNIW
PathIsRootW
StrCmpW
StrCmpNW
StrStrIA
PathIsDirectoryW
PathRemoveFileSpecW
PathIsRelativeW
PathIsURLW
PathFindFileNameW
PathGetDriveNumberW
StrStrIW
PathFindFileNameA
SHRegGetBoolUSValueW
PathFileExistsW
PathAddBackslashW
PathFindExtensionW
AssocQueryStringW
PathStripToRootA
PathRemoveFileSpecA
StrCatBuffW

oleaut32

SetErrorInfo
SafeArrayGetElement
SafeArrayPtrOfIndex
LoadTypeLib
VariantChangeTypeEx
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
VariantCopy
GetActiveObject
SafeArrayGetUBound
VariantClear
SysStringLen
SafeArrayPutElement
CreateErrorInfo
SafeArrayGetLBound
SysFreeString
OleLoadPicture
RegisterTypeLib
VariantCopyInd
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
SysAllocStringByteLen
VariantInit
VariantChangeType
SysReAllocStringLen

version

VerQueryValueA
VerLanguageNameA
VerQueryValueW
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

msvcrt

_beginthreadex
??1type_info@@UAE@XZ
__set_app_type
strstr
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
__p__commode
_wcsupr
_XcptFilter
free
_amsg_exit
_CxxThrowException
fwrite
_adjust_fdiv
fflush
_stricmp
fseek

gdi32

CreateFontIndirectW
GetObjectA
CreateDCW
GetBitmapBits
GetViewportExtEx
TextOutA
SetMapMode
Polyline
DeleteMetaFile
GetPaletteEntries
GetObjectType
CreateMetaFileA
CreateFontA
GetTextExtentPointW
GetDIBits
CreateDIBSection
GetTextMetricsA
GetDeviceCaps
SelectPalette
Rectangle
RestoreDC
GetTextMetricsW
GetRgnBox
GetWindowExtEx
SetWindowExtEx
CreateHalftonePalette
CreateBrushIndirect
GetGlyphOutlineA
SetBkColor
CombineRgn
EndPage
SetWindowOrgEx
SetViewportExtEx
StretchBlt
EnumFontFamiliesExW
CreateSolidBrush
SaveDC
CreateDIBitmap
DeleteObject
SetStretchBltMode
CreateCompatibleDC
SetPixel
RectVisible
GetPixel
CreateRectRgnIndirect
GetTextColor
SetTextColor
CreateMetaFileW
CreatePatternBrush
SelectClipRgn
GetCurrentObject
LineTo
Ellipse
ExtSelectClipRgn
SetROP2

ole32

CoImpersonateClient
MkParseDisplayName
CoGetClassObject
ProgIDFromCLSID
CreateBindCtx
StgIsStorageFile
OleRegGetMiscStatus
OleLoadFromStream
CoTaskMemRealloc
CoInitializeEx
CoGetInterfaceAndReleaseStream
StgCreateDocfile
StgOpenStorage
OleRegGetUserType
CoDisconnectObject
CoUnmarshalInterface
CoGetObjectContext
CoFreeUnusedLibraries
ReleaseStgMedium
IIDFromString
CoTaskMemAlloc
CoUninitialize
CreateDataAdviseHolder
CoCreateGuid
OleInitialize
OleUninitialize
CoInitializeSecurity
CoRegisterClassObject
StringFromCLSID
GetRunningObjectTable
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoCreateInstanceEx
OleRun
CreateOleAdviseHolder
StgCreateDocfileOnILockBytes
CoGetMalloc

kernel32

CreateFileA
FileTimeToSystemTime
GetOEMCP
CreateEventW
GetDriveTypeA
QueryPerformanceCounter
LoadLibraryW
IsBadWritePtr
FindResourceW
UnhandledExceptionFilter
FindResourceA
GetLocaleInfoW
GetStdHandle
GetLastError
EnterCriticalSection
OutputDebugStringW
ExitProcess
GetModuleFileNameW
IsDBCSLeadByte
GetConsoleMode
VirtualAllocEx
GetLocalTime
GetCommandLineW
TlsSetValue

user32

SetWindowTextW
GetWindowDC
DrawIcon
SetWindowTextA
GetSubMenu
GetSystemMetrics
GetClientRect
PostQuitMessage
CharLowerW
TrackPopupMenu
GetWindowThreadProcessId
ShowWindow
WinHelpW
GetMenu
UnregisterClassA
SystemParametersInfoA
GetPropA
GetMenuItemCount
EndPaint
GetWindowTextW
LoadIconW
MsgWaitForMultipleObjects
LoadBitmapA
SetWindowPos
GetDesktopWindow
CallNextHookEx
SetWindowRgn
IsDlgButtonChecked
MapWindowPoints
IsWindowEnabled
GetWindowLongA
SetDlgItemTextA
DestroyMenu
IsZoomed
DestroyIcon
LoadCursorA
CreatePopupMenu
PeekMessageW
CharNextA
EnableMenuItem
GetCursorPos
SetCapture
SetRect
RegisterClassExA
GetDC
CheckRadioButton
IsIconic
CreateWindowExW
GetActiveWindow
GetDlgItemTextA
LoadBitmapW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHBindToParent
SHGetPathFromIDListA
SHChangeNotify
SHGetFolderPathW
SHGetMalloc
DragQueryFileA
ShellExecuteA
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
DragQueryFileW
CommandLineToArgvW
ShellExecuteExW

Sections

.code
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.stab
Size: 512B - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.no_bbt
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a059993434318258aa05f71516208c2e

Headers

File Characteristics

Imports

ntdll

shlwapi

oleaut32

version

msvcrt

gdi32

ole32

kernel32

user32

shell32

Sections

.code Size: 1.4MB - Virtual size: 1.4MB

.stab Size: 512B - Virtual size: 4.2MB

.orpc Size: 512B - Virtual size: 494B

.no_bbt Size: 512B - Virtual size: 488B

.CRT Size: 512B - Virtual size: 492B

.edata Size: 512B - Virtual size: 2.4MB

.tls Size: - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 6KB

.code
Size: 1.4MB - Virtual size: 1.4MB

.stab
Size: 512B - Virtual size: 4.2MB

.orpc
Size: 512B - Virtual size: 494B

.no_bbt
Size: 512B - Virtual size: 488B

.CRT
Size: 512B - Virtual size: 492B

.edata
Size: 512B - Virtual size: 2.4MB

.tls
Size: - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 6KB