b09d2a5601ae1036e126fd2ac3427aadf1052e3e82aa0eaadd99ec85abdbfebb

Sharing

Copy URL Twitter E-mail

General

Target

b09d2a5601ae1036e126fd2ac3427aadf1052e3e82aa0eaadd99ec85abdbfebb
Size

1.3MB
MD5

57e437a1c17b5cb2451982429b652dc7
SHA1

45e6eb0e7751cb3b08ac8bff495bbdd819b47bd8
SHA256

b09d2a5601ae1036e126fd2ac3427aadf1052e3e82aa0eaadd99ec85abdbfebb
SHA512

52235d178f5d7275c1aca698a98bab11fccd1e17a976baacf6a5ab9fe8a9f5ce8557c9c3b39212ac49e8120f49cfb11998c6f03466a430dac9b693458ac4aff0
SSDEEP

24576:S183yPKOQ0pjYeIFR+XyxoHF5EisvSCRBF:Say+0pYeIFR+XyOHHEisvPRBF

Score

N/A

Malware Config

Signatures

Files

b09d2a5601ae1036e126fd2ac3427aadf1052e3e82aa0eaadd99ec85abdbfebb
.exe windows x86

6e160ec34e351aaec1d372fcdaa70f9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
SetMailslotInfo
SetPriorityClass
GetWindowsDirectoryW
GetSystemWindowsDirectoryA
CopyFileExW
ExpandEnvironmentStringsW
EnumCalendarInfoA
GetCompressedFileSizeA
GetFileType
GetCompressedFileSizeW
GetAtomNameA
QueryInformationJobObject
GetNamedPipeHandleStateA
CancelWaitableTimer
GetModuleFileNameA
OpenThread
GetConsoleAliasExesLengthW
GetThreadLocale
GetVolumePathNameA
AddAtomW
SetConsoleTextAttribute
SetConsoleCtrlHandler
ReplaceFileW
GetModuleFileNameW
GetVolumeInformationW
DnsHostnameToComputerNameA
OpenFileMappingA
FindFirstVolumeMountPointA
GetLongPathNameA
OpenWaitableTimerA
GetFileSizeEx
ReplaceFileA
OpenMutexW
EnumCalendarInfoExW
PrepareTape
GetTempPathW
SetConsoleDisplayMode
SetThreadIdealProcessor
GetStringTypeW
CancelIo
ReadDirectoryChangesW
GetModuleHandleA
SetCalendarInfoA
GetCurrentThread
GetHandleInformation
SetConsoleCP
GetFullPathNameA
SetFileAttributesA
SearchPathA
OpenWaitableTimerW
CreateEventA
ReleaseSemaphore
FormatMessageA
GetLongPathNameW
OpenSemaphoreA
VerifyVersionInfoW
FindResourceExW
GetCurrencyFormatA
GetConsoleMode
GetCalendarInfoW
OpenSemaphoreW
GetComputerNameW
GetPriorityClass
HeapValidate
GetProfileStringA
SetComputerNameExA
GetExitCodeThread
GetOverlappedResult
OpenJobObjectW
SetThreadAffinityMask
CreateTapePartition
BindIoCompletionCallback
MoveFileWithProgressA
IsBadCodePtr
GetProcessTimes
SleepEx
GetDriveTypeW
SetEnvironmentVariableW
GetProfileSectionW
GetConsoleAliasesA
GetFileAttributesExW
GetProfileStringW
FindFirstFileExA
GetOEMCP
SetFileAttributesW
GetDiskFreeSpaceW
GetEnvironmentVariableA
PostQueuedCompletionStatus
lstrcpynW
SetThreadContext
OpenFileMappingW
OpenEventW
OpenProcess
MultiByteToWideChar
WideCharToMultiByte
GetConsoleScreenBufferInfo
GetBinaryTypeA
SetConsoleActiveScreenBuffer
AddAtomA
GetNumberOfConsoleInputEvents
GetCurrentProcess
SetVolumeMountPointA
GetFileSize
MapViewOfFileEx
CreateMailslotA
GetSystemDirectoryW
Module32FirstW
RegisterWaitForSingleObject
DosDateTimeToFileTime
GetFileTime
GetDevicePowerState
GetTimeZoneInformation
CreateWaitableTimerW
FindAtomA
EnumCalendarInfoW
FindAtomW
GetConsoleAliasW
GetBinaryTypeW
GetDateFormatW
FlushConsoleInputBuffer
GetSystemDefaultLCID
GetTapeStatus
LoadResource
GetCurrencyFormatW
LockFile
GetTimeFormatA
GetUserDefaultLCID
SwitchToThread
GetVolumeNameForVolumeMountPointA
SetTapeParameters
SetProcessWorkingSetSize
DefineDosDeviceA
GetStdHandle
SetThreadPriority
OutputDebugStringW
CopyFileW
SetThreadLocale
GetPrivateProfileSectionNamesA
CreateMutexW
lstrcmpA
GetThreadPriority
ReadFile
CreateNamedPipeW
CompareStringW
PeekNamedPipe
SetErrorMode
DeviceIoControl
SetConsoleOutputCP
IsSystemResumeAutomatic
GetEnvironmentVariableW
SetProcessPriorityBoost
DuplicateHandle
CreateFileMappingW
GetSystemWindowsDirectoryW
GetCPInfo
AssignProcessToJobObject
GetPrivateProfileStructA
DeleteAtom
DeleteTimerQueue
Module32NextW
GetPrivateProfileStringW
ReadProcessMemory
UnregisterWait
HeapCreate
CopyFileA
GetThreadContext
GetConsoleAliasesW
ConvertThreadToFiber
LCMapStringA
FindResourceExA
GetCPInfoExA
GetSystemDefaultLangID
FreeEnvironmentStringsA
FindVolumeMountPointClose
FreeEnvironmentStringsW
CreateDirectoryExA
WriteConsoleW
EraseTape
CreateMailslotW
GetLocaleInfoW
GetTempPathA
OpenMutexA
GetCommandLineW
GetProfileSectionA
GetWindowsDirectoryA
GetUserDefaultLangID
TryEnterCriticalSection
GetACP
GetProfileIntW
MapViewOfFile
FindResourceW
GetConsoleAliasExesW
CreateNamedPipeA
GetShortPathNameW
GetMailslotInfo
SetComputerNameExW
CreateJobObjectA
CreateFileMappingA
CreateIoCompletionPort
FindFirstVolumeW
GetPrivateProfileSectionW
GetCurrentConsoleFont
DeleteTimerQueueTimer
GetConsoleWindow
CreateMutexA
SetThreadPriorityBoost
FindNextChangeNotification
GetPrivateProfileSectionA
GetPrivateProfileStringA
SetEndOfFile
OpenEventA
FlushViewOfFile
CreateHardLinkA
EnumCalendarInfoExA
CreateHardLinkW
GetPrivateProfileIntA
SetCurrentDirectoryW
IsDBCSLeadByteEx
CreateProcessW
DefineDosDeviceW
SetSystemPowerState
CreateDirectoryA
GetSystemDirectoryA
LocalReAlloc
GetConsoleOutputCP
GetDiskFreeSpaceA
GetVersion
MapUserPhysicalPagesScatter
SetInformationJobObject
FindResourceA
OpenJobObjectA
HeapReAlloc
HeapAlloc
HeapSize
RtlUnwind
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WriteFile
DecodePointer
ExitProcess
GetModuleHandleW
SetUnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
FoldStringA
FindVolumeClose
GetCurrentDirectoryA
GetPrivateProfileSectionNamesW
VirtualAlloc
GetProcessWorkingSetSize
GetEnvironmentStrings
GetStringTypeExA
GetStringTypeExW
ReleaseMutex
GetPrivateProfileIntW
ContinueDebugEvent
SetHandleInformation
GetProcessVersion
GetFullPathNameW
GetFileAttributesW
CreateDirectoryExW
SetFileTime
GetPrivateProfileStructW
LCMapStringW
ExpandEnvironmentStringsA
DeleteTimerQueueEx
SetProcessAffinityMask
CreateJobObjectW
SetCurrentDirectoryA
SetWaitableTimer
SetEnvironmentVariableA
SetCalendarInfoW
DisconnectNamedPipe
ResetWriteWatch
GetNamedPipeHandleStateW
AreFileApisANSI
GetUserDefaultUILanguage
FlushInstructionCache
SetLocaleInfoA
GetFileInformationByHandle
IsValidCodePage
GetNumberFormatA
SetSystemTimeAdjustment
ProcessIdToSessionId
GetProcAddress
FormatMessageW
GetAtomNameW
GetDriveTypeA
SetConsoleMode
GetStringTypeA
GetProcessPriorityBoost
CreateDirectoryW
SetTapePosition
GetLogicalDriveStringsA
CreateSemaphoreW
CompareStringA
SetLocaleInfoW
CreateWaitableTimerA
CreateSemaphoreA
Module32Next
IsProcessorFeaturePresent

user32

GetPropW
CharLowerW
GetMenu
RegisterClassA
FrameRect
GetThreadDesktop
ChildWindowFromPoint
SystemParametersInfoW
IsZoomed
GetCursorPos
UnregisterClassA
SetWindowsHookExW
AdjustWindowRectEx
PeekMessageW
SetClipboardData
ReleaseDC
CreateWindowExA
GetWindowTextW
SetMenuItemInfoW
SetWindowsHookExA
CharToOemBuffA
GetWindowTextLengthW
GetDlgItemTextW
SetWindowTextA
SetFocus
SetWindowLongA
CopyIcon
TranslateAcceleratorW
LoadStringA
SetParent
UpdateWindow
SetPropW
GetWindowTextLengthA
IsWindowVisible
LoadStringW
FindWindowExW
BeginDeferWindowPos
DefWindowProcA
DestroyMenu
IsWindowUnicode
InflateRect
IsRectEmpty
PeekMessageA
GetLastActivePopup
RedrawWindow

advapi32

RegSetValueExW
CryptGenRandom
RegDeleteKeyA
DuplicateTokenEx
SetNamedSecurityInfoW
RegEnumValueA
SetEntriesInAclW
QueryServiceStatus
GetSecurityDescriptorControl
CreateWellKnownSid
RegQueryInfoKeyW
OpenThreadToken
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
AddAccessAllowedAce
GetUserNameW
CopySid
IsValidSid
ImpersonateLoggedOnUser
RegQueryValueExW
ControlService
GetLengthSid
GetSecurityDescriptorGroup
CryptGetHashParam
InitializeSecurityDescriptor
FreeSid
RegDeleteValueA
LsaOpenPolicy
ReportEventW
RegCreateKeyA
RegQueryInfoKeyA
GetSecurityDescriptorDacl
StartServiceA
SetThreadToken
CreateProcessAsUserW
GetSidSubAuthority
CryptAcquireContextW
LsaQueryInformationPolicy
LookupAccountSidW
RegCloseKey
RegQueryValueExA
SetSecurityDescriptorOwner
CryptCreateHash
RegCreateKeyExA
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
OpenSCManagerA
GetSidLengthRequired
OpenServiceW
OpenProcessToken
RegOpenKeyExA
RegEnumKeyW
RegOpenKeyA
RegEnumKeyExA
RegFlushKey

shell32

SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
SHGetSpecialFolderLocation
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHBindToParent

oleaut32

VariantCopyInd
SysAllocStringByteLen
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysReAllocStringLen
VariantClear
SafeArrayCreate
GetActiveObject
SafeArrayGetUBound
VariantCopy
VariantChangeTypeEx
SysStringLen
SysFreeString
GetErrorInfo

Sections

.text
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e160ec34e351aaec1d372fcdaa70f9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

Sections

.text Size: 887KB - Virtual size: 887KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 322KB - Virtual size: 601KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 887KB - Virtual size: 887KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 322KB - Virtual size: 601KB

.rsrc
Size: 5KB - Virtual size: 5KB