83baa7adeb42fb86101ea3eb9606823199ea5f3774ebfdbbe8d01658f8d76f4e

Sharing

Copy URL Twitter E-mail

General

Target

83baa7adeb42fb86101ea3eb9606823199ea5f3774ebfdbbe8d01658f8d76f4e
Size

85KB
MD5

457957695ce22e3a50634ce91a764827
SHA1

0be59cd934f2e5301aae6976c2aed2202fb13e00
SHA256

83baa7adeb42fb86101ea3eb9606823199ea5f3774ebfdbbe8d01658f8d76f4e
SHA512

f0159f496784a0b5cf915862d8c367c9aa1dddb35a55cc869c526ef2a34c0043aa69d418dcc986c7d65201c4700ca6746a14a5d234ded78309a8defd6252a9bd
SSDEEP

1536:WDRYLLN2V0lI1Mzn+FA4TGD60W2NllqwPHR6VeOqHtJTlMIAOA9m:Ws8qkMzgA4TGD6KNXqGHR6VeHzlMIAtm

Score

N/A

Malware Config

Signatures

Files

83baa7adeb42fb86101ea3eb9606823199ea5f3774ebfdbbe8d01658f8d76f4e
.exe windows x86

eb845dc68a866c5dd6c94855badfad1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
SetFileAttributesW
SetFileTime
GetFileTime
CreateFileW
GetWindowsDirectoryW
ExitProcess
GetModuleFileNameW
GetLastError
CreateEventW
CopyFileW
GetFileAttributesW
CreateDirectoryW
GetLocalTime
GetVersion
WriteFile
SetFilePointer
GlobalUnlock
GlobalLock
WaitForMultipleObjects
GetFileSize
GetFullPathNameW
SetCurrentDirectoryW
lstrcmpW
VirtualQuery
CreateMutexW
GetCommandLineW
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalFree
GlobalAlloc
LocalAlloc
Module32NextW
Process32FirstW
FindFirstFileW
OpenProcess
IsDebuggerPresent
CheckRemoteDebuggerPresent
DeviceIoControl
IsBadReadPtr
WideCharToMultiByte
VirtualQueryEx
GetSystemInfo
GetVersionExA
MultiByteToWideChar
GetShortPathNameW
WinExec
GetModuleFileNameA
ResumeThread
SetPriorityClass
TerminateProcess
MoveFileExW
ExpandEnvironmentStringsW
LoadLibraryW
ReadFile
UnhandledExceptionFilter
GetStartupInfoA
SuspendThread
VirtualProtect
OpenThread
Thread32Next
HeapCreate
Thread32First
HeapFree
HeapAlloc
SetThreadContext
HeapReAlloc
GetThreadContext
Process32NextW
GetModuleHandleA
VirtualAllocEx
VirtualAlloc
WriteProcessMemory
VirtualFreeEx
VirtualFree
lstrcmpiA
DeleteFileW
GetLogicalDrives
SetErrorMode
GetDriveTypeW
lstrcpyW
Module32FirstW
lstrlenW
lstrcatW
FindNextFileW
FindClose
GetTickCount
lstrcmpiW
GetVersionExW
GetEnvironmentVariableW
GetProcAddress
CreateProcessW
GetCurrentThreadId
DeleteFileA
WaitForSingleObject
CloseHandle
Sleep
ExitThread
GetCurrentProcess
GetProcessId
GetCurrentProcessId
GetModuleHandleW
ReadProcessMemory

user32

GetMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
ReleaseDC
DrawIcon
GetIconInfo
GetCursorInfo
GetCursorPos
wvsprintfA
TranslateMessage
MessageBoxW
wsprintfA
GetSystemMetrics
GetKeyboardLayout
GetWindowThreadProcessId
GetKeyNameTextW
MapVirtualKeyW
GetAsyncKeyState
DefWindowProcW
ChangeClipboardChain
PostMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardViewer
DispatchMessageW
GetKeyboardState
ToUnicodeEx
GetKeyState
GetForegroundWindow
GetWindowTextW
CharLowerBuffW
wsprintfW
FindWindowW

advapi32

RegSetValueExA
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
InitializeAcl
SetSecurityInfo
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetCurrentHwProfileW
RegEnumValueW
RegQueryValueExA

gdi32

CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
CreateDCW
CreateCompatibleDC
GetDIBits
GetObjectW

shell32

ord680
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear

msvcrt

__setusermatherr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_local_unwind2
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
memmove
_wtoi
toupper
wcsncmp
wcstok
_endthread
_wcsupr
_wcslwr
wcscmp
wcsstr
tolower
strtok
strcat
_wcsicmp
strlen
memcpy
sscanf
memset
clock
rand
sprintf
_endthreadex
??3@YAXPAX@Z
_beginthreadex
atoi
getenv
strncpy
strcpy
wcscat
wcscpy
wcslen
_wgetenv

ntdll

NtOpenProcess
RtlAdjustPrivilege
RtlImageNtHeader
RtlCreateUserThread

urlmon

URLDownloadToFileW
URLDownloadToFileA

ws2_32

sendto
WSAStartup
inet_addr
getpeername
gethostbyaddr
inet_ntoa
htons
socket
setsockopt
connect
closesocket
send
recv
WSASend
gethostbyname

wininet

HttpOpenRequestA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpSendRequestW

shlwapi

PathRemoveFileSpecW
StrStrW
StrStrIW
PathFindExtensionW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW
CryptUnprotectData
CryptBinaryToStringA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb845dc68a866c5dd6c94855badfad1d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shell32

ole32

oleaut32

msvcrt

ntdll

urlmon

ws2_32

wininet

shlwapi

psapi

crypt32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB