4a9991dd45fb75d18befb77a2f631f143ac9d32153f952b482e80a523f951070

Sharing

Copy URL

Twitter E-mail

General

Target

4a9991dd45fb75d18befb77a2f631f143ac9d32153f952b482e80a523f951070
Size

649KB
MD5

27601849baf525aca0733ce48a2e7de6
SHA1

b566c7bd5c29230e1afa206dd29713300e08943b
SHA256

4a9991dd45fb75d18befb77a2f631f143ac9d32153f952b482e80a523f951070
SHA512

a6afc77be3c5fecd6a18df58b8984833ebf503e15e5c4ff03696919823e10d10773ff100555e92b3af5a603b517bf3e2798b5b4c2fd02de8dbe50afbc534c58b
SSDEEP

12288:nV6NNat/6uUWaTfyHyB3iEspVmdJssLjC6wEn5bV:n/96IaeSBr3pLjC6PnlV

Score

N/A

Malware Config

Signatures

Files

4a9991dd45fb75d18befb77a2f631f143ac9d32153f952b482e80a523f951070
.exe windows x86

5e4b742ff49812f0a5cb478988fdbbae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
QueryDosDeviceW
QueryPerformanceCounter
ReadFile
GetWindowsDirectoryW
RemoveDirectoryW
ResetEvent
RtlUnwind
SetCurrentDirectoryW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
WriteProfileStringW
lstrlenA
lstrlenW
VirtualAllocEx
GetDriveTypeA
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetVersion
GetUserGeoID
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetTempPathW
GetTempPathA
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStartupInfoA
GetShortPathNameW
GetProfileStringW
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetNumberFormatW
GetNativeSystemInfo
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileTime
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
FreeLibrary
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
DebugBreak
CreateThread
CreateProcessW
CreateMutexW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
ReleaseMutex
CloseHandle

user32

LoadIconA
UpdateWindow
TranslateMessage
ShowWindow
SetWindowTextW
SetWindowPos
SetWindowLongW
SetTimer
SetScrollInfo
SetForegroundWindow
SetFocus
SetCursor
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
ReleaseDC
RegisterWindowMessageA
PostThreadMessageW
PostQuitMessage
PostMessageW
PeekMessageW
MoveWindow
MessageBoxW
MapWindowPoints
LockSetForegroundWindow
LoadStringW
LoadStringA
LoadImageW
LoadIconW
LoadCursorW
KillTimer
IsWindow
IsDlgButtonChecked
IsDialogMessageW
IsCharAlphaW
InvalidateRect
GetWindowRect
GetWindowLongW
GetSystemMetrics
GetSystemMenu
GetSysColor
GetScrollInfo
GetParent
GetMessageW
GetDlgItem
GetDesktopWindow
GetDC
GetActiveWindow
FindWindowW
FindWindowExW
EndPaint
EnableWindow
EnableMenuItem
DrawTextW
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyCursor
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CheckRadioButton
CharNextW
CharNextA
CallWindowProcW
BeginPaint
GetClientRect

gdi32

SetMapMode
SetTextColor
CreateCompatibleDC
CreateFontA
CreateFontIndirectW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
ExtTextOutW
GetDeviceCaps
GetObjectW
GetStockObject
GetTextFaceA
GetTextMetricsW
PatBlt
SelectObject
SetBkColor
SetBkMode

advapi32

OpenProcessToken
AddAccessAllowedAceEx
AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
ConvertSidToStringSidW
ConvertStringSidToSidW
CreateServiceW
DeleteService
EnumDependentServicesW
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetNamedSecurityInfoW
GetSecurityInfo
GetTokenInformation
InitializeAcl
InitiateSystemShutdownExW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeValueW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo
StartServiceW
TraceMessage
RegOpenKeyA

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHGetFolderLocation
SHChangeNotify
CommandLineToArgvW

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

shlwapi

SHDeleteKeyW
PathGetCharTypeW
PathGetCharTypeA
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW
PathAddBackslashA

msvcrt

_vsnprintf
wcstol
wcstok
wcsstr
wcsrchr
wcspbrk
wcsncmp
wcschr
towupper
_XcptFilter
__dllonexit
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_amsg_exit
_beginthreadex
_cexit
_controlfp
_endthread
_exit
_initterm
_ismbblead
_itow
_lock
_onexit
_purecall
_stricmp
_strlwr
_unlock
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wtoi
_wtol
bsearch
calloc
ceil
exit
free
iswalnum
iswalpha
iswdigit
iswspace
malloc
memcpy
memmove
memset
strrchr
strstr
swscanf
towlower

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rwu0
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e4b742ff49812f0a5cb478988fdbbae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcrt

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 520KB - Virtual size: 520KB

.rwu0 Size: 11KB - Virtual size: 10KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 520KB - Virtual size: 520KB

.rwu0
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 92KB - Virtual size: 92KB