e73f4d77d8f0ca72311958e6835f76b555bb19b6e771888a21610003bfcf6a92

Sharing

Copy URL Twitter E-mail

General

Target

e73f4d77d8f0ca72311958e6835f76b555bb19b6e771888a21610003bfcf6a92
Size

1.1MB
MD5

4564163ffe72139d284c222339291518
SHA1

b9656317e752f569b193b3580aa9cd720d832884
SHA256

e73f4d77d8f0ca72311958e6835f76b555bb19b6e771888a21610003bfcf6a92
SHA512

139fb74411be0d194dfc9a785dec9a5098dad627b26dece5e486910088f147f8481b6f5c09732cb551e5778e59dd8a6a0592c2b134b270cb4dec52f287720ed8
SSDEEP

24576:01iILfdE+DekfHgJNKwBePuEZrmTLcvykRsYlvvebj:0ffSse6KKrPXRmXm+P

Score

N/A

Malware Config

Signatures

Files

e73f4d77d8f0ca72311958e6835f76b555bb19b6e771888a21610003bfcf6a92
.exe windows x86

fe7a4821a9e4c94bb861d7e1f695e1ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgConvertPropertyToVariant
CoCreateInstance

imm32

ImmGetStatusWindowPos

comdlg32

PrintDlgW

urlmon

FindMimeFromData
IsLoggingEnabledA
WriteHitLogging
FaultInIEFeature
CompareSecurityIds
URLDownloadToCacheFileW

pdh

PdhReadRawLogRecord
PdhGetRawCounterValue
PdhGetCounterInfoW
PdhLookupPerfNameByIndexW
PdhCalculateCounterFromRawValue
PdhGetFormattedCounterArrayA

mprapi

MprAdminConnectionGetInfo
MprAdminConnectionClearStats
MprAdminMIBBufferFree
MprConfigInterfaceSetInfo

clusapi

ClusterNetworkEnum
RemoveClusterResourceNode
ClusterRegQueryInfoKey
ClusterResourceTypeCloseEnum

shell32

SHCreateProcessAsUserW
DragQueryFileA
SHInvokePrinterCommandW

oleaut32

VarCyRound
VarCyFromUI2
LPSAFEARRAY_UserSize

kernel32

GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetSystemTimeAsFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
VirtualQuery
GetSystemInfo
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
LocalAlloc
RaiseException
GetVersionExA
GetLastError
SetFilePointer
GetConsoleCP
SetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
ExitProcess
VirtualAlloc
VirtualFree
GetModuleHandleW
RemoveDirectoryW
lstrlenA
FreeConsole
GetCalendarInfoW
Process32FirstW
WriteFileEx
LocalReAlloc
CompareStringA
GetPrivateProfileStringW
InterlockedExchange
Heap32Next
GetProfileStringW
GetTapeStatus
GetGeoInfoW
lstrcatW
InitializeSListHead
GetDateFormatW
LocalLock
SetDefaultCommConfigA
OpenMutexA
QueueUserWorkItem
SetCalendarInfoW
DeviceIoControl
CreateSemaphoreA
FreeUserPhysicalPages
BeginUpdateResourceW
PulseEvent
GetProcessTimes
DebugActiveProcess
HeapFree
GetStringTypeExA
EnumCalendarInfoA
DecodePointer
SetConsoleCursorInfo
GetTimeZoneInformation
SetFileValidData
CreatePipe
GetOverlappedResult
FindVolumeClose
WinExec
WritePrivateProfileSectionW
BackupSeek
GlobalCompact
EndUpdateResourceA
CreateFileW
HeapReAlloc
ReadFileEx
IsProcessInJob
GetEnvironmentStrings
SetProcessWorkingSetSize
WaitForDebugEvent
SetConsoleCursorPosition
CreateActCtxW
Thread32First
SetThreadLocale
GetComputerNameW
ConvertDefaultLocale
CreateTimerQueue
GetCompressedFileSizeA
CopyFileExA
GetSystemTime
SetThreadIdealProcessor
ReadConsoleOutputA
OpenFileMappingW
ReadConsoleW
GetTempPathA
DeleteTimerQueue
CreateMemoryResourceNotification
GetCurrentActCtx
SetFirmwareEnvironmentVariableW
WriteConsoleOutputCharacterA
WriteProcessMemory
LocalFree
DosDateTimeToFileTime
SetConsoleCP
WritePrivateProfileStructA
LockFile
CompareFileTime
SetConsoleScreenBufferSize
SetSystemTime
SetDefaultCommConfigW
HeapCreate
GlobalUnWire
SetEnvironmentVariableA
CompareStringW
GetDevicePowerState
EnumTimeFormatsW
SizeofResource
DeleteFileA
FindResourceExW
SearchPathA
InterlockedExchangeAdd
ExpandEnvironmentStringsA
SetCommBreak
lstrcpynA
TlsAlloc
GetConsoleMode
SetWaitableTimer
FreeResource
WritePrivateProfileStringA
FindAtomW
GetModuleHandleExW
SetConsoleOutputCP
GetGeoInfoA
GetSystemDirectoryA
CreateThread
OpenSemaphoreW
LocalUnlock
GetHandleInformation
GetConsoleWindow
SetFileApisToOEM
IsProcessorFeaturePresent
VirtualAllocEx
UnmapViewOfFile
ReadConsoleOutputAttribute
DeleteFiber
ReadDirectoryChangesW
GetProcessHandleCount
FreeEnvironmentStringsW
OpenWaitableTimerW
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
OutputDebugStringA
GetCurrentProcessId
GetFileAttributesA
CloseHandle
GetFileType
CreateFileA
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
ExitProcess
InitializeCriticalSection
WriteFile
GetModuleFileNameA
RtlUnwind
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

~Kku!x0z
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe7a4821a9e4c94bb861d7e1f695e1ac

Headers

File Characteristics

Imports

ole32

imm32

comdlg32

urlmon

pdh

mprapi

clusapi

shell32

oleaut32

kernel32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 13KB

~Kku!x0z Size: 936KB - Virtual size: 935KB

.rsrc Size: 4KB - Virtual size: 1.1MB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 13KB

~Kku!x0z
Size: 936KB - Virtual size: 935KB

.rsrc
Size: 4KB - Virtual size: 1.1MB