c5f57dc23a8acef75a7791e655fa2ce15cfd1d3435cc6916974aada62d4590e3

Sharing

Copy URL Twitter E-mail

General

Target

c5f57dc23a8acef75a7791e655fa2ce15cfd1d3435cc6916974aada62d4590e3
Size

145KB
MD5

461ff3863bff311080eacdadc6021aed
SHA1

04fa9f6a5341dc566063748a81ea5fbeec10ea30
SHA256

c5f57dc23a8acef75a7791e655fa2ce15cfd1d3435cc6916974aada62d4590e3
SHA512

bbdfcb7cd61979c96067bc709eb62fd836b0e7b1474f150ef69df55a39dbec6ea961c9c1790f8281cb04e03655e9f07e70aa969e8582d3a6a67ec540a9dcdf65
SSDEEP

3072:4W7deJWaIf0acoGVe/a/o4HDlGlO9bN9pXdq:aJlnRoNYHHDloO9VX8

Score

N/A

Malware Config

Signatures

Files

c5f57dc23a8acef75a7791e655fa2ce15cfd1d3435cc6916974aada62d4590e3
.exe windows x86

4a18f65f97090cc4bc13ae319cbb0d20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__set_app_type
?terminate@@YAXXZ
__p__commode
__dllonexit
_onexit
_controlfp
_adjust_fdiv
__setusermatherr
_read
_initterm
_write
_close
_lseek
_tempnam
sprintf
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
??1type_info@@UAE@XZ
malloc
free
realloc
__CxxFrameHandler
_ftol
_wcsicmp
_purecall
memmove
wcslen
swprintf
wcscat
_beginthreadex
_except_handler3
rand
srand
_CxxThrowException
_open
remove
_errno
__doserrno
wcscmp
wcscpy
_wcsnicmp
wcsncpy
wcsrchr
_wtoi
_wcsdup
iswspace

advapi32

ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
SetThreadToken
EqualSid
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegConnectRegistryW
RegQueryValueExW
RegEnumKeyW

kernel32

GetCurrentProcess
LocalFree
DuplicateHandle
GetFileInformationByHandle
SetLastError
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileA
GlobalFree
lstrlenA
GetModuleHandleA
GetStartupInfoW
FindFirstFileW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetCommandLineW
GetFileAttributesExW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempFileNameW
WideCharToMultiByte
WriteFile
FindNextFileW
FindClose
DeleteFileW
SetFileAttributesW
CopyFileW
GetProcessHeap
HeapFree
MoveFileExW
ResetEvent
HeapReAlloc
MultiByteToWideChar
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetLastError
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetShortPathNameW
CloseHandle
lstrcpyW
lstrcatW
SetEvent
WaitForSingleObject
GetProcAddress
LoadLibraryW
CreateThread
Sleep
GetCurrentThreadId
CreateEventW
GetTickCount
WaitForMultipleObjects
GetCurrentThread
ReadFile
SetFilePointer
CreateFileW
FlushFileBuffers
InterlockedExchange
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
HeapAlloc

user32

PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
PostThreadMessageW
LoadStringW
CharNextW

wininet

HttpEndRequestW
InternetSetOptionA
InternetCrackUrlW
InternetWriteFile
InternetOpenW
InternetConnectW
HttpSendRequestExW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState

ole32

CoGetCallContext
CoCreateGuid
IIDFromString
StringFromCLSID
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadRegTypeLi
SysStringLen
VariantClear
LoadTypeLi
RegisterTypeLi
SysAllocStringLen
VariantCopy
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen

cabinet

ord20
ord22
ord23
ord10
ord11
ord13
ord14

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a18f65f97090cc4bc13ae319cbb0d20

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

wininet

ole32

oleaut32

cabinet

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 22KB - Virtual size: 41KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 22KB - Virtual size: 41KB