473c8b3c0a2a1c4b4d1c19dd72892fd7957d8e1f2a78eebd48126e661238a2ba

Sharing

Copy URL Twitter E-mail

General

Target

473c8b3c0a2a1c4b4d1c19dd72892fd7957d8e1f2a78eebd48126e661238a2ba
Size

188KB
MD5

2fa8a5c2e4a74f5ef5e0c9ec67cbcb0a
SHA1

552fb66065e1c56f1c2e3355f54238e93ec22620
SHA256

473c8b3c0a2a1c4b4d1c19dd72892fd7957d8e1f2a78eebd48126e661238a2ba
SHA512

2180594aec5f3c04b89647623e2764fd81685d69504b85740419dac1595b6c50cf6f412497bb6bf5df287b21f92dd4d6e33750457521a7ff694773aef4293140
SSDEEP

3072:WVeClABz7IL5WVHXEcB+dDsYBSY+v7kmbmOTB2JolDnspxDnspaVXw:TCl5Vm3E7uYQHIWXB2JohgZVX

Score

N/A

Malware Config

Signatures

Files

473c8b3c0a2a1c4b4d1c19dd72892fd7957d8e1f2a78eebd48126e661238a2ba
.exe windows x86

2408944d70a9c719d038d9353327d483

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
FindClose
FindFirstFileA
ExitProcess
OpenEventA
CreateMutexA
CopyFileA
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LocalReAlloc
LocalSize
GlobalMemoryStatusEx
WinExec
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
CreateRemoteThread
GetModuleHandleA
OpenProcess
FreeLibrary
GetDiskFreeSpaceExA
GetDriveTypeA
RaiseException
ReadFile
LocalAlloc
LocalFree
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
WriteFile
GetTempPathA
GetTickCount
MoveFileExA
SetFileAttributesA
GetSystemDirectoryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
CreateThread
TerminateThread
lstrcpyA
GetWindowsDirectoryA
lstrcatA
GetStartupInfoA
CreateProcessA
GetFileAttributesA
GetLastError
MoveFileA
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
LoadLibraryA
lstrcpyW

user32

GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
GetCursorInfo
GetMessageA
PostThreadMessageA
GetInputState
RegisterClassA
LoadIconA
OpenClipboard
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
IsWindow
CreateWindowExA
PostMessageA
OpenDesktopA
wsprintfA
EmptyClipboard
GetWindowTextA
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
MessageBoxA
keybd_event
SystemParametersInfoA
SendMessageA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowThreadProcessId

gdi32

GetStockObject
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegDeleteKeyA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
QueryServiceStatus
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCloseKey
RegSetValueExA
RegCreateKeyA
DeleteService
OpenServiceA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
ControlService

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

rand
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
_snprintf
_beginthreadex
atol
_mbscmp
_mbsstr
wcscpy
wcstombs
wcslen
mbstowcs
_errno
strncpy
strncmp
??0exception@@QAE@ABQBD@Z
atoi
realloc
strcat
strncat
exit
strrchr
sprintf
_except_handler3
free
strcmp
strcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memcpy
memmove
ceil
_ftol
strlen
strstr
memcmp
strchr
malloc

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

avicap32

capGetDriverDescriptionA

msvfw32

ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameStart
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICOpen

iphlpapi

GetIfTable

netapi32

NetUserDel
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum
NetUserSetInfo
NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSLogoffSession
WTSQuerySessionInformationA
WTSDisconnectSession
WTSEnumerateSessionsA

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2408944d70a9c719d038d9353327d483

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

urlmon

wininet

avicap32

msvfw32

iphlpapi

netapi32

wtsapi32

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 13KB - Virtual size: 28KB

.rsrc Size: 63KB - Virtual size: 64KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 13KB - Virtual size: 28KB

.rsrc
Size: 63KB - Virtual size: 64KB