5db70bdd0718675ec97ed2b42beaf002551c71a1c50d3303f9e6122cf1491642

Sharing

Copy URL Twitter E-mail

General

Target

5db70bdd0718675ec97ed2b42beaf002551c71a1c50d3303f9e6122cf1491642
Size

756KB
MD5

a168237c1a7350d0c2ff3c7bc60adee6
SHA1

4f77738c663d3343472ca5cdaf0d3bf5bad011b8
SHA256

5db70bdd0718675ec97ed2b42beaf002551c71a1c50d3303f9e6122cf1491642
SHA512

5dbfe1ac9eddc9456317103d38bc0ccffdae5d1b15650aa2105e24e60817dcc6e15338425ec3cea0db4ddb12c03a9e1fd9490b09edf00927ded686311c876b37
SSDEEP

12288:4c1ruRnF4kxqKJqnifm5J+Yb4hrtoRF7NURh95MN6rBNDWDFoSRI/W/:4c4X4kxqKJqnemHRF7NULMGBNaoSN

Score

N/A

Malware Config

Signatures

Files

5db70bdd0718675ec97ed2b42beaf002551c71a1c50d3303f9e6122cf1491642
.exe windows x86

94e08eab779e2e7913c8f1cf143d47b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
CreateServiceA
OpenServiceA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenSCManagerA
QueryServiceConfigA
DeleteService
RegCreateKeyA
RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
RegQueryValueA
LookupPrivilegeValueA
FreeSid
ControlService
RegQueryInfoKeyA
SetSecurityDescriptorDacl
CloseServiceHandle
RegDeleteKeyA
GetUserNameA
InitializeSecurityDescriptor
RegEnumKeyA
RegCloseKey
RegOpenKeyA
StartServiceA
OpenThreadToken
RegSetValueExA

comctl32

DestroyPropertySheetPage
ImageList_SetBkColor
ImageList_DragLeave
ImageList_Remove
ImageList_DragShowNolock
ImageList_Create
ImageList_GetIcon
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Replace
ImageList_ReplaceIcon
ImageList_LoadImageA
ord17
ImageList_DragMove
PropertySheetA
CreatePropertySheetPageA
ImageList_AddMasked
InitCommonControlsEx
ImageList_DragEnter
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Add
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw

oleaut32

LoadTypeLi

kernel32

GlobalSize
FlushInstructionCache
MulDiv
HeapFree
GetModuleHandleA
GlobalUnlock
GetConsoleMode
DeleteFileA
GetStringTypeExA
lstrcmpiA
GetCommandLineA
GetFileType
CopyFileA
UnlockFile
GetCurrentDirectoryA
IsDBCSLeadByte
VirtualQuery
RaiseException
SetFilePointer
GetFileInformationByHandle
GlobalFree
OpenEventA
MoveFileA
GetLastError
IsDebuggerPresent
GlobalAlloc
lstrcpyA
GetCPInfo
LocalFree
FindFirstFileA
ReleaseMutex
LocalAlloc
InterlockedIncrement
FreeLibrary
GetProcessHeap
CreatePipe
VirtualFree
GetProcAddress
RtlUnwind
GetThreadLocale
EnterCriticalSection
SetHandleCount
GetConsoleCP
SetEnvironmentVariableA
LoadLibraryA
IsBadWritePtr
HeapAlloc
GetSystemDirectoryA
GetVersionExA
GlobalHandle
HeapReAlloc
GetEnvironmentStringsW
FindClose
lstrlenW
FileTimeToLocalFileTime
HeapDestroy
FindNextFileA
SuspendThread
GetModuleHandleW
LoadLibraryW
GetUserDefaultLCID
TlsGetValue
SizeofResource
GetLocalTime
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
CloseHandle
SetEndOfFile
LCMapStringA
ExitThread
GetDateFormatA
GetFileAttributesA
CreateMutexA
CreateFileW
SystemTimeToFileTime
TerminateProcess
GetTempPathA
GetLocaleInfoW
GlobalLock
FormatMessageA
LocalFileTimeToFileTime
GetModuleFileNameA
GlobalDeleteAtom
GetACP
lstrcatA
WinExec
DeviceIoControl
FlushFileBuffers
CreateProcessA
CreateDirectoryA
WriteConsoleA
lstrcpynA
GetTimeFormatA
ReadFile
CompareStringA
GetFullPathNameA
lstrlenA
CreateThread
SetStdHandle
GetCurrentProcessId
IsBadReadPtr
GetFileSize
LoadLibraryExA
SetErrorMode
GetStringTypeA
LockFile
WriteConsoleW
SetEvent
DuplicateHandle
FreeEnvironmentStringsA
ExitProcess
HeapSize
LCMapStringW
WaitForSingleObject
InitializeCriticalSection
FreeEnvironmentStringsW
VirtualAlloc
SetLastError
UnmapViewOfFile
GetDriveTypeA
CompareStringW
GetFileAttributesW
CreateFileMappingA
FileTimeToSystemTime
InterlockedCompareExchange
GetVersion
GetExitCodeThread
MultiByteToWideChar
GetVolumeInformationA
GetSystemTime
DeleteCriticalSection
GetStringTypeW
LeaveCriticalSection
TlsSetValue
GetFileTime
HeapCreate
Sleep
WideCharToMultiByte
GetOEMCP
TlsAlloc
GetCurrentThreadId
GetCurrentThread
QueryPerformanceFrequency
TerminateThread
GetCurrentProcess
LoadResource
GetStartupInfoA
GetSystemTimeAsFileTime
InterlockedDecrement
SetFileAttributesA
IsValidCodePage
OutputDebugStringA
CreateFileA
FileTimeToDosDateTime
ResetEvent
TlsFree
MapViewOfFile
GetStdHandle
QueryPerformanceCounter
GetTickCount
UnhandledExceptionFilter
GetLocaleInfoA
lstrcmpA
GlobalReAlloc
GetTimeZoneInformation
InterlockedExchange
GetUserDefaultLangID
GetConsoleOutputCP
GetEnvironmentStrings
WriteFile

gdi32

Polyline
GetObjectA
GetNearestColor
CreateFontIndirectA
DeleteObject
CreateRoundRectRgn
DeleteDC
CreatePalette
Rectangle
StretchBlt
GetObjectType
OffsetViewportOrgEx
SetPixel
BitBlt
GetDeviceCaps
CreateDCA
SetBkMode
GetViewportOrgEx
Ellipse
Escape
RectVisible
GetROP2
RoundRect
GetTextCharsetInfo
SetRectRgn
SetAbortProc
ExcludeClipRect
SelectObject
GetWindowExtEx
SetMapMode
GetWindowOrgEx
CreateHatchBrush
GetPixel

shell32

SHGetMalloc
SHGetSpecialFolderPathA
DragQueryFileA
DragAcceptFiles
SHGetPathFromIDListA
SHFileOperationA
DragFinish
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
SHGetDesktopFolder
ShellExecuteA

user32

RegisterClassExA
EndDialog
GetDC
GetScrollPos
ClientToScreen
SetRectEmpty
RemovePropA
GetCapture
SetScrollRange
TranslateMessage
FillRect
ShowWindow
GetScrollInfo
GetWindowRect
LoadIconA
LoadBitmapA
IsMenu
PostQuitMessage
GetWindow
DestroyWindow
GetClientRect
DrawStateA
MapWindowPoints
EmptyClipboard
SetTimer
GrayStringA
IsIconic
FindWindowA
IsWindowEnabled
CreateAcceleratorTableA
SetActiveWindow
DrawFocusRect
RegisterClassA
SendMessageA
DestroyCaret
LoadStringA
DrawTextA
GetSystemMetrics
GetFocus
CreateDialogParamA
GetClassInfoExA
SetCapture
SendDlgItemMessageA
DefWindowProcA
UnionRect
GetWindowTextLengthA
GetWindowThreadProcessId
GetParent
DestroyIcon
MessageBoxA
MessageBeep
CreateMenu
TranslateAcceleratorA
PtInRect
GetKeyState
DestroyAcceleratorTable
SetWindowsHookExA
GetDlgItem
CreateWindowExA

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94e08eab779e2e7913c8f1cf143d47b5

Headers

File Characteristics

Imports

advapi32

comctl32

oleaut32

kernel32

gdi32

shell32

user32

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 467KB - Virtual size: 467KB

.data Size: 102KB - Virtual size: 130KB

.rsrc Size: 79KB - Virtual size: 78KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 467KB - Virtual size: 467KB

.data
Size: 102KB - Virtual size: 130KB

.rsrc
Size: 79KB - Virtual size: 78KB