2bbcf082c39592a55d01ff307aed7a82338de08a46585c7d7e4adb15bc3d3ea8

Sharing

Copy URL Twitter E-mail

General

Target

2bbcf082c39592a55d01ff307aed7a82338de08a46585c7d7e4adb15bc3d3ea8
Size

1.1MB
MD5

9de51c902f1c1747b86dbc5ce69eac11
SHA1

dde9dcf4a4960a002bea5cb444d2751cf4118565
SHA256

2bbcf082c39592a55d01ff307aed7a82338de08a46585c7d7e4adb15bc3d3ea8
SHA512

fbb468451927bf20e6842ac0e226581a7f9af9577cb2cceeafa532a8c8ca88b2eeb998260faf27fb03796462c0946c81f0295fa7a993ad497615d5cc78cc1c06
SSDEEP

24576:tqaXv4FzSM2zEGSqwDFpA98OXHRqnSO/QBZLNaA1xYeMlxWhUprWJWdus/R:tqr5SREywDFpA9XBqnmDNae+eARprgUJ

Score

N/A

Malware Config

Signatures

Files

2bbcf082c39592a55d01ff307aed7a82338de08a46585c7d7e4adb15bc3d3ea8
.exe windows x86

1b70afd36f55a558744a7a31efee15d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

crypt32

CryptUnprotectData
CryptProtectData

gdiplus

GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdiplusStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetOpenW

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
GetCPInfo
GetTimeZoneInformation
ExitThread
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
FindClose
GetFileAttributesW
GetLastError
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetVersion
GetCurrentProcess
OpenProcess
HeapAlloc
GetProcessHeap
CloseHandle
HeapFree
GetCurrentProcessId
GetVolumeInformationW
WideCharToMultiByte
InterlockedDecrement
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetVersionExW
FreeLibrary
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
GetTempPathW
CreateEventW
InitializeCriticalSection
GetCurrentThreadId
SetLastError
FlushInstructionCache
MulDiv
lstrcmpW
SetEvent
GetSystemDefaultLCID
GetLocaleInfoW
RemoveDirectoryW
GetEnvironmentVariableW
GetTickCount
GlobalHandle
OutputDebugStringW
DeleteFileW
ResetEvent
GetExitCodeProcess
GetCommandLineW
LocalFree
GetTempFileNameW
CreateDirectoryW
TerminateProcess
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReadFile
GetStdHandle
WriteFile
WaitForMultipleObjects
CreateFileW
TlsFree
SetFileAttributesW
GetFullPathNameW
lstrlenW
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
GetSystemInfo
VirtualFree
VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFullPathNameA
HeapReAlloc
CreateFileA
CreateMutexW
HeapCompact
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
LoadLibraryW
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
CreateThread
GetLocalTime
VirtualQuery
VirtualProtect
IsDebuggerPresent
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetEnvironmentVariableA
DecodePointer
GetStartupInfoW
ReadConsoleW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
SetFilePointerEx
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetModuleHandleExW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
SetFileTime

user32

EnumWindows
CharUpperW
SystemParametersInfoW
ShowWindow
GetWindowRect
UpdateLayeredWindow
ValidateRect
FindWindowExW
LoadIconW
RegisterClassW
SetLayeredWindowAttributes
CreateDialogIndirectParamW
GetLastInputInfo
GetKeyboardLayoutList
MessageBoxW
PostQuitMessage
GetWindowThreadProcessId
KillTimer
EnableWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
UpdateWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
PostMessageW
EndDialog
SendDlgItemMessageW
MapDialogRect
IsDialogMessageW
SetTimer
SetWindowContextHelpId
UnregisterClassW
CheckMenuRadioItem
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
CharNextW
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
GetDC
InvalidateRect
CallWindowProcW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
ReleaseDC

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
GetStockObject
GetObjectW
CreateDIBSection
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegOpenKeyExW

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoUninitialize
OleInitialize
CLSIDFromString
CoGetClassObject
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
OleLockRunning

oleaut32

VariantClear
VariantCopy
SysAllocString
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VariantInit

comctl32

InitCommonControlsEx

Sections

.text
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b70afd36f55a558744a7a31efee15d9

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

crypt32

gdiplus

version

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 710KB - Virtual size: 710KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 21KB - Virtual size: 47KB

.rsrc Size: 197KB - Virtual size: 197KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 710KB - Virtual size: 710KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 21KB - Virtual size: 47KB

.rsrc
Size: 197KB - Virtual size: 197KB

.reloc
Size: 68KB - Virtual size: 68KB