b1d4e871ff473320115b50c77502db3e03d063dda34201bc2c30060c33c844d5

Sharing

Copy URL

Twitter E-mail

General

Target

b1d4e871ff473320115b50c77502db3e03d063dda34201bc2c30060c33c844d5
Size

362KB
MD5

08e360bad31ad6d4d827acc5e6814e7f
SHA1

1623f2938e7b1dc287599d3037293ffff92b25fe
SHA256

b1d4e871ff473320115b50c77502db3e03d063dda34201bc2c30060c33c844d5
SHA512

03f9bc521579ee99f59560e04ceec8dda64f1734311766d39609774fa5f613d6196f66cc1f13874c3e43a4d077c3791f46f9f9fadcbd41b6742dd828997ac44c
SSDEEP

6144:6kDu6uSxWL2MwqZrGPTulEKZsNE+26tQnQmNPxBOlOg11B:6kD4SxWLFZATuHZsC+262tNPx8ln5

Score

N/A

Malware Config

Signatures

Files

b1d4e871ff473320115b50c77502db3e03d063dda34201bc2c30060c33c844d5
.exe windows x86

870fac12f00817354d0e89ed6b6a3875

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

HeapAlloc
IsProcessorFeaturePresent
LoadLibraryW
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSize
HeapQueryInformation
HeapFree
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
GetStringTypeW
GetLocaleInfoA
FreeLibrary
VirtualQuery
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
SetStdHandle
CreateFileW
RaiseException
TerminateProcess
GetSystemTime
LocalFree
CreateMutexA
GetModuleHandleA
LocalAlloc
OpenMutexA
LoadLibraryA
EnumSystemCodePagesW
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
HeapCreate
GetDateFormatA
SetLastError
GetModuleHandleW
TlsFree
DecodePointer
GetCurrentThreadId
TlsSetValue
TlsGetValue
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
WideCharToMultiByte
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
InterlockedIncrement
LCMapStringW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetProcessHeap
GetTimeFormatA
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObject
InterlockedDecrement
HeapReAlloc
MultiByteToWideChar
GetCurrentProcess

user32

GetKeyboardLayoutNameA
GetWindow
ActivateKeyboardLayout
GetDialogBaseUnits
DialogBoxParamA
SetMenuItemInfoA
SendMessageW
GetSystemMetrics
GetMenuItemCount
GetMenuStringA
GetMenuItemInfoA
GetCursorPos
GetSysColor
DestroyWindow
PostQuitMessage
GetMenuItemID
GetSubMenu
LoadBitmapA
GetParent
DdeInitializeA
DefFrameProcA
wsprintfA
SendMessageA
BeginPaint
GetDC
GetMenu
OffsetRect
GetMenuItemRect
CheckMenuRadioItem
MessageBoxA
ReleaseDC
GetMenuState
GetDlgItem
EndDialog
DefWindowProcA

gdi32

MoveToEx
BitBlt
GetWindowOrgEx
GetViewportOrgEx
FrameRgn
PatBlt
LineTo
GetWindowExtEx
SetTextColor
DeleteDC
StretchBlt
SetBkColor
DeleteObject
SelectObject
CreateCompatibleDC
DPtoLP
SetMapMode
CreateCompatibleBitmap
GdiSetBatchLimit
CreateBitmapIndirect
GetColorAdjustment
Polyline
CreatePen
SetViewportExtEx
CreateICA
GetViewportExtEx
GetPixel
GetObjectA
GdiComment
CreateSolidBrush
TextOutA
CreateRectRgn

advapi32

LsaFreeMemory
LsaQueryInformationPolicy
LsaNtStatusToWinError

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantClear
SysAllocString

wininet

FtpSetCurrentDirectoryA
InternetOpenA
FtpPutFileA
InternetGetLastResponseInfoA
InternetConnectA

winmm

mmioCreateChunk
mmioWrite
mmioOpenA
mmioClose

crypt32

CertGetNameStringA

shlwapi

StrChrA
StrToIntA
StrTrimA

dnsapi

DnsQuery_W
DnsFree

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

870fac12f00817354d0e89ed6b6a3875

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

winmm

crypt32

shlwapi

dnsapi

Sections

.text Size: 265KB - Virtual size: 264KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 265KB - Virtual size: 264KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 44KB