a6cf74b19cc28a662d9dd7b26b1ea89c23cf34c1fb5c49900d02c43af089927c

Sharing

Copy URL Twitter E-mail

General

Target

a6cf74b19cc28a662d9dd7b26b1ea89c23cf34c1fb5c49900d02c43af089927c
Size

73KB
MD5

b23ee59e03b3dd0cc2ffd06a7a94cc63
SHA1

2978ee1e5ce4df1a3d7d9fbb50b970c5c3c3649e
SHA256

a6cf74b19cc28a662d9dd7b26b1ea89c23cf34c1fb5c49900d02c43af089927c
SHA512

62c889e98bbaa980fd37972bac9a3264632ac2bf0ea1ac97f009a1ed173d3cd367a01db11f37dd347cf6918290b424049f0699a67194c34aab7692f64fb6fddc
SSDEEP

1536:bE2FV2Wz4FHV6IA7G09vRw96NCqmP3wAQdGdUyntHE3Y3K6RC:bXOtEI0Dw96NCqmP3wAmFyG3Y3K

Score

N/A

Malware Config

Signatures

Files

a6cf74b19cc28a662d9dd7b26b1ea89c23cf34c1fb5c49900d02c43af089927c
.exe windows x86

e6b9f4df18a01f55beb53a99ab3af1e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFreeEx
WriteProcessMemory
VirtualAlloc
VirtualAllocEx
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetFileAttributesW
SetFileTime
GetFileTime
CreateFileW
GetWindowsDirectoryW
GetModuleFileNameW
CopyFileW
GetFileAttributesW
CreateDirectoryW
GetLocalTime
WriteFile
SetFilePointer
GlobalUnlock
GlobalLock
WaitForMultipleObjects
GetFileSize
GetFullPathNameW
SetCurrentDirectoryW
VirtualQuery
CreateMutexW
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalFree
GlobalAlloc
LocalAlloc
VirtualFree
lstrcmpiW
ReadProcessMemory
OpenProcess
IsDebuggerPresent
CheckRemoteDebuggerPresent
DeviceIoControl
IsBadReadPtr
WideCharToMultiByte
VirtualQueryEx
GetSystemInfo
MultiByteToWideChar
ResumeThread
SetPriorityClass
GetShortPathNameW
GetComputerNameW
TerminateProcess
MoveFileExW
ExpandEnvironmentStringsW
LoadLibraryW
ReadFile
GetLastError
UnhandledExceptionFilter
GetStartupInfoA
SuspendThread
VirtualProtect
OpenThread
Thread32Next
HeapCreate
Thread32First
HeapFree
HeapAlloc
SetThreadContext
HeapReAlloc
GetThreadContext
lstrcmpiA
DeleteFileW
ExitProcess
GetLogicalDrives
SetErrorMode
GetDriveTypeW
lstrcpyW
lstrlenW
FindFirstFileW
lstrcatW
FindNextFileW
FindClose
Module32NextW
GetTickCount
GetVersionExW
GetEnvironmentVariableW
CreateProcessW
GetProcAddress
GetCurrentThreadId
DeleteFileA
lstrlenA
WaitForSingleObject
CloseHandle
Sleep
ExitThread
GetCurrentProcess
GetProcessId
GetModuleHandleW
GetCurrentProcessId
Module32FirstW

user32

DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
ReleaseDC
DrawIcon
GetIconInfo
GetCursorInfo
GetCursorPos
FindWindowW
SetClipboardViewer
GetSystemMetrics
wsprintfA
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
GetKeyNameTextW
MapVirtualKeyW
GetAsyncKeyState
DefWindowProcW
ChangeClipboardChain
PostMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
ToUnicodeEx
GetKeyState
GetForegroundWindow
GetWindowTextW
CharLowerBuffW
wsprintfW
MessageBoxW

advapi32

RegDeleteValueA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExA
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegQueryValueExA

gdi32

CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
CreateDCW
CreateCompatibleDC
GetDIBits
GetObjectW

shell32

ord680

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

VariantClear

msvcrt

__p__commode
_controlfp
_except_handler3
__set_app_type
__p__fmode
_local_unwind2
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memmove
_wtoi
toupper
wcsncmp
clock
_endthread
_wcsupr
_wcslwr
wcscmp
wcsstr
sscanf
strlen
memcpy
strncmp
strstr
sprintf
_endthreadex
memset
_beginthreadex
atoi
getenv
strncpy
strcpy
wcscat
wcscpy
wcslen
_wgetenv
_wcsicmp
strcat
strtok
wcstok
tolower

ntdll

RtlCreateUserThread
NtOpenProcess
RtlAdjustPrivilege
RtlImageNtHeader

urlmon

URLDownloadToFileA
URLDownloadToFileW

ws2_32

sendto
setsockopt
WSAStartup
inet_addr
getpeername
gethostbyaddr
htons
gethostbyname
socket
connect
closesocket
send
recv
WSASend
inet_ntoa

wininet

HttpSendRequestA
HttpSendRequestW
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpOpenRequestA
InternetConnectA

shlwapi

StrStrIW
PathFindExtensionW

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW
CryptBinaryToStringA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6b9f4df18a01f55beb53a99ab3af1e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shell32

ole32

oleaut32

msvcrt

ntdll

urlmon

ws2_32

wininet

shlwapi

psapi

crypt32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 3KB