057b28537d05590a1388ce6eed9e330af528cbd99029828fcb74155f4d3b4cd5

Sharing

Copy URL Twitter E-mail

General

Target

057b28537d05590a1388ce6eed9e330af528cbd99029828fcb74155f4d3b4cd5
Size

1.3MB
MD5

4be7ce943b9d77dd99dda5662fadefe5
SHA1

205622253ef66dd3ee22d4f5499f211a8597196a
SHA256

057b28537d05590a1388ce6eed9e330af528cbd99029828fcb74155f4d3b4cd5
SHA512

03448989903fb30dca4d4dde743e3987c040394a58048830c2dbe5335d2aafa2a61dbcd92ac2f84e80544b281dd00d5a48d6b39b2cb36d0bf07d2e7cb0706fd9
SSDEEP

12288:2EHU0Zv5bTOrh28B8GJbacRB8vqA5ke4h6hze1VBzpOPSv6747/sm18zi7jpt/O6:5bRHoNOD5Hhwi72/smGzi7t0qtaquA5h

Score

N/A

Malware Config

Signatures

Files

057b28537d05590a1388ce6eed9e330af528cbd99029828fcb74155f4d3b4cd5
.exe windows x86

8390a3555d8f97582fe2a1bc86e576d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapUserPhysicalPages
GetPrivateProfileStringW
OpenProcess
GetNumberFormatW
ContinueDebugEvent
MapViewOfFileEx
GetPrivateProfileStructA
GetConsoleAliasExesLengthW
Module32FirstW
GetDriveTypeA
CreateWaitableTimerW
GetConsoleAliasA
SetCalendarInfoA
SetSystemPowerState
FindResourceA
GetCurrentProcess
GetCurrencyFormatW
WideCharToMultiByte
ReadProcessMemory
GetCalendarInfoA
LocalReAlloc
GetCPInfoExA
GetConsoleScreenBufferInfo
GetLongPathNameA
GetProcessVersion
ReleaseMutex
GetShortPathNameA
CreateSemaphoreA
GetTempFileNameW
SetConsoleOutputCP
ChangeTimerQueueTimer
SetUnhandledExceptionFilter
GetCPInfoExW
CreateFileMappingA
GetDriveTypeW
FlushViewOfFile
SetCurrentDirectoryA
GetPrivateProfileStringA
GetHandleInformation
GetSystemDirectoryA
IsBadWritePtr
GetEnvironmentVariableW
GetLogicalDrives
GetPrivateProfileSectionW
GetTempPathA
GetCurrentThread
GetQueuedCompletionStatus
OpenSemaphoreW
FreeEnvironmentStringsA
GlobalReAlloc
GetWindowsDirectoryA
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetTempPathW
OpenMutexA
LoadResource
DeleteAtom
ExpandEnvironmentStringsW
FlushConsoleInputBuffer
GetModuleFileNameA
CancelWaitableTimer
CreateEventW
GetStringTypeW
GetVolumeInformationA
EnumCalendarInfoExW
GetProfileIntW
CreateJobObjectW
OpenFileMappingA
GetDevicePowerState
GetConsoleAliasesW
DeleteVolumeMountPointA
GetModuleHandleW
GetCurrentDirectoryA
GetConsoleWindow
IsSystemResumeAutomatic
GetSystemWindowsDirectoryW
GetDateFormatW
GetLocaleInfoA
SetTapePosition
GetLongPathNameW
ConvertDefaultLocale
GetCompressedFileSizeA
GetPrivateProfileIntA
ResumeThread
VerifyVersionInfoW
SetErrorMode
SwitchToThread
FindFirstVolumeW
LCMapStringW
MoveFileWithProgressW
GetVersion
GetBinaryTypeW
GetPrivateProfileSectionNamesW
MapViewOfFile
GetNumberOfConsoleInputEvents
GetNamedPipeHandleStateA
SetHandleInformation
GetTimeFormatW
SetLocaleInfoA
SetThreadAffinityMask
SetProcessAffinityMask
SetInformationJobObject
RemoveDirectoryA
GetLocaleInfoW
GetProfileSectionW
GetDiskFreeSpaceA
SetEnvironmentVariableA
LCMapStringA
GetNamedPipeHandleStateW
FindNextFileA
FlushFileBuffers
FreeEnvironmentStringsW
IsDebuggerPresent
CreateEventA
DeviceIoControl
GetFullPathNameW
MapUserPhysicalPagesScatter
FindFirstFileW
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetLogicalDriveStringsA
ConvertThreadToFiber
GetConsoleAliasExesA
DefineDosDeviceW
GetConsoleAliasesA
OpenWaitableTimerA
FindFirstVolumeMountPointA
SetConsoleActiveScreenBuffer
CreateNamedPipeW
FlushInstructionCache
SearchPathA
SetConsoleTextAttribute
GetStringTypeExA
FormatMessageA
GetNamedPipeInfo
SetComputerNameExW
GetProcessIoCounters
Module32NextW
FindResourceW
FreeUserPhysicalPages
OpenSemaphoreA
GetFileTime
GetCurrencyFormatA
GetPrivateProfileIntW
CompareStringW
GetOEMCP
BindIoCompletionCallback
IsDBCSLeadByteEx
OpenThread
GetPrivateProfileStructW
WritePrivateProfileStringW
FoldStringW
SetStdHandle
CreateFileW
TlsGetValue
GetConsoleMode
WaitForSingleObjectEx
QueryPerformanceFrequency
CreateTimerQueue
CreateJobObjectA
MultiByteToWideChar
GetConsoleAliasExesLengthA
SetThreadLocale
lstrcatA
GetProfileStringW
GetFileSizeEx
SetEndOfFile
GetSystemDefaultLCID
CreateTapePartition
CreateProcessW
DnsHostnameToComputerNameW
GetCalendarInfoW
FindFirstVolumeA
ExpandEnvironmentStringsA
LockFile
GetCurrentConsoleFont
CreateProcessA
WriteConsoleW
CreateDirectoryExW
GetPriorityClass
OpenEventA
DefineDosDeviceA
GetFileInformationByHandle
GetStringTypeExW
GetFileAttributesExW
SetSystemTimeAdjustment
MulDiv
CreateHardLinkW
SetThreadExecutionState
IsValidLocale
GetEnvironmentVariableA
IsProcessorFeaturePresent
GetPrivateProfileSectionNamesA
OpenJobObjectA
lstrcpynA
SetNamedPipeHandleState
SetFileTime
ReleaseSemaphore
GetMailslotInfo
CreateNamedPipeA
GetFileSize
GetSystemDirectoryW
GetFileAttributesExA
SetThreadPriorityBoost
GetFileType
GetStringTypeA
SetPriorityClass
PeekNamedPipe
GetVolumePathNameW
MoveFileWithProgressA
CompareStringA
DnsHostnameToComputerNameA
FindAtomA
OpenFileMappingW
GetBinaryTypeA
SetThreadPriority
GetDiskFreeSpaceExW
PrepareTape
DisconnectNamedPipe
VerSetConditionMask
GetACP
SetCurrentDirectoryW
GetFileAttributesW
CreateMutexW
SetComputerNameExA
PostQueuedCompletionStatus
GetEnvironmentStrings
SetWaitableTimer
FindAtomW
VirtualAlloc
CopyFileW
OpenWaitableTimerW
GetVolumePathNameA
GetProfileSectionA
DeleteTimerQueue
SetFileAttributesA
GetAtomNameW
DosDateTimeToFileTime
CreateDirectoryA
GetTimeFormatA
Toolhelp32ReadProcessMemory
ReplaceFileW
AddAtomW
SetConsoleMode
SetConsoleCP
GetProcessPriorityBoost

rpcrt4

NdrConformantArrayMarshall
RpcBindingInqAuthInfoExW
RpcBindingVectorFree
NdrClientCall
NdrAsyncServerCall
UuidEqual
IUnknown_Release_Proxy
RpcEpRegisterNoReplaceW
RpcServerUseProtseqEpW
NdrConformantStringUnmarshall
IUnknown_QueryInterface_Proxy
NdrClientInitializeNew
RpcMgmtWaitServerListen
RpcSsGetContextBinding
RpcGetAuthorizationContextForClient
RpcServerRegisterAuthInfoW
UuidToStringA
MesDecodeBufferHandleCreate
NdrAsyncClientCall
RpcMgmtEnableIdleCleanup
RpcAsyncInitializeHandle
RpcErrorGetNumberOfRecords
RpcErrorLoadErrorInfo
MesEncodeDynBufferHandleCreate
NdrMesTypeEncode2
NdrMesTypeAlignSize2
RpcServerTestCancel
NdrSimpleStructBufferSize
RpcAsyncCompleteCall
RpcStringBindingComposeA
RpcServerUnregisterIf
RpcCancelThread
NdrOleAllocate
RpcServerUseProtseqEpA
NdrMesTypeDecode2
RpcBindingFromStringBindingW
UuidCreateNil
UuidHash
UuidFromStringA
RpcMgmtEpEltInqBegin
MesEncodeFixedBufferHandleCreate
RpcStringFreeA
NdrGetDcomProtocolVersion
NdrConformantArrayBufferSize
NDRCContextBinding
RpcStringBindingComposeW
RpcSsDestroyClientContext
NdrStubCall2
RpcMgmtIsServerListening
RpcMgmtSetCancelTimeout
NdrOleFree
NdrServerInitialize
RpcMgmtStopServerListening
RpcBindingInqAuthInfoA
RpcEpRegisterA
RpcEpUnregister

user32

GetAltTabInfoA
GetFocus
GetMenuItemInfoW
DialogBoxIndirectParamW
wvsprintfW
MessageBoxW
InflateRect
GetWindowTextW
GetKeyboardState
SystemParametersInfoA
SetWindowRgn
CloseClipboard
GetKeyboardLayout
IsWindowEnabled
GetDCEx
WaitMessage
SetDlgItemInt
DrawFrameControl
GetParent
GetProcessWindowStation
GetActiveWindow
SetDlgItemTextW
IsWindowVisible
RegisterWindowMessageW
ShowCaret
TrackPopupMenuEx
LockWindowUpdate
GetPropA
GetClassNameW
CallWindowProcW
GetWindowLongW
LoadIconA
PeekMessageW
DrawEdge
CharToOemBuffA
LoadCursorA
WinHelpA
EnumDisplayDevicesW
NotifyWinEvent
PostMessageA
CharPrevA
FindWindowW
SetWindowTextW
LoadStringW
GetDlgCtrlID
CharPrevW
GetMenuStringW
PostQuitMessage
SendMessageA
DestroyWindow

comctl32

ImageList_Add
ImageList_DragMove
ImageList_DrawEx
CreatePropertySheetPageW
ImageList_GetImageCount
ImageList_DragEnter
ImageList_SetBkColor
DestroyPropertySheetPage
ImageList_GetDragImage
ImageList_Draw
ImageList_GetIconSize
FlatSB_GetScrollInfo
PropertySheetA
ImageList_SetIconSize
ImageList_EndDrag
ImageList_Remove
ImageList_LoadImageA
ImageList_DragLeave
FlatSB_SetScrollProp
ImageList_GetIcon
ImageList_Create
ImageList_Write
ImageList_DrawIndirect
ImageList_Replace
ImageList_Read
ImageList_LoadImageW
ImageList_BeginDrag
FlatSB_SetScrollPos
CreatePropertySheetPageA
ord17
FlatSB_GetScrollPos
ImageList_GetBkColor
ImageList_Copy
ImageList_SetDragCursorImage
ImageList_SetOverlayImage
CreateStatusWindowW
ImageList_SetImageCount
ImageList_Destroy
CreateToolbarEx
InitializeFlatSB
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx
ImageList_ReplaceIcon
FlatSB_SetScrollInfo
PropertySheetW
ImageList_GetImageInfo
ImageList_DragShowNolock

advapi32

RegQueryValueExA
RegEnumKeyW
RegSetKeySecurity
SetTokenInformation
InitializeSecurityDescriptor
LsaQueryInformationPolicy
RegQueryMultipleValuesA
CloseServiceHandle
RegQueryInfoKeyA
CryptGetHashParam
RegNotifyChangeKeyValue
AddAccessDeniedAce
EqualSid
CryptHashData
MakeSelfRelativeSD
ChangeServiceConfigW
CryptReleaseContext
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetUserNameW
AdjustTokenPrivileges
CreateProcessAsUserW
SetFileSecurityW
LsaFreeMemory
RegQueryValueExW
CryptGenRandom
CryptDestroyHash
RegEnumKeyExA
IsValidSecurityDescriptor
GetSidSubAuthority
RegCreateKeyExW
RegSetValueExA
AreAllAccessesGranted
RegSetValueExW
AddAccessAllowedAce
AreAnyAccessesGranted
GetSidLengthRequired
RegSetValueA
AddAuditAccessAce
GetKernelObjectSecurity
GetSidSubAuthorityCount
RegSetValueW
RegQueryMultipleValuesW
RegCreateKeyExA
SetKernelObjectSecurity
GetSidIdentifierAuthority
InitializeAcl
GetCurrentHwProfileW
GetTokenInformation
GetCurrentHwProfileA
AddAce
CopySid
RegEnumKeyExW
DeregisterEventSource
SetThreadToken
LsaOpenPolicy
GetAce
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBindToParent
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetDesktopFolder
SHGetFolderPathW
SHGetMalloc
SHBrowseForFolderW
CommandLineToArgvW
SHFileOperationW
SHChangeNotify

ole32

WriteClassStm
CLSIDFromProgID
CoTreatAsClass
HACCEL_UserSize
CoAddRefServerProcess
OleCreateFromData
CLIPFORMAT_UserFree
CoGetStandardMarshal
CoUnmarshalInterface
OleLockRunning
CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
MkParseDisplayName
GetHGlobalFromStream
OleQueryLinkFromData
OleRegEnumFormatEtc
CreateStreamOnHGlobal
CoGetCallContext
CoGetMarshalSizeMax
CoGetSystemSecurityPermissions
PropVariantClear
CoUnmarshalHresult
OleSaveToStream
STGMEDIUM_UserUnmarshal
WriteClassStg
CoLoadLibrary
HDC_UserUnmarshal
OleConvertOLESTREAMToIStorageEx
CreateDataAdviseHolder
CoSwitchCallContext
CoInitializeEx
OleTranslateAccelerator
STGMEDIUM_UserSize
WriteFmtUserTypeStg
CoRegisterInitializeSpy
HMENU_UserUnmarshal
CoQueryClientBlanket
StgConvertVariantToProperty
HBITMAP_UserFree
CoRevokeInitializeSpy
CoRegisterMessageFilter
CoDisableCallCancellation
HPALETTE_UserSize
OleDuplicateData
StgIsStorageILockBytes
GetHGlobalFromILockBytes
HDC_UserMarshal
HICON_UserSize
CoCreateGuid
DcomChannelSetHResult
StgOpenPropStg
MonikerRelativePathTo
OleRegGetUserType
OleCreateStaticFromData
CoGetObjectContext

oleaut32

SysReAllocStringLen
VariantClear
SafeArrayCreate
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayGetLBound
SetErrorInfo
SafeArrayGetUBound
GetActiveObject
SafeArrayPtrOfIndex
VariantCopyInd
VariantCopy
SysFreeString
VariantChangeTypeEx
VariantInit
GetErrorInfo
VariantChangeType

Sections

.text
Size: 957KB - Virtual size: 957KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.em3l
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0kn
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eai9c
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jr5
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.b1gru
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3rsp
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d398l
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8wctl
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p18l
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zobg
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8390a3555d8f97582fe2a1bc86e576d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 957KB - Virtual size: 957KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 37KB - Virtual size: 292KB

.em3l Size: 5KB - Virtual size: 5KB

.0kn Size: 2KB - Virtual size: 2KB

.eai9c Size: 24KB - Virtual size: 24KB

.jr5 Size: 18KB - Virtual size: 18KB

.b1gru Size: 30KB - Virtual size: 30KB

.3rsp Size: 26KB - Virtual size: 26KB

.d398l Size: 20KB - Virtual size: 20KB

.8wctl Size: 24KB - Virtual size: 23KB

.p18l Size: 17KB - Virtual size: 17KB

.zobg Size: 21KB - Virtual size: 20KB

.rsrc Size: 93KB - Virtual size: 93KB

.text
Size: 957KB - Virtual size: 957KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 37KB - Virtual size: 292KB

.em3l
Size: 5KB - Virtual size: 5KB

.0kn
Size: 2KB - Virtual size: 2KB

.eai9c
Size: 24KB - Virtual size: 24KB

.jr5
Size: 18KB - Virtual size: 18KB

.b1gru
Size: 30KB - Virtual size: 30KB

.3rsp
Size: 26KB - Virtual size: 26KB

.d398l
Size: 20KB - Virtual size: 20KB

.8wctl
Size: 24KB - Virtual size: 23KB

.p18l
Size: 17KB - Virtual size: 17KB

.zobg
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 93KB - Virtual size: 93KB