f1231aa6e6926be96619266ff11174896b7fd3dd3f6117969f5a4522aa97a8ad

Sharing

Copy URL Twitter E-mail

General

Target

f1231aa6e6926be96619266ff11174896b7fd3dd3f6117969f5a4522aa97a8ad
Size

529KB
MD5

8d8a8944aa16102d041a2526a896bb30
SHA1

88d4a47c4761a3992a2516b91691830d2d82f5f6
SHA256

f1231aa6e6926be96619266ff11174896b7fd3dd3f6117969f5a4522aa97a8ad
SHA512

57b79e694dc814aee3c0b0838ed8d0750b1fc16df6a7fe13de862192cd2887d5badb8086e2b361d5b0ec74b9d844842b8f01a6e6be6dfee0fc485e2bbfdba433
SSDEEP

6144:4d0MpgTt0rtJrnuHjmTcU2b3V0h7FulG7cBmoImpP+vifhgh3i8PRIbWIIt6f9aq:46MpSt0poImpP+vD2W3zhj97jdZYhDLf

Score

N/A

Malware Config

Signatures

Files

f1231aa6e6926be96619266ff11174896b7fd3dd3f6117969f5a4522aa97a8ad
.exe windows x86

10bfac293f53a75993eabb698e546e17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
CryptDestroyHash
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA

custsat

ord5
ord4

gdi32

DeleteDC
CreateDIBitmap
CreatePalette
SelectPalette
SetBkMode
GetDeviceCaps
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
TextOutW
SetTextColor
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
RealizePalette
SetStretchBltMode

kernel32

WriteFile
GetStdHandle
LoadLibraryW
CreateDirectoryW
MoveFileW
LoadLibraryExW
FindResourceExA
GetEnvironmentVariableA
GetModuleFileNameW
CreateFileW
CloseHandle
ReadFile
GetFileSize
FreeResource
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FormatMessageW
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
Sleep
lstrcpynW
VirtualAlloc
VirtualFree
OutputDebugStringW
GlobalLock
GlobalUnlock
HeapSize
HeapReAlloc
HeapDestroy
FindFirstFileW
FindNextFileW
FindClose
GetUserDefaultLCID
GetSystemDefaultLCID
LocalFree
CreateProcessW
UnmapViewOfFile
GlobalAlloc
GlobalFree
CreateFileMappingW
MapViewOfFile
GetFileAttributesA
GetUserDefaultUILanguage
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessA
LoadLibraryA
OpenProcess
DuplicateHandle
CreateMutexA
CreateEventA
CompareFileTime
CreateFileMappingA
AddAtomW
DeleteAtom
FindAtomW
GetModuleHandleW
CopyFileW
GetFileAttributesExW
GetSystemTime
SystemTimeToFileTime
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
GetProcAddress
GetModuleHandleA
GetVersionExA
GetLastError
RaiseException
WideCharToMultiByte
lstrlenW
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
InterlockedExchange
GetFileAttributesW
GetModuleFileNameA
lstrlenA
lstrcpyA
GetCurrentThreadId
MulDiv

mscoree

LockClrVersion
CorBindToRuntimeEx

msvcr80

memcpy
memmove_s
memset
swprintf_s
_wsplitpath_s
_wmakepath_s
_vsnwprintf_s
wcsstr
wcschr
wcscat_s
calloc
_strlwr_s
_ultow_s
memmove
_wfullpath
wcspbrk
_wtoi
_wcslwr_s
_set_purecall_handler
wcsncat_s
isprint
strrchr
_vswprintf_c_l
_vsnprintf_s
_wtol
_mbscmp
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
??_V@YAXPAX@Z
_resetstkoflw
memcpy_s
_recalloc
strncpy_s
sprintf_s
free
wcsrchr
fprintf
_wcsnicmp
_snwprintf_s
wcsncpy_s
_wcsicmp
wcscpy_s
fclose
fgets
fopen_s
strcpy_s
_stricmp
??3@YAXPAX@Z
_callnewh
malloc

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
OleInitialize
CoInitializeSecurity
CoTaskMemRealloc
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoDisconnectObject
CoTaskMemFree
OleUninitialize
IIDFromString
StringFromCLSID

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
VarUI4FromStr
GetActiveObject
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo

shell32

SHGetFolderPathW
SHFileOperationW

shlwapi

PathAddBackslashW
SHDeleteKeyW

user32

LoadBitmapA
GetSystemMetrics
SystemParametersInfoA
LoadStringW
MessageBoxA
CharNextA
UnregisterClassA
GetDesktopWindow
RegisterClassA
UpdateWindow
DrawTextW
DestroyWindow
LoadImageA
LoadIconA
SetForegroundWindow
MessageBoxW
CharNextW
ReleaseDC
GetDC
DefWindowProcA
EndPaint
BeginPaint
SetWindowLongA
GetWindowLongA
CreateWindowExA

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10bfac293f53a75993eabb698e546e17

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

custsat

gdi32

kernel32

mscoree

msvcr80

ole32

oleaut32

shell32

shlwapi

user32

Sections

.text Size: 86KB - Virtual size: 85KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 352KB - Virtual size: 352KB

.vdata Size: 76KB - Virtual size: 76KB

.text
Size: 86KB - Virtual size: 85KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 352KB - Virtual size: 352KB

.vdata
Size: 76KB - Virtual size: 76KB