2173115656b0f1ab9b5e523608aa63babf88500b6b598e6eba4d16ae1f42aa6c

Sharing

Copy URL Twitter E-mail

General

Target

2173115656b0f1ab9b5e523608aa63babf88500b6b598e6eba4d16ae1f42aa6c
Size

1.8MB
MD5

0ed1036c0b1fad7ee3e399906b953959
SHA1

17bde9f9ed3aa9fbf8adfec1a62c5a3b8809a6c3
SHA256

2173115656b0f1ab9b5e523608aa63babf88500b6b598e6eba4d16ae1f42aa6c
SHA512

b67f198edaa640be7f7625c45ff71ef10e570e1d529e86edb356e323e1121a6e5f6415c986f45b619a84339b42eba2839a6151c15480d8e6c95a88e3a1833b0c
SSDEEP

24576:4V/A+/tN7bgsGSWSExjqsAHiWXENISPrx2+:2rbn9WgiyIISPrz

Score

N/A

Malware Config

Signatures

Files

2173115656b0f1ab9b5e523608aa63babf88500b6b598e6eba4d16ae1f42aa6c
.exe windows x86

ec4802342a0f441bd058d09ec2f3d7bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
DnsHostnameToComputerNameA
GetLongPathNameW
CreateMutexW
SetThreadExecutionState
HeapSize
SetPriorityClass
MoveFileW
GetUserDefaultLangID
FoldStringA
ProcessIdToSessionId
GetConsoleAliasExesW
GetPrivateProfileStructA
CopyFileExW
CopyFileA
LoadResource
GetProfileSectionW
SwitchToThread
GetTempPathW
GetStdHandle
CreateSemaphoreW
FormatMessageA
TerminateThread
GetNamedPipeHandleStateW
CreateProcessW
GetShortPathNameA
GetStringTypeA
GetModuleFileNameW
GetFileInformationByHandle
GetEnvironmentVariableW
CreateDirectoryW
GetTimeFormatA
OpenEventW
GetLogicalDrives
LCMapStringW
GetConsoleAliasExesLengthW
Module32First
PeekNamedPipe
GetNumberFormatW
GetEnvironmentVariableA
GetCompressedFileSizeA
GetSystemDefaultLCID
BindIoCompletionCallback
CreateToolhelp32Snapshot
PrepareTape
GetMailslotInfo
GlobalUnlock
GetProcessWorkingSetSize
ChangeTimerQueueTimer
GetPrivateProfileIntW
OpenSemaphoreW
GetCurrentProcess
GetBinaryTypeA
PostQueuedCompletionStatus
TryEnterCriticalSection
FindAtomW
DosDateTimeToFileTime
CopyFileExA
VerSetConditionMask
DuplicateHandle
CreateMailslotW
GetACP
FlushViewOfFile
ExpandEnvironmentStringsA
GetConsoleAliasA
GetCalendarInfoW
GetConsoleAliasesA
FindFirstFileExA
GetPrivateProfileStringW
ReplaceFileA
GetDiskFreeSpaceExW
GetConsoleMode
CompareStringA
QueryInformationJobObject
GetLogicalDriveStringsW
GetLocaleInfoW
DefineDosDeviceW
MapViewOfFile
AreFileApisANSI
FindVolumeClose
GetStringTypeW
MultiByteToWideChar
HeapReAlloc
HeapAlloc
RtlUnwind
IsValidCodePage
GetCPInfo
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
WriteFile
IsProcessorFeaturePresent
DecodePointer
ExitProcess
GetProcAddress
SetUnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
OpenJobObjectW
GetEnvironmentStrings
DeleteAtom
GetConsoleAliasW
CreateHardLinkW
GetNamedPipeInfo
EraseTape
CompareFileTime
DisconnectNamedPipe
ConvertDefaultLocale
GetNamedPipeHandleStateA
GetThreadPriority
SetComputerNameExA
EnumCalendarInfoExW
GetSystemDefaultUILanguage
GetCurrencyFormatA
GetFullPathNameW
GetDiskFreeSpaceW
GetFileSize
CompareStringW
GetVolumeInformationW
GetUserDefaultLCID
FlushInstructionCache
GetTempPathA
OpenFileMappingW
EnumCalendarInfoW
GetPrivateProfileSectionNamesW
GetConsoleCursorInfo
GetPrivateProfileSectionA
GetFileAttributesExA
GetOEMCP
GetThreadTimes
GetProcessVersion
FreeResource
GetUserDefaultUILanguage
AssignProcessToJobObject
SetEndOfFile
SetTapePosition
OpenWaitableTimerW
GetTimeFormatW
SetCalendarInfoA
FreeEnvironmentStringsA
GetVersion
Module32Next
SetProcessAffinityMask
FindAtomA
GetDiskFreeSpaceExA
SetProcessPriorityBoost
OpenFileMappingA
OpenThread
CreateHardLinkA
GetModuleHandleW
EnumCalendarInfoA
SetSystemPowerState
GetProcessIoCounters
GetLocaleInfoA
ResetEvent
GetCurrentConsoleFont
GetShortPathNameW
VirtualAlloc
GetConsoleAliasExesA
GetSystemWindowsDirectoryA
CreateFileMappingW
FindResourceW
SetConsoleDisplayMode
DeleteTimerQueue
SetConsoleOutputCP
GetPrivateProfileStructW
GetCurrencyFormatW
DeleteTimerQueueTimer
SetWaitableTimer
GetPrivateProfileStringA
CreateDirectoryExW
CreateJobObjectA
CreateDirectoryA
ReplaceFileW
GetWindowsDirectoryA
GetVolumeNameForVolumeMountPointA
GetSystemDirectoryA
GetPriorityClass
FlushConsoleInputBuffer
CopyFileW
IsDBCSLeadByte
OpenJobObjectA

rpcrt4

NdrConformantArrayUnmarshall
UuidToStringW
NdrServerCall2
RpcServerUnregisterIf
RpcSmDestroyClientContext
NdrStubCall2
IUnknown_QueryInterface_Proxy
NdrUserMarshalUnmarshall
RpcCancelThread
MesEncodeFixedBufferHandleCreate
RpcServerRegisterIf2
RpcServerUseProtseqA
RpcServerUseProtseqW
IUnknown_Release_Proxy
MesHandleFree
RpcBindingVectorFree
RpcServerYield
MesDecodeIncrementalHandleCreate
RpcServerUseProtseqEpW
RpcMgmtSetComTimeout
RpcStringBindingParseW
UuidHash
MesDecodeBufferHandleCreate
RpcCertGeneratePrincipalNameA
RpcRevertToSelfEx
RpcStringBindingParseA
RpcServerRegisterAuthInfoW
UuidFromStringA
RpcStringBindingComposeW
RpcEpRegisterW
RpcServerUseProtseqExW
UuidCreate
I_RpcBindingInqTransportType
RpcMgmtSetCancelTimeout
NdrConformantStringBufferSize
RpcErrorAddRecord
RpcServerInqCallAttributesA
RpcBindingFree
RpcSsContextLockExclusive
RpcServerRegisterIf
RpcMgmtStatsVectorFree
RpcServerRegisterAuthInfoA
RpcServerListen

user32

IntersectRect
LockWindowUpdate
GetMessagePos
PostMessageA
RegisterDeviceNotificationW
MapDialogRect
EnumDisplayDevicesW
CreateMenu
GetAltTabInfoA
PeekMessageA
LoadMenuA
SetWindowsHookExA
SetFocus
SetWindowLongW
CloseWindowStation
NotifyWinEvent
GetScrollInfo
SetMenuDefaultItem
OpenDesktopW
SendMessageTimeoutW
PeekMessageW
MapVirtualKeyW
CreateWindowExW
CharLowerW
SetForegroundWindow
LoadBitmapA
SetWindowRgn
DialogBoxParamA
UnregisterClassA
EnumChildWindows
SendInput

comctl32

ord17
ImageList_LoadImageW
ImageList_DragLeave
ImageList_Create
ImageList_GetDragImage
ImageList_DragShowNolock
PropertySheetA
ImageList_Copy
ImageList_EndDrag
ImageList_DrawEx
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_DrawIndirect
ImageList_Draw
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Write
ImageList_DragEnter
CreateStatusWindowW
ImageList_GetBkColor
ImageList_SetImageCount
ImageList_SetDragCursorImage
ImageList_GetImageInfo
ImageList_SetOverlayImage
_TrackMouseEvent
ImageList_SetIconSize
FlatSB_SetScrollPos
ImageList_Destroy
CreateToolbarEx
ImageList_Remove
PropertySheetW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_DragMove
CreatePropertySheetPageA

advapi32

SetEntriesInAclW
RegEnumValueA
ReportEventW
SetNamedSecurityInfoW
IsValidSid
OpenSCManagerW
CryptCreateHash
GetSecurityDescriptorDacl
GetLengthSid
OpenServiceW
AddAccessDeniedAce
RegQueryMultipleValuesA
GetSidSubAuthority
InitializeAcl
RegSetValueExA
AreAnyAccessesGranted
RegNotifyChangeKeyValue
SetKernelObjectSecurity
GetSidSubAuthorityCount
AddAccessAllowedAce
GetSidLengthRequired
RegSetValueA
InitializeSecurityDescriptor
GetKernelObjectSecurity
GetSidIdentifierAuthority
CheckTokenMembership
RegOpenKeyExW
CryptReleaseContext
AddAce
RegSetValueW
GetCurrentHwProfileW
StartServiceA
GetTokenInformation
RegDeleteKeyW
AddAuditAccessAce
GetCurrentHwProfileA
RegCreateKeyExA
RegQueryMultipleValuesW
RegSetValueExW
RegSetKeySecurity
RegCreateKeyExW
SetServiceStatus
SetTokenInformation
GetAce
RegQueryValueExA
AreAllAccessesGranted
RegDeleteValueW

shell32

SHBindToParent
SHChangeNotify
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

ole32

HWND_UserUnmarshal
OleInitialize
MkParseDisplayName
CoFreeUnusedLibrariesEx
OleCreateFromData
CoIsHandlerConnected
CoRegisterSurrogate
STGMEDIUM_UserMarshal
HACCEL_UserSize
CoGetTreatAsClass
HICON_UserUnmarshal
StringFromIID
CoGetClassObject
CoMarshalInterThreadInterfaceInStream
CoResumeClassObjects
StgCreatePropSetStg
OleRegEnumVerbs
CreatePointerMoniker
StgCreateStorageEx
CoInitializeEx
OleFlushClipboard
OleSaveToStream

oleaut32

VariantChangeType
CreateErrorInfo
SysReAllocStringLen
VariantCopy
VariantCopyInd
GetErrorInfo
SysAllocStringLen

Sections

.text
Size: 1.7MB - Virtual size: 34.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec4802342a0f441bd058d09ec2f3d7bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 34.4MB

.rdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 93KB - Virtual size: 93KB

.text
Size: 1.7MB - Virtual size: 34.4MB

.rdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 93KB - Virtual size: 93KB