1b556031863ca29dcdcfb538bf44488922fbc672ce8ae7fa721e7e12632ae5d0

Sharing

Copy URL Twitter E-mail

General

Target

1b556031863ca29dcdcfb538bf44488922fbc672ce8ae7fa721e7e12632ae5d0
Size

329KB
MD5

bfa803bb20f62b234eabc490688d3e26
SHA1

a34eb12ceb3af9f7fee9a36266a49f82e7bb4d86
SHA256

1b556031863ca29dcdcfb538bf44488922fbc672ce8ae7fa721e7e12632ae5d0
SHA512

8b100d81b16bb7ac2935b072ef09613a12a78c4beff1c00eac7625e748024e27bd8a780ef9f54f56b0426ddc5b0bfd55981220c53d20d0dfb0c1e9c076f61f34
SSDEEP

6144:/cmE8WWLxhhxZwvzHSWWAsx5l98FqZO9L82hzad+CtE:/cn8WsxhLZwvzHSzxr9wqyLJ2d+0E

Score

N/A

Malware Config

Signatures

Files

1b556031863ca29dcdcfb538bf44488922fbc672ce8ae7fa721e7e12632ae5d0
.exe windows x86

d9a24ddfe6d866b5569eab406064594c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

webservices

WsFileTimeToDateTime

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptDecrypt

ntdll

RtlEqualUnicodeString
NtQueryInformationProcess
RtlInitUnicodeString

kernel32

HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
WaitForSingleObject
lstrcpyW
VirtualProtect
SetFilePointer
ReadProcessMemory
VirtualQueryEx
GetModuleHandleW
IsWow64Process
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
GetStartupInfoA
FindNextFileW
GetLogicalDriveStringsW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
ReleaseMutex
TerminateProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
GetCurrentThread
K32GetModuleInformation
CreateFileMappingW
MapViewOfFile
Process32First
Process32Next
lstrcpyA
Sleep
MultiByteToWideChar
lstrcatA
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
lstrcmpW
CreateProcessA
WinExec
CloseHandle
lstrcatW
GetPrivateProfileStringW
GetCommandLineA
GetModuleHandleA
GetTempPathW
VirtualFree
SetLastError
GetModuleFileNameA
CreateDirectoryW
SystemTimeToFileTime
GetLastError
ExitProcess
GetProcAddress
LoadLibraryA
GetProcessHeap
HeapAlloc
FindFirstFileW
GetTickCount
CreateProcessW
CreateMutexA

user32

SetProcessDPIAware
FindWindowExA
CreateDesktopW
SendMessageA
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
GetLastInputInfo
ToUnicode
GetKeyNameTextW
PostQuitMessage
CharLowerW
GetForegroundWindow
GetWindowTextW
wsprintfW
TranslateMessage

advapi32

RegSetValueExA
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
RegQueryInfoKeyA
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
LookupAccountSidW
GetTokenInformation
QueryServiceStatusEx
GetSidIdentifierAuthority
OpenThreadToken
GetLengthSid
RegCreateKeyW
InitializeSecurityDescriptor
IsValidSid
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteKeyA
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
RegEnumKeyExW

shell32

ord680
SHGetKnownFolderPath
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

urlmon

URLDownloadToFileW

ws2_32

setsockopt
gethostbyname
freeaddrinfo
htons
recv
socket
send
WSAConnect
getaddrinfo
closesocket
inet_addr
InetNtopW
WSAStartup
shutdown
WSACleanup
connect

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitialize
CoUninitialize

shlwapi

StrStrA
StrStrW
PathRemoveFileSpecA
PathCombineA
PathFindExtensionW
AssocQueryStringW
PathFindFileNameW
PathFileExistsW

netapi32

NetLocalGroupAddMembers
NetUserAdd

oleaut32

VariantInit
VariantClear

crypt32

CryptStringToBinaryA
CryptUnprotectData
CryptStringToBinaryW

wininet

InternetTimeToSystemTimeA

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9a24ddfe6d866b5569eab406064594c

Headers

DLL Characteristics

File Characteristics

Imports

webservices

bcrypt

ntdll

kernel32

user32

advapi32

shell32

urlmon

ws2_32

ole32

shlwapi

netapi32

oleaut32

crypt32

wininet

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 42KB - Virtual size: 1.2MB

.reloc Size: 5KB - Virtual size: 4KB

.bss Size: 512B - Virtual size: 4KB

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 42KB - Virtual size: 1.2MB

.reloc
Size: 5KB - Virtual size: 4KB

.bss
Size: 512B - Virtual size: 4KB