a950bb1e32048c175064c7ab76725da2c50ba449f7fe2bbff7cd6a629ca12633

Sharing

Copy URL Twitter E-mail

General

Target

a950bb1e32048c175064c7ab76725da2c50ba449f7fe2bbff7cd6a629ca12633
Size

225KB
MD5

0a73c334495511a9b36c35ba0f0b56f9
SHA1

514d8afdbf87f04d990a6b205c20ce335e1bdf4b
SHA256

a950bb1e32048c175064c7ab76725da2c50ba449f7fe2bbff7cd6a629ca12633
SHA512

5827a9bad7ae9521cd96051b2e36937e3edcfaab7cca87818f7d61bb1b0995ab729d57a762ed24046a2d3efa093dea88d5e23eb1c6e98368525b1e43d63f9c81
SSDEEP

6144:0PZIMqqDLbi0DBcJ4Ql7idg31Qa9KC5Z4GpQ3frxM0PVA:0SJqnbi0Dxg31Qa9KC5+EexJA

Score

N/A

Malware Config

Signatures

Files

a950bb1e32048c175064c7ab76725da2c50ba449f7fe2bbff7cd6a629ca12633
.exe windows x86

d6bb52078fd5dd58672c396fe67aadba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
FindClose
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
GlobalLock
GlobalUnlock
GetCurrentThreadId
ExitThread
lstrcmpiA
OpenEventW
GetCommandLineW
SetErrorMode
GetComputerNameW
GetVersionExW
VirtualProtectEx
GetFileAttributesExW
DuplicateHandle
GetCurrentProcessId
WTSGetActiveConsoleSessionId
MoveFileExW
GetUserDefaultUILanguage
CreateRemoteThread
GetThreadContext
SetThreadContext
GetProcessId
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
SetHandleInformation
CreatePipe
GetModuleHandleA
GetNativeSystemInfo
ReadProcessMemory
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
GetTickCount
SetLastError
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
ReadFile
Thread32Next
lstrcpynW
HeapCreate
GetModuleFileNameW
HeapDestroy
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
LoadLibraryA
FreeLibrary
WaitForMultipleObjects
CreateEventW
GetProcAddress
GetPrivateProfileIntW
WaitForSingleObject
FlushFileBuffers
CreateFileW
GetFileAttributesW
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
ResetEvent
TlsSetValue
SetEvent
TlsGetValue
ExpandEnvironmentStringsW
CloseHandle
lstrcmpiW
TerminateProcess
OpenProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
SetThreadPriority
Sleep
GetCurrentThread
ExitProcess

user32

GetSystemMetrics
MessageBoxA
GetKeyboardLayoutList
CharLowerBuffA
GetMessageA
GetWindowRect
SetCapture
GetParent
GetClassLongW
GetCapture
SetCursorPos
GetAncestor
PeekMessageA
SetWindowPos
IsWindow
MapWindowPoints
RegisterClassA
GetWindowThreadProcessId
GetKeyboardState
GetClipboardData
ToUnicode
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
EndMenu
CharToOemW
TranslateMessage
GetWindowLongW
CharLowerA
PeekMessageW
DefFrameProcW
CallWindowProcW
CallWindowProcA
RegisterClassW
DefMDIChildProcA
DefDlgProcA
SwitchDesktop
DefMDIChildProcW
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
OpenDesktopW
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetMenuState
GetClassNameW
GetMenuItemCount
HiliteMenuItem
GetMessagePos
GetUserObjectInformationW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetShellWindow
MapVirtualKeyW
RegisterClassExA
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetWindow
DispatchMessageW
DrawIcon
GetIconInfo
GetCursorPos
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
RegisterClassExW
CharLowerW
DefWindowProcA
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
ExitWindowsEx
ReleaseCapture

advapi32

InitiateSystemShutdownExW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RegOpenKeyExW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
IsWellKnownSid
GetLengthSid
RegEnumKeyExW
EqualSid
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW
CreateProcessAsUserA
RegDeleteValueW
RegEnumValueW
SetSecurityInfo
ConvertSidToStringSidW

shlwapi

PathUnquoteSpacesW
StrCmpNIW
StrStrIW
StrStrIA
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathQuoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathIsURLW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateDIBSection
SaveDC

ws2_32

listen
send
closesocket
WSASetLastError
freeaddrinfo
socket
bind
recv
inet_addr
WSASend
gethostbyname
getpeername
recvfrom
WSAIoctl
connect
WSAEventSelect
getsockname
accept
sendto
setsockopt
shutdown
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAAddressToStringW

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetSetOptionA
HttpAddRequestHeadersW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetSetStatusCallbackA
HttpEndRequestW
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
HttpOpenRequestW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetCrackUrlA
InternetOpenA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6bb52078fd5dd58672c396fe67aadba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 212KB - Virtual size: 211KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 212KB - Virtual size: 211KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB