a6a3dce10851a2a19e9fa4d900cac89917e2e43222a3c22b3a4b3790f8d432bb

Sharing

Copy URL Twitter E-mail

General

Target

a6a3dce10851a2a19e9fa4d900cac89917e2e43222a3c22b3a4b3790f8d432bb
Size

280KB
MD5

d50c41ef47b1abbe127318f7fbaa762b
SHA1

07f7b3238ad20e02b2707bc243aa4ae1e51e38fc
SHA256

a6a3dce10851a2a19e9fa4d900cac89917e2e43222a3c22b3a4b3790f8d432bb
SHA512

ebe7c4293768dc8e2dc3e31caf60dd58547abcfca16fd40ce63261cbd4c7b6a74d1e6bca4c0febc282e44890bcd4e680af0579846dd7a562d5b45872806dc4e3
SSDEEP

6144:r04fEsgMFVMeGgduw9NTdskNszRoqQK26r3cj:oOgMs6djNKzRVQF6rK

Score

N/A

Malware Config

Signatures

Files

a6a3dce10851a2a19e9fa4d900cac89917e2e43222a3c22b3a4b3790f8d432bb
.exe windows x86

cec69e88751e3f361f4e55a783f090c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetW

advapi32

RegCreateKeyExW
CloseServiceHandle
LsaOpenPolicy
RegQueryValueExW
LsaFreeMemory
QueryServiceConfigW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
LsaQueryInformationPolicy
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
OpenSCManagerW
LsaClose
RegDeleteKeyW
OpenServiceW
QueryServiceStatus
RegOpenKeyExW
RegSetValueExW

user32

DispatchMessageW
CharPrevW
MessageBoxW
PeekMessageW
TranslateMessage
CharNextW
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
MsgWaitForMultipleObjects
GetDC
GetWindowLongA

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

wintrust

WinVerifyTrust

oleaut32

SysAllocStringLen
SafeArrayCreate
VarUI4FromStr
SysFreeString
CreateErrorInfo
LoadRegTypeLi
SysStringLen
VariantInit
SafeArrayDestroy
SysAllocString
VarBstrCmp
LoadTypeLi
SysStringByteLen
SafeArrayPutElement
GetErrorInfo
VariantClear
SysAllocStringByteLen
SystemTimeToVariantTime
DispGetParam
VariantCopy
SetErrorInfo
VariantTimeToSystemTime

shlwapi

PathIsRootW
PathRemoveBlanksW
PathIsSameRootW
PathRemoveBackslashW
PathCommonPrefixW
PathRemoveFileSpecW
PathCanonicalizeW
PathStripToRootW
PathAppendW
PathCombineW
PathAddBackslashW

ole32

CoTaskMemFree
CoInitialize
OleRun
CoTaskMemRealloc
StringFromCLSID
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid

shell32

SHGetFolderPathW
CommandLineToArgvW

psapi

GetModuleBaseNameW

crypt32

CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CryptUnprotectData
CertVerifyCertificateChainPolicy
CryptMsgGetAndVerifySigner
CryptDecodeObject
CryptQueryObject
CryptMsgGetParam
CryptHashPublicKeyInfo
CertFreeCertificateContext
CryptMsgClose

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetCurrentThreadId
GetSystemInfo
OpenProcess
GetFileSizeEx
SetEnvironmentVariableA
CreateFileMappingW
ResumeThread
HeapSize
LoadResource
IsValidCodePage
FlushFileBuffers
FreeEnvironmentStringsW
FindNextFileW
MulDiv
WaitForSingleObject
ExitThread
GetTempPathW
GetACP
GetSystemWindowsDirectoryW
GetDiskFreeSpaceW
DeleteFileW
SetCurrentDirectoryW
SetFilePointer
IsValidLocale
GetFileAttributesExW
lstrcmpA
Process32NextW
EnumUILanguagesW
GetFileSize
CreateToolhelp32Snapshot
HeapFree
lstrlenW
SizeofResource
GetFullPathNameW
GetSystemTimeAsFileTime
CreateFileW
MapViewOfFile
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
SetEndOfFile
GetTimeZoneInformation
FindFirstFileExW
FreeLibrary
SetEnvironmentVariableW
ReleaseMutex
GetDriveTypeW
CompareStringW
WriteFile
CreateThread
CreateProcessW
GetUserDefaultLCID
GetFileInformationByHandle
CopyFileW
SetStdHandle
GetProcessHeap
HeapAlloc
TlsAlloc
LockResource
RtlUnwind
GetShortPathNameW
LeaveCriticalSection
WaitForMultipleObjects
CloseHandle
DeleteCriticalSection
GetFileType
GetStdHandle
Process32FirstW
FindFirstFileW
GetConsoleCP
ReadFile
LocalFree
FindResourceExW
IsDebuggerPresent
Module32FirstW
PeekNamedPipe
EnterCriticalSection
UnmapViewOfFile
lstrcmpiW
EnumSystemLocalesA
lstrcmpW
SetLastError
FileTimeToSystemTime
OpenMutexW
FindClose
GetCommandLineW
HeapDestroy
GetDiskFreeSpaceExW
RemoveDirectoryW
GetModuleHandleW
DuplicateHandle
IsWow64Process
GetLocalTime
SetUnhandledExceptionFilter
GetPrivateProfileSectionW
ResetEvent
GetSystemDirectoryW
WideCharToMultiByte
SetHandleCount
HeapReAlloc
ExpandEnvironmentStringsW
GetOEMCP
GetCurrentDirectoryW
WriteConsoleW
FormatMessageW
CreateDirectoryW
RaiseException
GetWindowsDirectoryW
FindResourceW
TlsSetValue
UnhandledExceptionFilter
GetSystemTime
LCMapStringW
GetCommandLineA
TlsGetValue
LocalAlloc
IsProcessorFeaturePresent
TlsFree
lstrlenA
LoadLibraryExW
GetTempFileNameW
GetConsoleMode
CreateEventW
CreateMutexW
OutputDebugStringW
VirtualAlloc

cabinet

ord22
ord21
ord23
ord20

comctl32

CreateStatusWindow
LBItemFromPt
FlatSB_GetScrollPos
ImageList_LoadImage
UninitializeFlatSB
ImageList_GetIcon
ImageList_GetBkColor
FlatSB_EnableScrollBar
MenuHelp

bidispl

DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cec69e88751e3f361f4e55a783f090c8

Headers

File Characteristics

Imports

setupapi

advapi32

user32

gdi32

wintrust

oleaut32

shlwapi

ole32

shell32

psapi

crypt32

version

kernel32

cabinet

comctl32

bidispl

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 248KB - Virtual size: 691KB

.rsrc Size: 6KB - Virtual size: 36KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 248KB - Virtual size: 691KB

.rsrc
Size: 6KB - Virtual size: 36KB