8fd1aef04b09921ee9c82baa11314209c2fa777fd2268651875126d1e047eb0a

Sharing

Copy URL

Twitter E-mail

General

Target

8fd1aef04b09921ee9c82baa11314209c2fa777fd2268651875126d1e047eb0a
Size

286KB
MD5

7199b8642367a133bb1689a3991f3dd9
SHA1

2f8393c33598a47ee3564b17267caf2ca5a412aa
SHA256

8fd1aef04b09921ee9c82baa11314209c2fa777fd2268651875126d1e047eb0a
SHA512

e0efadde5f1b9f99e26882111a1f9ef1362ea90dcab63e823583e8faaede6cb0c7ecf9658d3e44305ca36cfb8382ac719249885b24b341cab4cbfbede0bcced4
SSDEEP

6144:Zur1uTIK6/6FtZUmGZlmDBeci+lmQciCv:or1WIK6sZUm8mDEZEmQyv

Score

N/A

Malware Config

Signatures

Files

8fd1aef04b09921ee9c82baa11314209c2fa777fd2268651875126d1e047eb0a
.exe windows x86

e28665b08a51384d3015bb4b499f043b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertFreeCertificateChain
CryptHashPublicKeyInfo
CryptUnprotectData
CryptMsgGetParam
CertGetCertificateChain
CertCloseStore
CryptDecodeObject
CertFreeCertificateContext
CryptQueryObject
CertVerifyCertificateChainPolicy
CryptMsgGetAndVerifySigner

shlwapi

PathCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW

ws2_32

gethostbyname
socket
closesocket
WSAStartup
inet_ntoa
inet_addr
ntohs
bind
htons
getsockname
WSACleanup

advapi32

RegEnumKeyExW
CloseServiceHandle
RegOpenKeyW
RegSetValueExW
OpenServiceW
QueryServiceConfigW
RegQueryValueExW
LsaClose
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
ControlService
QueryServiceStatus
LsaFreeMemory
LsaQueryInformationPolicy
OpenSCManagerW
LsaOpenPolicy

msi

ord32
ord113
ord171
ord92
ord8
ord45
ord190
ord205
ord70
ord169
ord137
ord111
ord159
ord88
ord121
ord125
ord211
ord160
ord118
ord141
ord204
ord116
ord120
ord115
ord17

kernel32

GetSystemWindowsDirectoryW
GetPrivateProfileStringW
GetFileInformationByHandle
HeapAlloc
SetFilePointer
FileTimeToSystemTime
OpenProcess
IsValidCodePage
FindResourceW
CreateProcessW
lstrcmpW
CreateNamedPipeW
CancelIo
CreateThread
CompareFileTime
GetSystemTime
LocalFree
GetWindowsDirectoryW
EnterCriticalSection
lstrlenW
OutputDebugStringW
SetStdHandle
IsDebuggerPresent
VirtualAlloc
GetUserDefaultLCID
DuplicateHandle
LocalAlloc
SetEnvironmentVariableA
CreateFileMappingW
LoadLibraryExW
GetOverlappedResult
LoadResource
HeapDestroy
WideCharToMultiByte
Process32NextW
FindFirstFileExW
ResetEvent
GetFileType
FlushInstructionCache
GetComputerNameW
GetConsoleCP
LeaveCriticalSection
RaiseException
DisconnectNamedPipe
IsValidLocale
FlushFileBuffers
InterlockedPopEntrySList
LCMapStringW
WritePrivateProfileSectionW
InterlockedPushEntrySList
UnmapViewOfFile
GetTempFileNameW
SystemTimeToFileTime
GetTempPathW
GetFileAttributesExW
lstrcmpA
SetHandleCount
DeleteFileW
TlsSetValue
GetProcessHeap
FindFirstFileW
GetConsoleMode
RemoveDirectoryW
WaitNamedPipeW
GetSystemTimeAsFileTime
GetStdHandle
ReadFile
SetEndOfFile
lstrcmpiW
HeapReAlloc
GetSystemDirectoryW
ReleaseMutex
CreateFileW
GetCurrentThreadId
MapViewOfFile
GetCurrentDirectoryW
HeapSize
GetModuleHandleW
FindResourceExW
ConnectNamedPipe
CreateEventW
ResumeThread
HeapFree
GetOEMCP
Module32FirstW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
CloseHandle
ExitThread
GetTimeZoneInformation
OpenMutexW
IsWow64Process
CreateToolhelp32Snapshot
EnumUILanguagesW
DeleteCriticalSection
TlsGetValue
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
GetACP
Process32FirstW
WaitForMultipleObjects
SizeofResource
CreateMutexW
UnhandledExceptionFilter
GetLocalTime
GetCommandLineA
TlsFree
FreeLibrary
GetFileTime
GetShortPathNameW
FormatMessageW
SetLastError
GetFileSizeEx
GetFileSize
lstrlenA
TlsAlloc
CopyFileW
WriteFile
PeekNamedPipe
WriteConsoleW
FindClose
FreeEnvironmentStringsW
CompareStringW
VirtualFree
FindNextFileW
IsProcessorFeaturePresent
LockResource
GetFullPathNameW
CreateDirectoryW
RtlUnwind
GetSystemInfo
MulDiv
WaitForSingleObject
GetDriveTypeW
GetCommandLineW
GetCurrentProcess
VirtualAllocEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ole32

CLSIDFromProgID
StringFromGUID2
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoInitializeEx
OleRun
CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoUninitialize

setupapi

SetupIterateCabinetW

shell32

SHGetPathFromIDListW
SHGetMalloc
CommandLineToArgvW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetFolderPathW

oleaut32

VariantInit
VarUI4FromStr
VarBstrCmp
VariantCopy
SysFreeString
DispGetParam
GetErrorInfo
SetErrorInfo
SysStringByteLen
LoadTypeLi
VariantClear
LoadRegTypeLi
SysAllocStringLen
SysStringLen
CreateErrorInfo
SysAllocString
SysAllocStringByteLen

cabinet

ord23
ord21
ord22
ord20

gdi32

DeleteObject
GetDeviceCaps
CreateFontIndirectW

user32

GetDC
GetParent
SetDlgItemTextW
SetWindowPos
DefWindowProcW
GetWindowLongW
SetWindowLongW
ReleaseCapture
GetClientRect
DestroyWindow
MonitorFromWindow
GetDlgItemTextW
MessageBoxW
CharNextW
SetCursor
PeekMessageW
LoadCursorW
CallWindowProcW
GetSystemMetrics
RegisterClassExW
GetWindowRect
MsgWaitForMultipleObjects
SetWindowTextW
CreateWindowExW
GetClassInfoExW
ReleaseDC
CharPrevW
SystemParametersInfoW
GetDlgItem
SetCapture
UnregisterClassA
BeginPaint
EndPaint
DispatchMessageW
GetActiveWindow
SendMessageW
DialogBoxParamW
GetWindow
MapWindowPoints
TranslateMessage
EndDialog
GetMonitorInfoW
IsWindow

comctl32

CreateStatusWindow
ImageList_Remove
ImageList_DragShowNolock
InitCommonControlsEx
FlatSB_SetScrollRange
ImageList_Draw
ImageList_Create
ImageList_LoadImage
ImageList_GetIcon
InitCommonControls
CreateToolbarEx
CreatePropertySheetPage

kbdblr

KbdLayerDescriptor

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 35KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e28665b08a51384d3015bb4b499f043b

Headers

File Characteristics

Imports

wintrust

crypt32

shlwapi

ws2_32

advapi32

msi

kernel32

version

ole32

setupapi

shell32

oleaut32

cabinet

gdi32

user32

comctl32

kbdblr

Sections

.text Size: 20KB - Virtual size: 20KB

.bss Size: 35KB - Virtual size: 769KB

.reloc Size: 178KB - Virtual size: 622KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 32KB - Virtual size: 296KB

.rsrc Size: 11KB - Virtual size: 48KB

.text
Size: 20KB - Virtual size: 20KB

.bss
Size: 35KB - Virtual size: 769KB

.reloc
Size: 178KB - Virtual size: 622KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 32KB - Virtual size: 296KB

.rsrc
Size: 11KB - Virtual size: 48KB