b797739551b36fe351e109b7ed57eeaca7f8359b67a5112ea6ce1982119fbbd1

Sharing

Copy URL Twitter E-mail

General

Target

b797739551b36fe351e109b7ed57eeaca7f8359b67a5112ea6ce1982119fbbd1
Size

1.1MB
MD5

26ed7667d823bbac693485716bc574af
SHA1

1b56535ba98fd2312248a3b2c4ab9f7da98f3097
SHA256

b797739551b36fe351e109b7ed57eeaca7f8359b67a5112ea6ce1982119fbbd1
SHA512

97297f617cfca7d3a9a80588512da8c7e77919f60c55732e9c5f8d255976ab91868a0477261a6b0306d373529308de0edc00ab67b0a8e4d5b219b0e6b164fd7f
SSDEEP

24576:XbszuhShCrggD0z0puuHNYKl6vJ+5Wh26FWjF9z+6f6TBOQ:rszIM00uHNYpvJI58k+6fNQ

Score

N/A

Malware Config

Signatures

Files

b797739551b36fe351e109b7ed57eeaca7f8359b67a5112ea6ce1982119fbbd1
.exe windows x86

7468deaea085f579ef091c0fb0bf83ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
LocalUnlock
LocalLock
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileSizeEx
GetStringTypeExA
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetModuleHandleW
GetAtomNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetTempFileNameA
RtlUnwind
RaiseException
ExitProcess
GetTimeFormatA
GetDateFormatA
TlsGetValue
ExitThread
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
CompareStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
VirtualFree
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetPrivateProfileIntA
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
InterlockedDecrement
GetModuleFileNameW
GlobalSize
lstrlenW
GetCurrentProcessId
SuspendThread
SetThreadPriority
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
InterlockedExchange
PulseEvent
OpenEventA
ReleaseMutex
OpenMutexA
GetExitCodeThread
ResumeThread
ExpandEnvironmentStringsA
GetUserDefaultLangID
FormatMessageA
GetSystemInfo
GetStartupInfoA
CreateProcessA
CopyFileA
CreateDirectoryA
lstrcatA
FlushFileBuffers
GetDiskFreeSpaceA
HeapFree
GetProcessHeap
HeapAlloc
QueryDosDeviceA
lstrcmpiA
lstrcpyA
GetPrivateProfileSectionA
GetFileTime
CompareFileTime
WritePrivateProfileStringA
lstrcmpA
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
WaitForMultipleObjectsEx
DeleteFileA
MoveFileA
GetLogicalDrives
GetDriveTypeA
LocalAlloc
LocalFree
Sleep
GetSystemDefaultLCID
GetUserDefaultLCID
SetLastError
GetVersionExA
GetSystemDirectoryA
GetShortPathNameA
GetEnvironmentVariableA
GetTempPathA
GetLocaleInfoA
GetSystemDefaultLangID
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
GetCommandLineA
CreateMutexA
CreateThread
WideCharToMultiByte
WaitForSingleObject
GetExitCodeProcess
WritePrivateProfileSectionA
GetFileSize
ReadFile
GlobalFree
CreateFileA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetEvent
CloseHandle
CreateEventA
ResetEvent
GetPrivateProfileStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProfileStringA
WriteProfileStringA
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

user32

WindowFromPoint
KillTimer
SetTimer
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
TranslateAcceleratorA
SetRectEmpty
DestroyMenu
GetMenuItemInfoA
GetDialogBaseUnits
UnregisterClassA
DestroyIcon
LoadCursorA
GetSysColorBrush
CharUpperA
GetTabbedTextExtentA
MessageBeep
IsClipboardFormatAvailable
DeleteMenu
InflateRect
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
GetKeyNameTextA
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
EndDialog
UnhookWindowsHookEx
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
LoadStringA
MessageBoxExA
MessageBoxA
IsWindow
WaitForInputIdle
MsgWaitForMultipleObjects
EnumWindows
SetWindowTextA
ExitWindowsEx
GetCursorPos
GetNextDlgTabItem
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetSystemMetrics
LoadIconA
SetForegroundWindow
GetFocus
BringWindowToTop
IsIconic
DrawIcon
OffsetRect
ReleaseCapture
SetCapture
GetCapture
ScreenToClient
ClientToScreen
LoadBitmapA
PtInRect
EnableWindow
MapVirtualKeyA
IsRectEmpty
LockWindowUpdate
GetDCEx
UnionRect
SetParent
CallWindowProcA
GetSystemMenu
GetParent
InvalidateRect
UpdateWindow
GetClientRect
GetWindowRect
SetRect
PostQuitMessage
GetWindowLongA
GetDC
SetWindowLongA
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
SendMessageA
RegisterWindowMessageA
GetSubMenu
GetTopWindow

gdi32

EnumMetaFile
PlayMetaFile
CreateHatchBrush
CopyMetaFileA
CreateDCA
GetDCOrgEx
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
GetObjectType
GetTextMetricsA
GetCharWidthA
GetTextExtentPoint32A
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
SelectPalette
StretchDIBits
GetBkColor
DPtoLP
PlayMetaFileRecord
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
SetColorAdjustment
RectVisible
PtVisible
StartDocA
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
CreateBitmap
GetLayout
SetLayout
GetDeviceCaps
CreateCompatibleDC
SetArcDirection
CreateCompatibleBitmap
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetStockObject
Rectangle
ExtCreatePen
CreatePen
GetPixel
CreateFontA
CreateSolidBrush
GetObjectA
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
BitBlt
SelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

StartPagePrinter
EnumPortsA
OpenPrinterA
ClosePrinter
GetPrinterDriverDirectoryA
GetPrinterA
SetPrinterA
EndPagePrinter
EndDocPrinter
StartDocPrinterA
GetPrinterDriverA
EnumPrintersA
AddMonitorA
EnumMonitorsA
EnumPrinterDriversA
DocumentPropertiesA
GetJobA

advapi32

SetFileSecurityA
RegSetValueA
RegQueryValueA
RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
FreeSid
QueryServiceConfigA
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
QueryServiceStatus
CloseServiceHandle
CreateProcessAsUserA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
GetFileSecurityA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathRemoveExtensionA
UrlUnescapeA
PathFindExtensionA
PathCanonicalizeA
PathRemoveFileSpecW

ole32

CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
OleLoadPicturePath
OleLoadPicture
VarBstrFromDate
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr

wininet

InternetGetCookieA
InternetQueryDataAvailable
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetErrorDlg
HttpAddRequestHeadersA
HttpQueryInfoA
InternetFindNextFileA
InternetCloseHandle
GopherFindFirstFileA
InternetSetCookieA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
GopherGetAttributeA
FtpOpenFileA
FtpCommandA
GopherCreateLocatorA
FtpFindFirstFileA
InternetConnectA
GopherOpenFileA
InternetOpenUrlA
InternetSetOptionExA
InternetQueryOptionA
InternetCrackUrlA
InternetGetLastResponseInfoA
HttpOpenRequestA
InternetCanonicalizeUrlA

Sections

.text
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7468deaea085f579ef091c0fb0bf83ef

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

wininet

Sections

.text Size: 831KB - Virtual size: 830KB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 13KB - Virtual size: 94KB

.rsrc Size: 95KB - Virtual size: 96KB

.text
Size: 831KB - Virtual size: 830KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 13KB - Virtual size: 94KB

.rsrc
Size: 95KB - Virtual size: 96KB