70a7ae4c625b4b29e4a01c361297e306de1cd164c5427ef8b4b769a9c10a9f3d

Sharing

Copy URL Twitter E-mail

General

Target

70a7ae4c625b4b29e4a01c361297e306de1cd164c5427ef8b4b769a9c10a9f3d
Size

816KB
MD5

0706c2e1ea9d2e9ec9e6e7cfbfa320a0
SHA1

3aefb019581e7dc9d91d6854a544d225f1690083
SHA256

70a7ae4c625b4b29e4a01c361297e306de1cd164c5427ef8b4b769a9c10a9f3d
SHA512

614a930b9797793ca5ee52d277f7604651d9b9077b034397867d08b8fed2ed7425003d4b4ec7e67cee309aef7429b8a7086a7828a1b16fe60f8141fd468919a0
SSDEEP

24576:I1vM9jZnas/RqSGkPdev7XYNPmCNGN85KT7a6iUHy9ZNdhJgQ40sH:z7ZOG6UNPmCNq82JHy9ZNdhJgQ40sH

Score

N/A

Malware Config

Signatures

Files

70a7ae4c625b4b29e4a01c361297e306de1cd164c5427ef8b4b769a9c10a9f3d
.exe windows x86

f09383a1fce20e4261d88029dcdaf133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

DeleteEnhMetaFile
CreateFontIndirectA
UpdateColors
GdiGetPageHandle
SetPixelFormat
EngLockSurface
GdiAlphaBlend
EnumEnhMetaFile
EngStretchBlt
EnumFontFamiliesExA
SetWorldTransform
EngFindResource
AddFontResourceA
RemoveFontResourceA
GetBitmapDimensionEx
CreateHalftonePalette
AnimatePalette
WidenPath
EnumMetaFile
GetTextExtentPoint32A
PolyPolygon
SetMetaFileBitsEx
EngEraseSurface
GetTextMetricsA
IntersectClipRect
GetEnhMetaFileBits

comctl32

_TrackMouseEvent
CreatePropertySheetPageA
ImageList_GetBkColor
InitCommonControlsEx
ImageList_Add
ImageList_GetIconSize
ImageList_Read
CreateStatusWindowA
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_GetDragImage
ImageList_Create
ImageList_Remove
ImageList_LoadImageA
ImageList_Replace
ImageList_EndDrag
ImageList_DrawEx
PropertySheetW
PropertySheetA
ImageList_DragShowNolock
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_DrawIndirect
ImageList_Write

setupapi

SetupDiGetClassInstallParamsW
SetupRemoveInstallSectionFromDiskSpaceListW
CM_Get_Next_Res_Des
CM_Get_DevNode_Registry_PropertyW
SetupDiCreateDevRegKeyW
CM_Get_Device_ID_Size
pSetupStringTableAddStringEx
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupGetTargetPathW
CM_Get_First_Log_Conf
SetupDiGetClassDescriptionExW
SetupDiEnumDeviceInterfaces
SetupCopyOEMInfA
SetupDiSetClassInstallParamsA
CM_Free_Log_Conf_Handle
SetupDiCreateDeviceInfoA
SetupQueueCopyIndirectW
SetupDiLoadClassIcon
CM_Get_Device_ID_ExW
SetupDiGetClassInstallParamsA
SetupDiSetSelectedDriverW
SetupDiGetClassDevsA

msvcrt

_wfullpath
_endthread
scanf
_wcslwr
_hypot
_wsopen
pow
_strdup
_CIlog
_mbsupr
_mbscpy
islower
clock
_commode
_errno
_findfirst
_timezone
fgetws
iswalpha
_spawnlp
fwscanf
_mbsncpy
strspn
_isnan
_getdrives
iswpunct
rand
_exit
__getmainargs
_fileno
_CIatan
ferror

kernel32

HeapLock
EnumTimeFormatsW
GetNumberFormatA
GetProcessWorkingSetSize
SetThreadContext
GetFileSizeEx
GetLocaleInfoW
DeleteTimerQueue
LocalUnlock
lstrcmpA
lstrcatA
FindVolumeMountPointClose
SetVolumeLabelA
SetConsoleTitleW
QueryPerformanceCounter
CreateEventA
HeapValidate
VirtualAlloc
OpenThread
CreateFileW
CreateConsoleScreenBuffer
WriteConsoleOutputCharacterA
ResetEvent
GetLastError
LockFile
MultiByteToWideChar
TerminateThread
SetFileTime
FindAtomW
IsBadCodePtr

crypt32

CertCreateCTLContext

advapi32

SetKernelObjectSecurity
OpenTraceW
LsaSetDomainInformationPolicy
LsaStorePrivateData
IsWellKnownSid
AddAuditAccessObjectAce
RegDeleteKeyA
AddAccessDeniedAce
CryptDuplicateKey
RegSetValueExW
AddAuditAccessAce
OpenEventLogW
StartTraceW
AreAnyAccessesGranted
CryptDestroyKey
InitializeSecurityDescriptor
RegRestoreKeyW
LsaSetInformationPolicy
SetFileSecurityW
MapGenericMask
RegOpenUserClassesRoot
CheckTokenMembership
IsTextUnicode
LookupPrivilegeValueA
CryptReleaseContext
GetEventLogInformation
LsaAddAccountRights
RegFlushKey
IsValidSid
InitializeAcl
LsaEnumerateAccountRights
ClearEventLogW
RegSetValueExA
LsaRetrievePrivateData

userenv

RsopResetPolicySettingStatus
GetProfileType
ForceSyncFgPolicy
UnregisterGPNotification
GetAppliedGPOListW
RsopSetPolicySettingStatus
DestroyEnvironmentBlock
DeleteProfileW
RefreshPolicy
RegisterGPNotification
EnterCriticalPolicySection
CreateEnvironmentBlock
GetUserProfileDirectoryW
GetUserProfileDirectoryA
ExpandEnvironmentStringsForUserW
LeaveCriticalPolicySection
UnloadUserProfile
ProcessGroupPolicyCompletedEx
LoadUserProfileW
ProcessGroupPolicyCompleted
FreeGPOListW
GetDefaultUserProfileDirectoryW
GetAllUsersProfileDirectoryW

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 68KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 145KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 204KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f09383a1fce20e4261d88029dcdaf133

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comctl32

setupapi

msvcrt

kernel32

crypt32

advapi32

userenv

Sections

.data Size: 2KB - Virtual size: 1KB

.text Size: 68KB - Virtual size: 439KB

.rdata Size: 315KB - Virtual size: 572KB

.idata Size: 145KB - Virtual size: 209KB

.bss Size: 204KB - Virtual size: 253KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 1024B - Virtual size: 820B

.data
Size: 2KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 439KB

.rdata
Size: 315KB - Virtual size: 572KB

.idata
Size: 145KB - Virtual size: 209KB

.bss
Size: 204KB - Virtual size: 253KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 1024B - Virtual size: 820B