52057af832c9fff86786fbaa88d4d734f1507a5fad9858b06ec56fb6fc2a4e16

Sharing

Copy URL Twitter E-mail

General

Target

52057af832c9fff86786fbaa88d4d734f1507a5fad9858b06ec56fb6fc2a4e16
Size

209KB
MD5

2893ed1067c55912f1d0e1a0ae358920
SHA1

ee973da783f3cd59e78acba1ee6439ebef4a795b
SHA256

52057af832c9fff86786fbaa88d4d734f1507a5fad9858b06ec56fb6fc2a4e16
SHA512

367e27952e769a316bf1b75b83ad221a3a1af6751424273162101fe6eb5eeb8ff0ea4d913f3eb557d44fbcd69e1a1c75386fc895f387337fa932d94fa8507750
SSDEEP

6144:YZI7jqqDLaL0jqHOQsWROHpJ6V48VoIBc76GOOuIa:YZISqnaL0j4VKf6V48Vb6ONIa

Score

N/A

Malware Config

Signatures

Files

52057af832c9fff86786fbaa88d4d734f1507a5fad9858b06ec56fb6fc2a4e16
.exe windows x86

8384524c99fb70b6a7f75601560624a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GlobalLock
GlobalUnlock
GetCurrentProcess
GetNativeSystemInfo
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
WaitForMultipleObjects
HeapCreate
lstrcpynW
Thread32Next
CreateMutexW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateRemoteThread
CreateEventW
GetVersionExW
GetComputerNameW
SetErrorMode
GetCommandLineW
ResetEvent
TerminateProcess
TlsSetValue
SetEvent
TlsGetValue
CreatePipe
ReadFile
SetHandleInformation
CreateProcessW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
LoadLibraryW
CreateDirectoryW
FreeLibrary
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
GetTimeZoneInformation
OpenEventW
GetUserDefaultUILanguage
MoveFileExW
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
GetFileAttributesExW
GetProcessId
VirtualFreeEx
SetThreadContext
GetThreadContext
ExitProcess
ExpandEnvironmentStringsW
lstrcmpiW
GetModuleHandleA
LoadLibraryA
VirtualAlloc
ExitThread
GetFileAttributesW
IsBadReadPtr
VirtualFree
CreateThread
CloseHandle
GetLocalTime
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetSystemTime
SetThreadPriority
Sleep
GetCurrentThread
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
WaitForSingleObject
HeapDestroy

user32

OpenWindowStationW
RegisterClassExA
DefDlgProcW
DefFrameProcA
OpenInputDesktop
TranslateMessage
RegisterClassExW
GetClipboardData
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
RegisterClassW
CallWindowProcA
CallWindowProcW
GetUserObjectInformationW
CharToOemW
GetKeyboardLayoutList
EndPaint
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
GetUpdateRect
EndMenu
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
SetThreadDesktop
CloseDesktop
OpenDesktopW
GetProcessWindowStation
CreateWindowStationW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
GetSystemMetrics
GetKeyboardState
ToUnicode
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
GetClassNameW
SystemParametersInfoW
GetMenuState
GetMenuItemCount
RegisterClassA
HiliteMenuItem
CharLowerBuffA
ExitWindowsEx
MessageBoxA
GetShellWindow
MapVirtualKeyW
DrawIcon
GetIconInfo
CreateDesktopW
SetProcessWindowStation
GetDC
CharLowerW
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
GetThreadDesktop
IntersectRect
CloseWindowStation
SendMessageTimeoutW
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
DefFrameProcW

advapi32

RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
InitiateSystemShutdownExW
CreateProcessAsUserA
CreateProcessAsUserW
IsWellKnownSid
GetLengthSid
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumKeyExW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
RegDeleteValueW
RegEnumValueW

shlwapi

SHDeleteValueW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
PathQuoteSpacesW
PathAddBackslashW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
StrStrIA
StrCmpNIW
PathRemoveBackslashW
PathRenameExtensionW
PathIsURLW
PathRemoveFileSpecW
PathFindFileNameW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

GetDeviceCaps
SaveDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
RestoreDC

ws2_32

send
gethostbyname
closesocket
WSASend
getaddrinfo
freeaddrinfo
recv
sendto
select
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
WSAEventSelect
getsockname
accept
getpeername
inet_addr
WSAGetLastError
listen
WSASetLastError
socket
bind
recvfrom

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExW
HttpQueryInfoA
InternetConnectA
InternetSetStatusCallbackA
HttpSendRequestExA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8384524c99fb70b6a7f75601560624a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 196KB - Virtual size: 196KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 196KB - Virtual size: 196KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB