946cd9210b5be38799f0e3a8a6192c05e89d9393fcbb2613668be48ee2eb3b64

Sharing

Copy URL Twitter E-mail

General

Target

946cd9210b5be38799f0e3a8a6192c05e89d9393fcbb2613668be48ee2eb3b64
Size

1.1MB
MD5

49470a2f477cec81e03b9bc4f6636315
SHA1

df07495926f29fc83673295875be9ca869d3d2ef
SHA256

946cd9210b5be38799f0e3a8a6192c05e89d9393fcbb2613668be48ee2eb3b64
SHA512

e427fff18f55b593440e54614b6bbcdfdefa8986e72235a40c5a6de5b0980ef76b9ade953e4f79838ad2f9050fdd9007fdf03afa1abe47e6a9d17a5aa6fb6e1d
SSDEEP

24576:WmbOP9ziqR+3vbLfnvZtoGXBaNpnjgvEH85K:fbOPNiqRcj7Zto+A3UvEH85K

Score

N/A

Malware Config

Signatures

Files

946cd9210b5be38799f0e3a8a6192c05e89d9393fcbb2613668be48ee2eb3b64
.exe windows x86

ebe36182e8d9d955e9eef856fd34fb62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
CryptImportKey
RegEnumKeyExW
RegEnumKeyExA
GetCurrentHwProfileA
GetCurrentHwProfileW
RegEnumKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
OpenThreadToken
GetLengthSid
CopySid
LookupAccountNameW
OpenProcessToken
GetTokenInformation
RegCreateKeyExA
RegSetValueExA

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
CreateWaitableTimerW
VirtualFree
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetSystemTime
GetExitCodeThread
GetLogicalDriveStringsA
GetVolumeInformationA
GlobalMemoryStatus
GetProcessAffinityMask
SetThreadAffinityMask
ResumeThread
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
lstrlenW
lstrlenA
ReadFile
FindNextFileA
CancelWaitableTimer
DeviceIoControl
GetFileSize
TerminateThread
MapViewOfFile
UnmapViewOfFile
GetComputerNameW
GetPrivateProfileSectionW
GetPrivateProfileStringW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
CreateFileW
TryEnterCriticalSection
GetSystemDefaultLCID
DeleteFileA
MoveFileA
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
GetTempPathA
CreateDirectoryA
GetCurrentDirectoryW
CreateDirectoryW
CreateMutexA
GetDriveTypeA
GetSystemDirectoryW
FindFirstFileW
FindFirstFileA
FindClose
ReadProcessMemory
GetLocalTime
SystemTimeToFileTime
CompareFileTime
FlushFileBuffers
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetUserDefaultLCID
SetWaitableTimer
GetSystemDefaultLangID
ResetEvent
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
CreateFileMappingA
GetFileAttributesA
FreeLibrary
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapSize
Sleep
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetCurrentThread
TlsFree
GetModuleFileNameA
GetVersionExA
DeleteCriticalSection
GetSystemDirectoryA
WaitForMultipleObjects
CreateThread
CreateEventW
GetTickCount
WaitForSingleObject
ReleaseMutex
HeapSetInformation
InitializeCriticalSection
CreateMutexW
SetProcessWorkingSetSize
GetCurrentProcessId
OpenEventW
SetEvent
CloseHandle
InterlockedIncrement
InterlockedDecrement
SetLastError
GetCurrentThreadId
GetLastError
EnumResourceLanguagesW
GetCurrentProcess
FlushInstructionCache
RaiseException
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
HeapReAlloc
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
SetEndOfFile
GetVersion
VirtualProtect

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
CreateDIBSection
BitBlt
SetTextColor
DeleteDC
CreateSolidBrush
SetBkMode
GetStockObject
DeleteObject
GetTextExtentExPointW

user32

PostMessageW
GetMenuItemID
DeleteMenu
GetMenuItemCount
CreateWindowExW
SetWindowLongW
LoadImageW
DestroyIcon
LoadStringW
RegisterWindowMessageW
ShowWindow
UpdateWindow
BroadcastSystemMessageA
wsprintfA
SetMenuDefaultItem
SetWindowPos
SetSysColors
SystemParametersInfoW
GetForegroundWindow
CopyRect
OffsetRect
GetDC
UpdateLayeredWindow
ReleaseDC
MapWindowPoints
InflateRect
SetRect
IsWindow
EndPaint
BeginPaint
SendMessageW
DestroyWindow
DrawTextW
GetFocus
DrawFocusRect
DrawIconEx
GetWindowTextLengthW
SetDlgItemTextW
SendDlgItemMessageW
GetClientRect
GetWindowTextW
GetSysColor
SetLayeredWindowAttributes
InvalidateRect
GetWindowRect
GetDlgItem
GetWindowLongW
EndDialog
GetDlgCtrlID
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
DefWindowProcW
PostQuitMessage
FindWindowW
IsWindowVisible
GetActiveWindow
DialogBoxParamW
CreateDialogParamW
GetDoubleClickTime
SetTimer
LoadMenuW
GetSubMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
KillTimer
UnregisterClassA
SystemParametersInfoA
GetDesktopWindow
GetWindowLongA
GetParent
GetSystemMetrics
GetMonitorInfoA
GetClassNameW
SetWindowTextW
SendMessageA

shell32

Shell_NotifyIconW
ShellExecuteA
ShellExecuteW
SHAppBarMessage

ole32

CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize
IIDFromString

oleaut32

SysAllocString
VariantInit
VariantClear
SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen

crypt32

CryptProtectData
CryptUnprotectData
CertEnumCertificatesInStore
CertFindExtension
CryptExportPublicKeyInfo
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertCreateCertificateContext
CertCloseStore
CertComparePublicKeyInfo
CertOpenStore

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

SHDeleteValueW

comctl32

InitCommonControlsEx

wininet

InternetSetOptionA
InternetOpenA
InternetErrorDlg
InternetAutodial
InternetGetConnectedState
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetCloseHandle

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 496KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebe36182e8d9d955e9eef856fd34fb62

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

crypt32

version

shlwapi

comctl32

wininet

setupapi

Sections

.text Size: 712KB - Virtual size: 711KB

.data Size: 50KB - Virtual size: 49KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 31KB - Virtual size: 31KB

.vmp0 Size: 192KB - Virtual size: 496KB

.text
Size: 712KB - Virtual size: 711KB

.data
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 31KB - Virtual size: 31KB

.vmp0
Size: 192KB - Virtual size: 496KB