413a9682466161f391849a4dbad680382be1e67ea6c8c24fe5830cdcb80b0769

Sharing

Copy URL Twitter E-mail

General

Target

413a9682466161f391849a4dbad680382be1e67ea6c8c24fe5830cdcb80b0769
Size

2.5MB
MD5

1bbf0ceeead6e06aa8f69d106c4a73de
SHA1

0a2eb193025563892e3adb9c471e4ed8988fe087
SHA256

413a9682466161f391849a4dbad680382be1e67ea6c8c24fe5830cdcb80b0769
SHA512

1e7187f7cf3210fb1c652d88ff097219d7840b3b044615e77163bf7d0d0a753c38152360eae39bba1a803a36b1ee83d71619d92501a2885d4c1e2b882c5f287e
SSDEEP

49152:WC7o10cGxAiTNk5i84VFgQmVGna5Bj/MHgrf4sH34:p7oKBxAuiVGavMAj48I

Score

N/A

Malware Config

Signatures

Files

413a9682466161f391849a4dbad680382be1e67ea6c8c24fe5830cdcb80b0769
.exe windows x86

1a2498e820fa12f049ad69e0fc35aeec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsURLW
UrlIsW
UrlUnescapeW
PathAppendW
PathFileExistsW
PathIsPrefixW
UrlCreateFromPathW
PathCreateFromUrlW
StrCpyW
PathRemoveFileSpecW
PathStripPathW
PathRenameExtensionW
StrToIntExW

kernel32

GetVersionExW
lstrcpynW
DeleteFileW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
lstrcpyW
GetFileAttributesW
ReadFile
FindFirstFileW
FindNextFileW
FindClose
GetFullPathNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
WaitForSingleObject
GetFileSize
lstrlenA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileTime
GetFileAttributesExW
TerminateProcess
LCMapStringW
RtlUnwind
GetCPInfo
GetStartupInfoW
WideCharToMultiByte
GetLastError
lstrlenW
FindResourceExW
SizeofResource
LockResource
WriteConsoleW
SetEndOfFile
SetLastError
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
WriteFile
CreateToolhelp32Snapshot
CreateFileW
LoadResource
FindResourceW
MultiByteToWideChar
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
SetHandleCount
GetFileType
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SetStdHandle
GetStringTypeW
TlsFree
HeapDestroy
InitializeCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
DecodePointer
GetACP
GetLocaleInfoW
GetStdHandle
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetModuleFileNameW
RaiseException
EncodePointer
InterlockedExchange
LoadLibraryW
VirtualAlloc
VirtualProtect
VirtualFree
LoadLibraryA
GetModuleHandleA
lstrcmpA
ExpandEnvironmentStringsW
GetTempPathW
GetLongPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
SetCurrentDirectoryW
Sleep
CreateEventW
ResetEvent
CreateThread
SetEvent
GetCurrentDirectoryW
SearchPathW
GetUserDefaultLangID
EnumResourceTypesW
LocalAlloc
LocalFree
GetCurrentProcessId
OpenProcess
GetPriorityClass
GetProcessTimes
InterlockedCompareExchange
UnhandledExceptionFilter

user32

FindWindowW
BringWindowToTop
PostThreadMessageW
GetParent
SetForegroundWindow
MessageBoxW
GetClassInfoExW
EnableWindow
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
SendMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
TrackPopupMenu
GetMessagePos
GetSystemMenu
SetWindowRgn
PtInRect
GetSystemMetrics
LoadImageW
PostMessageW
CreateWindowExW
LoadCursorW
SetWindowPos
RegisterClassExW
PostQuitMessage
GetWindow
MonitorFromWindow
LoadStringW
UnregisterClassA
GetMonitorInfoW
GetWindowRect
GetClientRect
MapWindowPoints
ShowWindow

gdi32

CreateRoundRectRgn
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ConvertSidToStringSidW
LookupAccountNameW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumValueW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
QueryServiceConfig2W

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantClear
SysFreeString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

InitCommonControlsEx

wininet

InternetCloseHandle
InternetSetStatusCallbackW
InternetReadFile
InternetOpenW
InternetConnectW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
HttpOpenRequestW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW

shell32

SHGetSpecialFolderPathW

psapi

GetModuleFileNameExW

secur32

GetUserNameExW

Sections

.text
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 496KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a2498e820fa12f049ad69e0fc35aeec

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

version

comctl32

wininet

wintrust

crypt32

shell32

psapi

secur32

Sections

.text Size: 555KB - Virtual size: 554KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 14KB - Virtual size: 25KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 36KB - Virtual size: 35KB

.vmp0 Size: 192KB - Virtual size: 496KB

.text
Size: 555KB - Virtual size: 554KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 14KB - Virtual size: 25KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 36KB - Virtual size: 35KB

.vmp0
Size: 192KB - Virtual size: 496KB