4384f051463cf1fb3d6aaa27a52f8f2ba334a6a2dec51ccb743ea36297de38fc

Sharing

Copy URL Twitter E-mail

General

Target

4384f051463cf1fb3d6aaa27a52f8f2ba334a6a2dec51ccb743ea36297de38fc
Size

255KB
MD5

f04ad09d6f970f6951e47e94ceaf4397
SHA1

0c8f0d87875d10d31548a9701c60d3cbd84d1bc3
SHA256

4384f051463cf1fb3d6aaa27a52f8f2ba334a6a2dec51ccb743ea36297de38fc
SHA512

527e421d71563203a04dc9b6c9c2acf26daa6bc11ea6f5bcad1cf918851bb1e1eac5268defb5bde88c697905fc748acfb4e04dfd55a67efbab5028f9da37d97b
SSDEEP

6144:JIWTBJCtEDpLwi6lOngWX55nt/yciqdsrqa7T:JIWTrWEFUJlU5Ds+4

Score

N/A

Malware Config

Signatures

Files

4384f051463cf1fb3d6aaa27a52f8f2ba334a6a2dec51ccb743ea36297de38fc
.exe windows x86

3d1991a57e25b4632f411452d9d30693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
ExitProcess
SetErrorMode
GetComputerNameW
Sleep
GetModuleFileNameW
CreateEventW
WaitForMultipleObjects
lstrcatW
OpenEventW
GetCurrentProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
ReleaseMutex
GetThreadContext
SetThreadContext
GetProcessId
GetHandleInformation
LoadLibraryA
FindFirstFileW
FindClose
FindNextFileW
CreateDirectoryW
WTSGetActiveConsoleSessionId
MoveFileExW
ResetEvent
VirtualProtect
GetDriveTypeW
GetLogicalDrives
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
IsBadReadPtr
GetVolumeNameForVolumeMountPointW
GetCurrentThread
CreateRemoteThread
WideCharToMultiByte
TlsGetValue
TlsSetValue
TerminateProcess
GetExitCodeThread
CreateMutexW
TlsAlloc
TlsFree
GetSystemDefaultUILanguage
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
OpenMutexW
ExpandEnvironmentStringsW
TerminateThread
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
VirtualFree
VirtualAlloc
RemoveDirectoryW
GetEnvironmentVariableW
Thread32First
Thread32Next
TryEnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
OutputDebugStringA
SetFilePointer
HeapFree
GetProcessHeap
HeapReAlloc
GetFileInformationByHandle
DeleteFileW
GetFileTime
SetLastError
GetFileSizeEx
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFileTime
SetFilePointerEx
SetEndOfFile
GetSystemTime
GetCurrentThreadId
lstrcmpiW
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
VirtualQueryEx
HeapAlloc
MultiByteToWideChar
lstrlenA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
SetThreadPriority
OpenProcess
GetVersionExW
GetNativeSystemInfo
QueryPerformanceCounter
GetModuleHandleW
DeleteCriticalSection
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
ResumeThread
CloseHandle
DuplicateHandle
CreateFileMappingW
SetEvent
WaitForSingleObject
CreateProcessW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
lstrcpyA
SetFileAttributesW
lstrcpyW
FileTimeToLocalFileTime
GetProcAddress
GetTempPathW
lstrlenW
LoadLibraryW
FreeLibrary
lstrcpynA
lstrcmpA
GetLastError
DosDateTimeToFileTime
GetTempFileNameW
FileTimeToDosDateTime
LocalFree
CreateThread

user32

ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
GetMessageA
GetWindowRect
GetMessageW
SetCapture
GetParent
GetWindowInfo
GetDC
GetUpdateRect
BeginPaint
DrawEdge
FillRect
GetWindowDC
GetUpdateRgn
EndPaint
GetShellWindow
RegisterClassA
DefFrameProcW
CallWindowProcW
GetDCEx
CallWindowProcA
RegisterClassW
HiliteMenuItem
DefMDIChildProcA
DefDlgProcA
GetMenuItemCount
SwitchDesktop
DefMDIChildProcW
DefWindowProcA
GetMenuState
GetClassNameW
SystemParametersInfoW
TrackPopupMenuEx
GetTopWindow
LoadImageW
WindowFromPoint
SetWindowLongW
GetWindow
MsgWaitForMultipleObjects
DispatchMessageW
EndMenu
IntersectRect
GetLastInputInfo
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
CharLowerA
OpenWindowStationW
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
CharUpperW
CharToOemW
GetSystemMetrics
DrawIcon
CreateWindowStationW
CloseWindowStation
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
CharLowerW
PostMessageW
MapVirtualKeyW
ExitWindowsEx
GetCursorPos
GetIconInfo
GetProcessWindowStation

advapi32

GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
GetLengthSid
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
CryptDestroyHash
IsWellKnownSid
ConvertSidToStringSidW
EqualSid
RegCreateKeyExW
RegCloseKey
InitiateSystemShutdownExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation

shlwapi

PathAddExtensionW
PathIsDirectoryW
SHDeleteKeyW
SHDeleteValueW
PathUnquoteSpacesW
PathSkipRootW
StrChrA
StrChrW
StrCmpIW
StrRChrA
PathIsURLW
StrCmpNIA
UrlUnescapeA
PathGetDriveNumberW
PathQuoteSpacesW
PathAddBackslashW
PathFindExtensionW
StrCmpNIW
PathMatchSpecW
ord14
wvnsprintfA
wvnsprintfW
PathRemoveBackslashW
StrCmpNW
StrCmpNA
PathRemoveFileSpecW
PathFindFileNameW

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemFree

gdi32

CreateDIBSection
GetDeviceCaps
GetDIBits
CreateDCW
DeleteObject
SetViewportOrgEx
GdiFlush
SetRectRgn
SaveDC
RestoreDC
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

WSAGetLastError
select
getaddrinfo
WSAStartup
connect
WSAAddressToStringA
getsockopt
WSACreateEvent
WSARecv
WSASend
WSACloseEvent
getpeername
WSAIoctl
recvfrom
WSAEnumNetworkEvents
WSAEventSelect
getsockname
setsockopt
shutdown
WSACleanup
recv
bind
socket
freeaddrinfo
WSASetLastError
closesocket
send
listen
accept
sendto

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetCrackUrlA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
InternetSetStatusCallbackA
HttpSendRequestExW
HttpSendRequestExA
InternetSetCookieA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionW
InternetReadFile
HttpQueryInfoA
InternetConnectA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

iphlpapi

GetAdaptersAddresses

msvcrt

_errno
memcpy
memset
memcmp
_wtoi
_ultow
_ultoa
memmove
strcmp
_purecall
_vsnwprintf
_vsnprintf
memchr
abs
_except_handler3

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1991a57e25b4632f411452d9d30693

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

msvcrt

Sections

.text Size: 235KB - Virtual size: 234KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 235KB - Virtual size: 234KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 10KB