d51e951faa0c4792cd8b384130f5a82b8a2da54b67f0a6bc387d62f1a8612bef

Sharing

Copy URL Twitter E-mail

General

Target

d51e951faa0c4792cd8b384130f5a82b8a2da54b67f0a6bc387d62f1a8612bef
Size

123KB
MD5

f0df111f393975958c99dd4c08b6c8db
SHA1

0482c5fb143f8321ab0ddbb0617ec0f2acaf689c
SHA256

d51e951faa0c4792cd8b384130f5a82b8a2da54b67f0a6bc387d62f1a8612bef
SHA512

d1a4bfd171b2a607a3ef6965214e639eba4c3ede6d3a6325fab20cd12ec408d400ba2eca881ed5e0aab829048089da4cef6d57ea33532ff1921e64d30aaa245d
SSDEEP

3072:a1OnnZnX3pJmmQpV11X9KReuevLT2mj0U:a1mZnpJjQv1vKR/6LKY0

Score

N/A

Malware Config

Signatures

Files

d51e951faa0c4792cd8b384130f5a82b8a2da54b67f0a6bc387d62f1a8612bef
.exe windows x86

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

ws2_32

gethostbyname
WSAStartup
gethostname
inet_ntoa

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdipGetImageEncoders

kernel32

lstrcpyA
CreateFileA
GetFileSize
lstrcmpA
SetFilePointer
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
GetVolumeInformationA
Sleep
ReadFile
lstrcmpiA
CopyFileA
SetFileAttributesA
GetModuleFileNameA
CloseHandle
DeleteFileA
CreateThread
HeapCreate
FlushFileBuffers
GetSystemTime
ExitProcess
SetErrorMode
GetCurrentProcess
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
GetLastError
EnterCriticalSection
VirtualAllocEx
OpenMutexA
Process32Next
GetModuleHandleA
GetTempPathA
CreateToolhelp32Snapshot
WriteProcessMemory
GetComputerNameA
GetEnvironmentVariableA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
LoadLibraryW
RtlUnwind
GetStringTypeW
lstrcatA
GetTickCount
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapReAlloc
LeaveCriticalSection
CreateMutexA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
WriteConsoleW
VirtualAlloc
CreateFileW
GetStdHandle

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA

user32

GetWindowDC
PostQuitMessage
LoadStringA
LoadIconA
BeginPaint
TranslateMessage
MessageBoxA
CreateWindowExA
TranslateAcceleratorA
RegisterClassExA
DefWindowProcA
LoadAcceleratorsA
DispatchMessageA
UpdateWindow
LoadCursorA
DialogBoxParamA
GetKeyState
GetForegroundWindow
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
wvsprintfA
wsprintfA
GetMessageA
DestroyWindow
SwapMouseButton
EndPaint
GetSystemMetrics
EndDialog

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SaveDC
RestoreDC
BitBlt

advapi32

CryptReleaseContext
RegCloseKey
AdjustTokenPrivileges
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
LookupPrivilegeValueA
LookupAccountSidA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
OpenProcessToken
CryptAcquireContextA
RegOpenKeyExA
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
CryptDestroyHash
CryptHashData
CryptGetHashParam

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.injcd
Size: 1024B - Virtual size: 907B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83f973d8d0ba495a78d06cadcbdccf72

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ws2_32

gdiplus

kernel32

wininet

user32

gdi32

advapi32

shell32

Sections

.text Size: 78KB - Virtual size: 77KB

.injcd Size: 1024B - Virtual size: 907B

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 78KB - Virtual size: 77KB

.injcd
Size: 1024B - Virtual size: 907B

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB