a90ff8985f2db79342aa4a9ffd4eec36a894bb1688ea8bcc19bcaddb4f2f1c3a

Sharing

Copy URL

Twitter E-mail

General

Target

a90ff8985f2db79342aa4a9ffd4eec36a894bb1688ea8bcc19bcaddb4f2f1c3a
Size

1.1MB
MD5

c74b8df332779b520e1c3c5ba0e430c1
SHA1

cf43d3d253acec48ff5b3d16013ac78ccf32308f
SHA256

a90ff8985f2db79342aa4a9ffd4eec36a894bb1688ea8bcc19bcaddb4f2f1c3a
SHA512

9b3b07b66f0ad494219aaf8b54939e0e0093e81070c34311f46ae6879b4a5cfa2bbbff0464add18ba19e84ed69d6713551a875412ab4404f8955ee5978eee94f
SSDEEP

24576:X+wFXJ1o/7WJU45bvLl19fhoVMngwg3jIrvGV4VmwhF8J6u:uwF51o/7WJU45bvLl1mMgwkQvGV4Vmwe

Score

N/A

Malware Config

Signatures

Files

a90ff8985f2db79342aa4a9ffd4eec36a894bb1688ea8bcc19bcaddb4f2f1c3a
.exe windows x86

ba990265e5a29b480603d4470b2d76f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
ReleaseSemaphore
ReleaseMutex
MulDiv
LockResource
LoadResource
InitializeCriticalSection
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetShortPathNameW
GetModuleFileNameW
GetEnvironmentVariableA
GetConsoleTitleA
GetCommandLineW
FindResourceA
ExitThread
CreateThread
CreateSemaphoreA
CreateFileA
AreFileApisANSI
SetEnvironmentVariableA
LCMapStringA
MultiByteToWideChar
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetDateFormatA
GetLocaleInfoW
InterlockedExchange
FreeEnvironmentStringsA
GetCurrentThread
TlsSetValue
ExitProcess
GetModuleHandleW
VirtualAlloc
LeaveCriticalSection
DeleteCriticalSection
HeapCreate
GetExitCodeProcess
QueryPerformanceFrequency
WaitForSingleObject
CreateProcessA
HeapReAlloc
IsDebuggerPresent
HeapDestroy
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
LocalAlloc
LocalReAlloc
GetFileSize
OutputDebugStringA
WriteFile
WideCharToMultiByte
VirtualFree
TlsGetValue
SetFilePointer
Sleep
SetThreadPriority
SetPriorityClass
SetFileTime
SetFileAttributesA
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
SetConsoleMode
SetConsoleCtrlHandler
RtlUnwind
RemoveDirectoryW
ReadFile
ReadConsoleA
MoveFileW
LocalFree
LocalFileTimeToFileTime
IsDBCSLeadByte
HeapFree
HeapAlloc
GetVersionExA
GetVersion
GetSystemTime
GetStdHandle
GetStartupInfoA
GetProcessHeap
GetOEMCP
GetModuleFileNameA
GetFullPathNameA
GetFileType
GetFileTime
GetFileAttributesW
GetFileAttributesA
GetEnvironmentStrings
GetDiskFreeSpaceA
GetConsoleMode
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
DeviceIoControl
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CreateDirectoryA
CompareStringW
CompareStringA
lstrlenA
DuplicateHandle
GetLastError
CloseHandle
UnhandledExceptionFilter
QueryPerformanceCounter
InterlockedCompareExchange
GetModuleHandleA
GetVersionExW
OpenProcess
RaiseException
GetCurrentProcess
TerminateProcess
lstrcpynA
SizeofResource
CreatePipe
GlobalFree
GlobalUnlock
GlobalHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcatA
GetShortPathNameA
SleepEx
RemoveDirectoryA
ResumeThread
MoveFileExA
GetUserDefaultLCID
GetLocaleInfoA
IsBadCodePtr
IsBadWritePtr
FlushFileBuffers
FatalAppExitA
SystemTimeToFileTime
GetCurrentDirectoryA
SetUnhandledExceptionFilter

user32

wsprintfA
OemToCharBuffA
OemToCharA
LoadStringA
ExitWindowsEx
CharUpperW
CharToOemA
CharLowerW
FillRect
FindWindowA
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
CharLowerBuffA
GetWindowThreadProcessId
InvalidateRect
IsIconic
LoadIconA
LoadImageA
RegisterClassA
SetForegroundWindow
SetTimer
SetWindowPos
GetParent
MoveWindow
IsWindow
CreateDialogParamA
LoadCursorA
RegisterClassExA
BeginPaint
CreateWindowExA
DefWindowProcA
DrawTextExA
EndPaint
GetWindowRect
GetDlgItem
IsWindowVisible
SetWindowTextA
KillTimer
EnumWindows

advapi32

RegSetValueExA
ReportEventA
RegCloseKey
RegOpenKeyA
RegisterEventSourceA
DeregisterEventSource
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
GetFileSecurityW
GetFileSecurityA
AdjustTokenPrivileges
RegQueryValueExA
LookupAccountSidW
RegEnumKeyExA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
CommandLineToArgvW

ole32

CoUninitialize

msvcrt

wcslen
wcsncmp
wcscmp
wcschr
vfprintf
time
swprintf
strtoul
strtol
strtok
strrchr
strncpy
strcpy
srand
sprintf
remove
printf
mktime
memchr
getenv
fwprintf
fseek
fread
fprintf
fgets
fflush
exit
difftime
ctime
strchr
strstr
wctomb
free
malloc
isprint
calloc
isdigit
memset
isleadbyte
localeconv
realloc
_unlock
__dllonexit
_lock
_onexit
wcsncpy
atol
wcscpy

comctl32

ord17

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba990265e5a29b480603d4470b2d76f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcrt

comctl32

Sections

.text Size: 168KB - Virtual size: 164KB

.idata Size: 12KB - Virtual size: 8KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 104KB - Virtual size: 2.7MB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 168KB - Virtual size: 164KB

.idata
Size: 12KB - Virtual size: 8KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 104KB - Virtual size: 2.7MB

.rsrc
Size: 8KB - Virtual size: 7KB