a75b4322108499fa74b53732aa18afe13c9c31e5aa70a552b46f1d6871076180

Sharing

Copy URL Twitter E-mail

General

Target

a75b4322108499fa74b53732aa18afe13c9c31e5aa70a552b46f1d6871076180
Size

264KB
MD5

7fd2520c1a65a41db465cef3504e7926
SHA1

61989fde7588eee7565f01302ef3a327eeb275cc
SHA256

a75b4322108499fa74b53732aa18afe13c9c31e5aa70a552b46f1d6871076180
SHA512

d49c1b5da36cdefea3b01194d3e242aa2658039a2fd612117f9be57c6a854d97f7ec85977ec74bf71637c5b85afb64d68a1a1f7ca7250d181f99b51375bdf356
SSDEEP

6144:SVv17Djtwm5fBc7jOyrBoxMgD9XVksf0uHpPCjAcH+:KFDjtwm5qwMgxOsP0H+

Score

N/A

Malware Config

Signatures

Files

a75b4322108499fa74b53732aa18afe13c9c31e5aa70a552b46f1d6871076180
.exe windows x86

a5f960dc17fecd4f9a2b41906c98e953

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

comctl32

ImageList_GetIconSize
ImageList_AddMasked
ImageList_Create
ImageList_GetImageCount

kernel32

ReleaseMutex
CreateEventW
HeapAlloc
ReadFile
WaitForMultipleObjects
CreateThread
GetSystemTimeAsFileTime
GlobalFree
FreeLibraryAndExitThread
LocalFree
MapViewOfFile
WaitForMultipleObjectsEx
GetModuleHandleW
SetLastError
ExpandEnvironmentStringsW
GetTempFileNameW
SetUnhandledExceptionFilter
HeapFree
ResetEvent
VirtualQuery
OutputDebugStringW
WriteFile
FindFirstFileW
LeaveCriticalSection
IsDebuggerPresent
ResumeThread
FindClose
CloseHandle
WideCharToMultiByte
GetFileSize
VirtualProtect
GlobalAlloc
OpenEventW
lstrlenA
GlobalLock
WaitForSingleObject
lstrcpynW
GetProcessHeap
EnterCriticalSection
GlobalMemoryStatus
TerminateThread
FreeLibrary
lstrlenW
LocalAlloc
OpenMutexW
lstrcmpiW
GetModuleHandleExW
OpenFileMappingW
UnhandledExceptionFilter
GetCurrentThreadId
DeleteFileW
GlobalUnlock
CreateDirectoryW
CreateMutexW
GetSystemInfo
FindNextFileW
CreateFileMappingW
DeleteCriticalSection
UnmapViewOfFile
CreateFileW
CompareFileTime
VirtualAllocEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

SHDeleteEmptyKeyW
PathRemoveFileSpecW
PathAppendW
SHDeleteKeyW
PathRemoveBlanksW
PathUnquoteSpacesW
PathFileExistsW
SHQueryValueExA
StrChrA
SHGetValueW
SHDeleteOrphanKeyA
UrlCreateFromPathA
PathIsSystemFolderA
PathCreateFromUrlW
SHGetThreadRef
PathRemoveArgsW
UrlCanonicalizeW
UrlIsNoHistoryA
SHRegDeleteUSValueA
PathCombineA
PathIsSameRootA
SHRegGetPathA
PathIsContentTypeW
PathAppendA
UrlCombineA
PathIsRelativeW
StrRetToBSTR
PathRemoveBackslashA
PathIsDirectoryW
SHIsLowMemoryMachine
StrStrNW
PathBuildRootA
PathIsFileSpecA
PathIsRootA
StrNCatA
StrTrimA
SHStrDupA
PathCombineW
PathRenameExtensionA
StrToIntA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

gdi32

DeleteObject
GetDeviceCaps

oleaut32

SysStringByteLen
VariantClear
SysFreeString
VariantInit
SysAllocString
VariantCopy
VarCmp
VariantChangeType

advapi32

RegOpenKeyExW
ConvertSidToStringSidW
RegCreateKeyExW
GetAce
RegSetValueExA
InitializeSecurityDescriptor
RegDeleteValueW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
GetSidIdentifierAuthority
FreeSid
GetSidSubAuthorityCount
RegDeleteKeyW
RegEnumKeyW
GetSidSubAuthority
RegQueryValueExW
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorSacl
CryptGenRandom
RegEnumKeyExW
AllocateAndInitializeSid
SetEntriesInAclW
RegCloseKey
AddAce
RegEnumValueW
GetNamedSecurityInfoW
GetUserNameW
GetSecurityDescriptorSacl
LookupAccountNameW
GetAclInformation
RegSetValueExW
RegQueryInfoKeyW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
CryptReleaseContext

esent

JetBeginTransaction
JetRetrieveColumn
JetMakeKey
JetSetSystemParameter
JetSetCurrentIndex
JetEndSession
JetMove
JetGetTableIndexInfo
JetGetInstanceInfo
JetTerm
JetInit
JetGetTableColumnInfo
JetCloseTable
JetSeek
JetDetachDatabase
JetCreateInstance
JetAttachDatabase
JetCloseDatabase
JetSetIndexRange
JetCreateIndex
JetBeginSession
JetGetObjectInfo
JetOpenDatabase
JetFreeBuffer
JetCommitTransaction
JetOpenTable

user32

GetWindowRect
CallWindowProcW
SetWindowLongW
RemovePropW
SendMessageW
GetSystemMetrics
TranslateMessage
ReleaseDC
GetPropW
GetWindowLongW
MsgWaitForMultipleObjectsEx
SetTimer
DispatchMessageW
PeekMessageW
PostMessageW
SetWindowPos
IsWindow
GetClassNameW
DestroyWindow
GetClassLongW
LoadStringW
LoadImageW
KillTimer
GetDC
GetParent
SetPropW
FindWindowExW
MsgWaitForMultipleObjects
EnableWindow

cryptdll

CDGenerateRandomBits

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5f960dc17fecd4f9a2b41906c98e953

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

version

shlwapi

ole32

gdi32

oleaut32

advapi32

esent

user32

cryptdll

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 224KB - Virtual size: 14.5MB

.rdata Size: 6KB - Virtual size: 425KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 224KB - Virtual size: 14.5MB

.rdata
Size: 6KB - Virtual size: 425KB

.rsrc
Size: 10KB - Virtual size: 9KB