5fa11cd35f104abf855639949fb1a7c42f74b56fe5b24dd18282d95869ee4f07

Sharing

Copy URL Twitter E-mail

General

Target

5fa11cd35f104abf855639949fb1a7c42f74b56fe5b24dd18282d95869ee4f07
Size

221KB
MD5

423e415e9a82c92116d591ec727a31b6
SHA1

227f83fec6ea060b1abd0d9807bfe30d96ad945e
SHA256

5fa11cd35f104abf855639949fb1a7c42f74b56fe5b24dd18282d95869ee4f07
SHA512

1080fa9c8bd84438f5e4b3498d18a7f7e5811ab1b9eade6d28da7656e7f44e1016cf8ec354d49706ba6b706ffb5ae5852c6fe99b2c07296a421193ca9a1f9789
SSDEEP

6144:gUqqDLD2yi0DLJkEHUe+7oTor795RHhDxjqztcvvsm3Co:gxqnD7i0DLGEHUeQ9vlBxvkAr

Score

N/A

Malware Config

Signatures

Files

5fa11cd35f104abf855639949fb1a7c42f74b56fe5b24dd18282d95869ee4f07
.exe windows x86

89d033b85d8ccf873cd74f04db6ccf98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
MoveFileExW
DeleteFileW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetUserDefaultUILanguage
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
SetLastError
HeapDestroy
HeapCreate
lstrcpynW
CreatePipe
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
GetModuleHandleA
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
LoadLibraryW
CreateDirectoryW
FreeLibrary
ReadFile
SetHandleInformation
CreateProcessW
FlushFileBuffers
WriteFile
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
VirtualFree
GetComputerNameW
SetErrorMode
GetCommandLineW
GetLocalTime
GetLastError
GetModuleFileNameW
ReleaseMutex
GetCurrentThreadId
lstrcmpiW
OpenEventW
Sleep
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
GetFileAttributesExW
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
GetThreadContext
ExitProcess
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
TlsGetValue
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
LocalFree
GetProcAddress
GetVersionExW
GetModuleHandleW
GetNativeSystemInfo
GetFileAttributesW
CreateThread
GetSystemTime
CloseHandle
ExitThread
GetCurrentProcess
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
SetEvent
WaitForSingleObject
ReadProcessMemory

user32

GetIconInfo
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutList
MapVirtualKeyW
GetMessageA
GetWindowRect
SetCapture
GetParent
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
SetWindowPos
DrawIcon
SendMessageTimeoutW
IsWindow
ReleaseCapture
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
CharLowerBuffA
CharToOemW
GetSystemMetrics
SystemParametersInfoW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
GetShellWindow
RegisterClassA
DefFrameProcW
CallWindowProcW
EndMenu
CallWindowProcA
RegisterClassW
HiliteMenuItem
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetMenu
MenuItemFromPoint
RegisterClassExW
GetMenuItemRect
GetCursorPos
TrackPopupMenuEx
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
OpenWindowStationW
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
CharLowerW
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
DefDlgProcA
CreateDesktopW
DefMDIChildProcA
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
PeekMessageA

advapi32

ConvertSidToStringSidW
CreateProcessAsUserA
CreateProcessAsUserW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
EqualSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsWellKnownSid
InitiateSystemShutdownExW
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
RegEnumKeyW

shlwapi

PathAddBackslashW
PathQuoteSpacesW
wvnsprintfA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathRemoveFileSpecW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathUnquoteSpacesW
PathIsURLW
StrCmpNIA
PathRemoveBackslashW
PathFindFileNameW
StrStrIW
StrStrIA
PathRenameExtensionW
StrCmpNIW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

RestoreDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
SaveDC

ws2_32

WSAGetLastError
freeaddrinfo
recv
sendto
select
getaddrinfo
recvfrom
getpeername
send
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
WSAEventSelect
getsockname
accept
closesocket
WSASend
inet_addr
listen
WSASetLastError
socket
bind
gethostbyname

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryOptionW
InternetReadFile
HttpEndRequestW
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
HttpOpenRequestW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
HttpQueryInfoA
InternetConnectA
InternetSetStatusCallbackA
InternetCrackUrlA
HttpAddRequestHeadersW

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89d033b85d8ccf873cd74f04db6ccf98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 208KB - Virtual size: 208KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 208KB - Virtual size: 208KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB