9295f2f331ef8172370cdba81c368292edd1e23e1513b5b20a19e1f0b435c968

Sharing

Copy URL Twitter E-mail

General

Target

9295f2f331ef8172370cdba81c368292edd1e23e1513b5b20a19e1f0b435c968
Size

273KB
MD5

6e7b59b554e6bec95f5cb10d8ad0cee6
SHA1

66cb508dfb6cb6bf88c2e063f51ec39c137b59d6
SHA256

9295f2f331ef8172370cdba81c368292edd1e23e1513b5b20a19e1f0b435c968
SHA512

bd750e36ac9dc32fab257f29a1b9c5ca09fd1db7a8892070dc78df79bd5476bf910fc344a915fcd20225eea1d4002e6478b4c7321d8d7ae9deffb13063606b72
SSDEEP

6144:+oGg5uUz8jBlzZSqg/QIrNtsJ4LhHrS1oW+Fn:+LfjBltSqg/JtsJ4LJrW

Score

N/A

Malware Config

Signatures

Files

9295f2f331ef8172370cdba81c368292edd1e23e1513b5b20a19e1f0b435c968
.exe windows x86

9ab5817626d4b6c3b9aa7601b8763dbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

advapi32

RegCreateKeyExW
OpenProcessToken
StartTraceW
RegSetValueExW
RegOpenKeyExW
ControlTraceW
EnableTrace
RegCloseKey
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
RegOpenKeyW
EnumerateTraceGuids
RegDeleteValueW

wininet

InternetCloseHandle

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

secur32

GetComputerObjectNameW

shell32

SHCreateDirectoryExW

crypt32

CryptMsgClose
CertFreeCertificateContext
CryptMsgGetParam
CryptHashPublicKeyInfo
CertCloseStore
CryptMsgGetAndVerifySigner
CryptQueryObject
CryptDecodeObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

kernel32

HeapSize
GetConsoleMode
GetCommandLineA
CancelWaitableTimer
LocalFree
FormatMessageW
SetHandleCount
MapViewOfFile
LocalAlloc
GetFileAttributesExW
WriteConsoleW
FindResourceExW
GetFileSizeEx
GetCurrentDirectoryW
CreateWaitableTimerW
UnhandledExceptionFilter
SetFilePointer
GetConsoleCP
lstrcmpA
TlsFree
CreateToolhelp32Snapshot
GetModuleHandleW
LeaveCriticalSection
GetTempPathW
LoadResource
ReadFile
CreateDirectoryW
Process32NextW
WaitForSingleObject
HeapAlloc
SetWaitableTimer
LCMapStringW
Process32FirstW
IsValidCodePage
SetUnhandledExceptionFilter
GetThreadLocale
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetOEMCP
GetFileSize
GetFileType
FreeEnvironmentStringsW
GetSystemDirectoryW
MoveFileExW
IsProcessorFeaturePresent
SetStdHandle
CreateEventW
GetSystemTimeAsFileTime
RtlUnwind
FreeLibrary
HeapDestroy
CloseHandle
GlobalFree
FindResourceW
TlsAlloc
RemoveDirectoryW
SizeofResource
TlsGetValue
CreateThread
GetACP
LockResource
HeapReAlloc
CreateFileW
IsDebuggerPresent
DeleteCriticalSection
WriteFile
EnumSystemLocalesA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetCommandLineW
CreateFileMappingW
RaiseException
GetProcessHeap
FlushFileBuffers
GetTempFileNameW
IsValidLocale
OpenProcess
SetLastError
TlsSetValue
HeapFree
GetStdHandle
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
DeleteFileW
VirtualAllocEx

wintrust

WinVerifyTrust

userenv

ExpandEnvironmentStringsForUserW

user32

PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
GetSystemMetrics
TranslateMessage
UpdateWindow

shlwapi

PathFindFileNameW
PathFileExistsW
PathCombineW
SHDeleteKeyW
PathFindExtensionW
PathRemoveFileSpecW

comctl32

CreateStatusWindow
ImageList_SetFilter
FlatSB_ShowScrollBar
DllGetVersion
ImageList_GetIcon
DrawStatusText

catsrv

DllGetClassObject
DllRegisterServer
DllCanUnloadNow
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 39KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 175KB - Virtual size: 837KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ab5817626d4b6c3b9aa7601b8763dbf

Headers

File Characteristics

Imports

urlmon

advapi32

wininet

ole32

secur32

shell32

crypt32

kernel32

wintrust

userenv

user32

shlwapi

comctl32

catsrv

Sections

.text Size: 16KB - Virtual size: 16KB

.bss Size: 39KB - Virtual size: 947KB

.reloc Size: 175KB - Virtual size: 837KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 36KB - Virtual size: 634KB

.rsrc Size: 512B - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.bss
Size: 39KB - Virtual size: 947KB

.reloc
Size: 175KB - Virtual size: 837KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 634KB

.rsrc
Size: 512B - Virtual size: 1KB