88ce3ed58949b680fc87af8910c345f42223f14abcf4d803f674203ae729b386

Sharing

Copy URL

Twitter E-mail

General

Target

88ce3ed58949b680fc87af8910c345f42223f14abcf4d803f674203ae729b386
Size

275KB
MD5

bed30d5c32f3badc8c4b7727a4f253f3
SHA1

4c58fafb2dd780df97fdb97a8811519f74217cdd
SHA256

88ce3ed58949b680fc87af8910c345f42223f14abcf4d803f674203ae729b386
SHA512

68b9c6a5a910df3e455036531ec6a346634b7080618e342d5db9fbf50302e1d66253561e4d9e48a63660fec2d675c72b70c740881d7d8304bad1261e23f59cbe
SSDEEP

6144:x/+2YVAiZuC77o3sP6dS7+stWQ+NOMsnqsnGTt:eVPDo3sP6dSTW5NOMpsnG

Score

N/A

Malware Config

Signatures

Files

88ce3ed58949b680fc87af8910c345f42223f14abcf4d803f674203ae729b386
.exe windows x86

b159f5bcb743979eda6f21bfc4b11889

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
DestroyWindow
wsprintfW
GetMonitorInfoW
PostQuitMessage
GetSystemMetrics
PostMessageW
PeekMessageW
IsIconic
GetMenuItemInfoW
EnableMenuItem
IsWindow
GetMenuItemCount
DefWindowProcW
GetWindow
PtInRect
CharNextW
SetFocus
LoadAcceleratorsW
MessageBeep
FlashWindow
DestroyMenu
KillTimer
TrackPopupMenuEx
LoadCursorW
RegisterClassExW
ShowWindow
MonitorFromWindow
FindWindowW
DispatchMessageA
SetForegroundWindow
ModifyMenuW
LoadImageW
MsgWaitForMultipleObjectsEx
GetWindowRect
DispatchMessageW
GetClientRect
SetWindowLongW
SendMessageW
GetClassInfoExW
SetMenuDefaultItem
MessageBoxW
CallWindowProcW
GetMessageA
GetMessageW
InvalidateRect
MapWindowPoints
SetMenuItemInfoW
SetTimer
GetWindowThreadProcessId
MonitorFromPoint
AppendMenuW
LoadMenuW
GetDesktopWindow
CharPrevW
TranslateMessage
GetParent
TranslateAcceleratorW
LoadStringW
GetForegroundWindow
RemoveMenu
GetWindowLongW
SetWindowPos
CreatePopupMenu
LoadStringA
IsWindowUnicode
GetSystemMenu
DestroyIcon
AttachThreadInput
UnregisterClassA

shell32

ShellExecuteW
SHAppBarMessage
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

oleaut32

VariantCopyInd
SysAllocStringByteLen
SafeArrayPtrOfIndex
SafeArrayUnlock
VariantClear
SafeArrayLock
VariantInit
SafeArrayCreateVector
SafeArrayCreate
VarUI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
SysStringByteLen

advapi32

TraceMessage
ConvertStringSidToSidW
RegDeleteValueW
GetTraceEnableLevel
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
ControlTraceW
RegDeleteKeyW
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetAce
GetSecurityDescriptorGroup
ConvertSidToStringSidW
MakeAbsoluteSD
CryptCreateHash
RegOpenKeyExW
GetTraceEnableFlags
GetTokenInformation
OpenThreadToken
CryptAcquireContextW
CryptGetHashParam
GetSidLengthRequired
IsValidSid
AllocateAndInitializeSid
OpenProcessToken
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
GetLengthSid
GetSecurityDescriptorDacl
CryptDestroyKey
GetSecurityDescriptorLength
CopySid
CryptHashData
RegCloseKey
UnregisterTraceGuids
CreateProcessAsUserW
DuplicateTokenEx
GetTraceLoggerHandle
CryptReleaseContext
InitializeSecurityDescriptor
AddAce
RegQueryValueExW
SetTokenInformation
GetAclInformation
RegQueryInfoKeyW
GetSecurityDescriptorControl
CryptDestroyHash
GetSecurityDescriptorOwner
GetSidSubAuthority
FreeSid
EqualSid
InitializeSid
RegCreateKeyExW
InitializeAcl
RegEnumKeyExW

shlwapi

PathIsUNCServerW
PathAppendW
PathQuoteSpacesW
PathRemoveFileSpecW
PathIsUNCW
SHDeleteKeyW
UrlCanonicalizeW
PathAddBackslashW
PathSkipRootW

kernel32

lstrlenW
GlobalAlloc
GetOEMCP
SleepEx
OutputDebugStringW
DisconnectNamedPipe
GetConsoleMode
RegisterWaitForSingleObject
lstrcpynA
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
FindNextFileW
CreateSemaphoreW
GetStdHandle
CreateMutexW
GlobalLock
LCMapStringA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
EnterCriticalSection
FileTimeToSystemTime
SetEnvironmentVariableA
GetSystemDirectoryW
IsProcessorFeaturePresent
CreateFileW
CloseHandle
GlobalUnlock
FindFirstFileW
TerminateThread
ReleaseSemaphore
LCMapStringW
FreeEnvironmentStringsW
FlushFileBuffers
CreateWaitableTimerW
TlsFree
CompareStringW
GetModuleHandleW
WaitForMultipleObjectsEx
IsValidCodePage
UnhandledExceptionFilter
LocalAlloc
GetConsoleOutputCP
GetTimeZoneInformation
GetTimeFormatW
ResumeThread
TlsSetValue
GetACP
DeleteCriticalSection
SetFilePointer
ConnectNamedPipe
FreeEnvironmentStringsA
LeaveCriticalSection
GetFileSize
FindResourceExW
VirtualProtect
FlushInstructionCache
HeapDestroy
OpenThread
ExitThread
ProcessIdToSessionId
GetSystemTimeAsFileTime
HeapAlloc
lstrlenA
LocalFree
WriteFile
CreateProcessW
VerSetConditionMask
lstrcmpiW
GlobalSize
CreateEventW
ResetEvent
TlsGetValue
VirtualAlloc
FreeLibrary
FindResourceW
CreateNamedPipeW
VirtualQuery
HeapReAlloc
CompareStringA
FindClose
CancelIo
CancelWaitableTimer
GetDateFormatW
OpenProcess
SetUnhandledExceptionFilter
SetLastError
SizeofResource
LoadResource
lstrcpynW
WideCharToMultiByte
SetHandleCount
GetCurrentThreadId
GetExitCodeThread
GetFileType
SetNamedPipeHandleState
GetProcessHeap
QueueUserAPC
LoadLibraryExW
WriteConsoleA
LockResource
HeapSize
DisableThreadLibraryCalls
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFree
GetOverlappedResult
VirtualFree
CreateThread
GetConsoleCP
UnregisterWaitEx
SetStdHandle
HeapFree
VerifyVersionInfoW
lstrcpyW
ReadFile
FormatMessageW
WaitForMultipleObjects
WriteConsoleW
DeleteFileW
CreateFileA
ReleaseMutex
CreateDirectoryW
SystemTimeToFileTime
DuplicateHandle
RemoveDirectoryW
SetWaitableTimer
GetSystemInfo
TlsAlloc
RaiseException
GetUserDefaultLangID
GetModuleHandleA
HeapCreate
VirtualAllocEx

userenv

UnloadUserProfile

ole32

CLSIDFromString
CoTaskMemAlloc
CoInitializeEx
GetHGlobalFromStream
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
StringFromCLSID
OleSaveToStream
IIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleLoadFromStream

dbghelp

ImageRvaToVa
SymGetModuleBase
SymGetSymPrev64
SymCleanup
DbgHelpCreateUserDumpW
SymGetLineFromName64
SymEnumSourceFiles
omap
SymUnloadModule64
SymFunctionTableAccess
SymEnumerateSymbolsW64
SymEnumerateModules64

usp10

ScriptGetLogicalWidths
ScriptApplyDigitSubstitution

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IvDiHeX
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ImvtFI
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aFsCLPz
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BVde
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WjdkB
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Bpyw
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KbcUEu
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kOkFmI
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KhhQXhg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RJzsExv
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wNWos
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b159f5bcb743979eda6f21bfc4b11889

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

oleaut32

advapi32

shlwapi

kernel32

userenv

ole32

dbghelp

usp10

Sections

.text Size: 108KB - Virtual size: 108KB

.IvDiHeX Size: 2KB - Virtual size: 2KB

.ImvtFI Size: 3KB - Virtual size: 3KB

.aFsCLPz Size: 3KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 165KB

.BVde Size: 1KB - Virtual size: 1KB

.WjdkB Size: 1024B - Virtual size: 538B

.rdata Size: 124KB - Virtual size: 124KB

.Bpyw Size: 512B - Virtual size: 401B

.KbcUEu Size: 1KB - Virtual size: 1KB

.kOkFmI Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.KhhQXhg Size: 3KB - Virtual size: 3KB

.RJzsExv Size: 3KB - Virtual size: 2KB

.wNWos Size: 4KB - Virtual size: 3KB

.text
Size: 108KB - Virtual size: 108KB

.IvDiHeX
Size: 2KB - Virtual size: 2KB

.ImvtFI
Size: 3KB - Virtual size: 3KB

.aFsCLPz
Size: 3KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 165KB

.BVde
Size: 1KB - Virtual size: 1KB

.WjdkB
Size: 1024B - Virtual size: 538B

.rdata
Size: 124KB - Virtual size: 124KB

.Bpyw
Size: 512B - Virtual size: 401B

.KbcUEu
Size: 1KB - Virtual size: 1KB

.kOkFmI
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.KhhQXhg
Size: 3KB - Virtual size: 3KB

.RJzsExv
Size: 3KB - Virtual size: 2KB

.wNWos
Size: 4KB - Virtual size: 3KB