630bd236472a5602d91cf44815d6479215c17cb08f8c04830e81268e11a1aa8f

Sharing

Copy URL

Twitter E-mail

General

Target

630bd236472a5602d91cf44815d6479215c17cb08f8c04830e81268e11a1aa8f
Size

866KB
MD5

8987d327ea5a5163b2587f4211f9a650
SHA1

a0a196021a4fe9c8d42f00834dcddcf5ffd20e21
SHA256

630bd236472a5602d91cf44815d6479215c17cb08f8c04830e81268e11a1aa8f
SHA512

3c654e22c78981ef3fba2b0b9638e96abcef459c0a5a90044d7051b91cf6d959e6a562c5beef19fa7dc05687a517db1324610dc19eab9679ad05e0ac34253587
SSDEEP

24576:v1UNALy7E3T7rpK56hITme5rtqwjgqN8Rf67TA:v1gA+E3Ie9e5rtFcRf67TA

Score

N/A

Malware Config

Signatures

Files

630bd236472a5602d91cf44815d6479215c17cb08f8c04830e81268e11a1aa8f
.exe windows x86

d51dc778f99a05666f76ba4e7b52feca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
FormatMessageW
WriteFile
WriteConsoleW
GetFullPathNameW
CopyFileW
InitializeCriticalSectionAndSpinCount
CreateThread
GetProcessIoCounters
GetStdHandle
GetDriveTypeW
SetErrorMode
GetDiskFreeSpaceExW
GetConsoleOutputCP
VirtualAlloc
GetTimeZoneInformation
GetLocalTime
GetConsoleMode
GetPrivateProfileStringW
GetSystemInfo
GetLastError
GetVersionExW
GetTempFileNameW
LeaveCriticalSection
GetTimeFormatA
GetCurrentProcess
GetConsoleCP
DuplicateHandle
IsDebuggerPresent
CreatePipe
GetSystemTimeAsFileTime
GetModuleHandleA
MoveFileW
EnterCriticalSection
GetCurrentProcessId
GetACP
FindClose
GlobalFree
HeapSize
SetStdHandle
CreateFileW
UnhandledExceptionFilter
GetModuleFileNameA
Beep
GlobalAlloc
DeviceIoControl
WideCharToMultiByte
GetCurrentThread
CompareStringA
InterlockedExchange
GetExitCodeProcess
TlsAlloc
DeleteCriticalSection
CreateEventW
SetFilePointerEx
GetPrivateProfileSectionNamesW
GlobalLock
TlsGetValue
GetStartupInfoW
FlushFileBuffers
InterlockedDecrement
CreateDirectoryW
GetCommandLineW
SetFileTime
VirtualFreeEx
GetCurrentThreadId
GetCurrentDirectoryW
DeleteFileW
Sleep
HeapFree
SetFileAttributesW
VirtualProtectEx
CreateHardLinkW
LoadResource
OpenProcess
GetLocaleInfoA
GetFileAttributesW
InterlockedIncrement
GetComputerNameW
FreeLibrary
WritePrivateProfileStringW
GetTempPathW
GetProcAddress
OutputDebugStringW
GetEnvironmentStringsW
GetEnvironmentVariableW
CreateToolhelp32Snapshot
RaiseException
SetLastError
FileTimeToLocalFileTime
GetFileSize
LoadLibraryW
GetDiskFreeSpaceW
HeapReAlloc
Process32NextW
GetModuleFileNameW
QueryPerformanceCounter
TerminateProcess
GetShortPathNameW
GetWindowsDirectoryW
Process32FirstW
WritePrivateProfileSectionW
FindResourceW
TlsSetValue
RtlUnwind
LockResource
LoadLibraryExW
WaitForSingleObject
LoadLibraryA
SetEnvironmentVariableA
GetStartupInfoA
SetHandleCount
SetCurrentDirectoryW
GetProcessHeap
VirtualFree
GetCPInfo
GlobalUnlock
ResumeThread
SetEndOfFile
WriteConsoleA
RemoveDirectoryW
SetUnhandledExceptionFilter
ExitThread
SystemTimeToFileTime
GetDateFormatA
CloseHandle
CreateProcessW
SetPriorityClass
GetOEMCP
ExitProcess
MulDiv
TerminateThread
lstrcmpiW
GlobalMemoryStatusEx
GetPrivateProfileSectionW
LCMapStringW
SizeofResource
GetTickCount
GetStringTypeA
GetFileType
TlsFree
FreeEnvironmentStringsW
QueryPerformanceFrequency
GetSystemDirectoryW
FindNextFileW
ReadProcessMemory
HeapAlloc
LCMapStringA
ReadFile
CreateFileA
SetVolumeLabelW
GetModuleHandleW
FileTimeToSystemTime
FindFirstFileW
LocalFileTimeToFileTime
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableW
IsValidCodePage
SetFilePointer

user32

GetCursorPos
IsDialogMessageW
CountClipboardFormats
SetLayeredWindowAttributes
GetMenuItemCount
MoveWindow
SendDlgItemMessageW
SendMessageW
GetSysColor
DestroyWindow
IsWindowEnabled
LoadCursorW
VkKeyScanW
SetActiveWindow
ShowWindow
GetWindowRect
ReleaseCapture
TranslateAcceleratorW
SetUserObjectSecurity
GetKeyState
MapVirtualKeyW
ReleaseDC
CreatePopupMenu
FindWindowExW
PostMessageW
InvalidateRect
EmptyClipboard
GetKeyboardState
ScreenToClient
EnumWindows
EnumChildWindows
SetWindowPos
SetMenuDefaultItem
OpenClipboard
SetTimer
CloseClipboard
CharNextW
CharUpperBuffW
GetClassLongW
GetClassNameW
GetWindowThreadProcessId
KillTimer
GetProcessWindowStation
OpenWindowStationW
DefDlgProcW
DefWindowProcW
CopyRect
GetMenu
SetCursor
BlockInput
MessageBeep
IsCharUpperW
GetParent
RegisterWindowMessageW
PeekMessageW
GetWindowLongW
wsprintfW
SetWindowLongW
MessageBoxA
PostQuitMessage
MonitorFromPoint
GetSubMenu
GetMessageW
DrawTextW
EnableWindow
CreateWindowExW
FrameRect
GetCaretPos
TrackPopupMenuEx
RegisterHotKey
MessageBoxW
SetMenuItemInfoW
SetKeyboardState
AttachThreadInput
CheckMenuRadioItem
CharLowerBuffW
DestroyMenu
UnregisterHotKey
FindWindowW
CopyImage
EndPaint
GetMonitorInfoW
GetUserObjectSecurity
SystemParametersInfoW
GetWindowTextLengthW
IsMenu
GetMenuStringW
SetCapture
WindowFromPoint
GetActiveWindow
FlashWindow
GetFocus
DrawFrameControl
GetSystemMetrics
GetClientRect
GetClipboardData
GetCursorInfo
BeginPaint
ClientToScreen
GetMenuItemID
GetDC
DestroyAcceleratorTable
EnumThreadWindows
DialogBoxParamW
GetWindowDC
SetProcessWindowStation
IsDlgButtonChecked
GetWindowTextW
RedrawWindow
keybd_event
SendMessageTimeoutW
IsCharAlphaW
InsertMenuItemW
IsCharLowerW
SetForegroundWindow
GetDlgCtrlID
GetDlgItem
SetWindowTextW
FillRect
SetFocus
SetClipboardData
DeleteMenu
GetForegroundWindow
IsZoomed
LoadImageW
RegisterClassExW
ExitWindowsEx
CloseWindowStation
SetRect
InflateRect
LoadStringW
OpenDesktopW
DrawMenuBar
GetMenuItemInfoW
PtInRect
IsWindowVisible
GetDesktopWindow
SetMenu
CreateAcceleratorTableW
MonitorFromRect
CreateMenu
IsWindow
TranslateMessage
GetAsyncKeyState
LoadIconW
LockWindowUpdate
GetKeyboardLayoutNameW
DrawFocusRect
DispatchMessageW
DestroyIcon
IsIconic
IsClipboardFormatAvailable
CreateIconFromResourceEx
mouse_event
SendInput
CloseDesktop
AdjustWindowRectEx
EndDialog

gdi32

SetViewportOrgEx
BeginPath
CreateCompatibleBitmap
GetDIBits
StrokePath
CreateSolidBrush
GetPixel
SetPixel
PolyDraw
DeleteObject
GetObjectW
ExtCreatePen
LineTo
SetBkColor
GetDeviceCaps
GetTextExtentPoint32W
Ellipse
MoveToEx
CreatePen
EndPath
GetTextFaceW
SetTextColor
CreateCompatibleDC
RoundRect
StretchBlt
CreateFontW
Rectangle
GetStockObject
CloseFigure
SelectObject
SetBkMode
CreateDCW
AngleArc
DeleteDC
StrokeAndFillPath

advapi32

SetSecurityDescriptorDacl
OpenSCManagerW
OpenProcessToken
GetAce
GetUserNameW
LockServiceDatabase
RegConnectRegistryW
RegCreateKeyExW
UnlockServiceDatabase
RegQueryValueExW
RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
AddAce
InitializeAcl
GetSecurityDescriptorDacl
GetTokenInformation
RegCloseKey
GetLengthSid
GetAclInformation
RegDeleteValueW
CreateProcessAsUserW
LookupPrivilegeValueW
InitiateSystemShutdownExW
OpenThreadToken
LogonUserW
DuplicateTokenEx
CopySid
AdjustTokenPrivileges
RegEnumKeyExW
RegSetValueExW
CreateProcessWithLogonW
CloseServiceHandle
InitializeSecurityDescriptor

shell32

SHEmptyRecycleBinW
Shell_NotifyIconW
DragQueryPoint
SHFileOperationW
ShellExecuteExW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
ShellExecuteW
DragFinish
ExtractIconExW
SHGetPathFromIDListW

ole32

OleSetContainedObject
CoInitializeSecurity
CreateStreamOnHGlobal
OleUninitialize
CoSetProxyBlanket
CLSIDFromProgID
MkParseDisplayName
CoUninitialize
CoTaskMemFree
IIDFromString
CreateBindCtx
CoCreateInstanceEx
CLSIDFromString
CoInitialize
OleInitialize
StringFromIID
CoTaskMemAlloc
OleSetMenuDescriptor
StringFromCLSID
CoCreateInstance

oleaut32

OACreateTypeLib2
SafeArrayAccessData
VariantTimeToSystemTime
OleLoadPicture
SysAllocString
SafeArrayAllocDescriptorEx
SafeArrayUnaccessData
GetActiveObject
VariantCopy
SafeArrayGetVartype
LoadRegTypeLi
VarR8FromDec
SafeArrayAllocData
VariantClear
VariantInit
SafeArrayDestroyDescriptor

comctl32

ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragLeave
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_Create
ImageList_DragEnter
ImageList_EndDrag
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove

shlwapi

SHQueryInfoKeyA

winmm

mciSendStringW
timeGetTime
waveOutSetVolume

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetQueryOptionW
HttpOpenRequestW
FtpGetFileSize
InternetOpenUrlW
InternetOpenW
FtpOpenFileW
HttpSendRequestW
HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
InternetQueryDataAvailable
InternetCrackUrlW
InternetConnectW
InternetReadFile

wsock32

closesocket
WSACleanup
__WSAFDIsSet
connect
recvfrom
htons
bind
socket
setsockopt
ntohs
select
ioctlsocket
gethostbyname
WSAGetLastError
recv
send
WSAStartup
listen
gethostname
inet_addr
accept
sendto

mpr

WNetUseConnectionW
WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W

psapi

GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcesses
EnumProcessModules

userenv

UnloadUserProfile
LoadUserProfileW
DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kyup
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ryuw
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kyupl
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kuyul
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d51dc778f99a05666f76ba4e7b52feca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

winmm

version

wininet

wsock32

mpr

psapi

userenv

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 188KB

.kyup Size: 303KB - Virtual size: 302KB

.ryuw Size: 12KB - Virtual size: 11KB

.kyupl Size: 512B - Virtual size: 374B

.kuyul Size: 499KB - Virtual size: 499KB

.rsrc Size: 1024B - Virtual size: 640B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 188KB

.kyup
Size: 303KB - Virtual size: 302KB

.ryuw
Size: 12KB - Virtual size: 11KB

.kyupl
Size: 512B - Virtual size: 374B

.kuyul
Size: 499KB - Virtual size: 499KB

.rsrc
Size: 1024B - Virtual size: 640B

.reloc
Size: 5KB - Virtual size: 4KB