349bebb2612235669eead804c50f90000f79a3066dc765690a3a96bfad0d61b0

Sharing

Copy URL

Twitter E-mail

General

Target

349bebb2612235669eead804c50f90000f79a3066dc765690a3a96bfad0d61b0
Size

928KB
MD5

51717a33999863583c1c89544d7a9c2c
SHA1

f6bfdf834d1d59e2c9b7875f4f015842b3769bc8
SHA256

349bebb2612235669eead804c50f90000f79a3066dc765690a3a96bfad0d61b0
SHA512

403213990b388723cd9dcd26f6230c980503d2293b36a015aaaa60aa81d73d1a450e7786dd7e3022a8c67d991bc46eb9a26068ae39c2d38395ce1095b7aee416
SSDEEP

24576:IUrYhmqvbAqd0bWbZr64BoHLqMia5VqE:TwvBdMWVr6VrqHa5VqE

Score

N/A

Malware Config

Signatures

Files

349bebb2612235669eead804c50f90000f79a3066dc765690a3a96bfad0d61b0
.exe windows x86

3a537062bb174667e487e058fd1ff4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_wtoi64
_wchdir
_ltow
scanf
??8type_info@@QBEHABV0@@Z
asctime
wcscspn
_ismbcalnum
_iob
__p__environ
memmove
_stat
_snprintf
_adjust_fdiv
_mbsrchr
_CIlog
_wcsicoll
srand
isalpha
realloc
_wgetcwd
iswlower
_localtime64

kernel32

VirtualProtect
CompareStringA
GetVDMCurrentDirectories
GetFileAttributesW
GetEnvironmentVariableA
UnregisterWaitEx
SetConsoleOS2OemFormat
FormatMessageA
ClearCommError
VirtualAlloc
EnumResourceNamesW
lstrcpyA
QueueUserAPC
SetFilePointerEx
AreFileApisANSI
SetThreadIdealProcessor
GetTickCount
SetFilePointer
HeapLock
GetNamedPipeInfo
DeleteVolumeMountPointA
MoveFileExW
CreateSemaphoreA
WriteFileEx
GetStdHandle
Module32FirstW
EnterCriticalSection
SetConsoleScreenBufferSize
SearchPathW
OpenSemaphoreA
GetCurrentDirectoryW
PeekNamedPipe

uxtheme

GetThemeBool
CloseThemeData
SetWindowTheme
IsThemeActive
GetThemeSysFont
GetThemeAppProperties
GetThemeMetric
GetThemeMargins
GetThemeBackgroundRegion
OpenThemeData
GetThemeFont
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundExtent

comctl32

ImageList_DrawEx
ImageList_AddMasked
ImageList_Remove
ImageList_SetOverlayImage
ImageList_DragShowNolock
ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetDragImage
ImageList_GetImageCount
InitCommonControls
PropertySheetW
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_SetIconSize
PropertySheetA
_TrackMouseEvent
ImageList_DragEnter
ImageList_GetIcon
CreateStatusWindowA
ImageList_Add
ImageList_SetDragCursorImage

odbc32

CursorLibLockDbc
PostODBCError
CursorLibLockStmt
PostODBCComponentError
CursorLibTransact
CursorLibLockDesc
LockHandle
VFreeErrors
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
SearchStatusCode

wintrust

CryptCATAdminAcquireContext
CryptCATEnumerateCatAttr
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
CryptCATAdminAddCatalog
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATGetMemberInfo
CryptCATOpen
CryptCATClose
CryptCATAdminEnumCatalogFromHash
IsCatalogFile
WTHelperGetFileHash
WTHelperGetProvCertFromChain
CryptCATGetAttrInfo
WintrustAddActionID
CryptCATGetCatAttrInfo
WintrustRemoveActionID
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
CryptCATEnumerateAttr
WintrustLoadFunctionPointers
CryptCATEnumerateMember
WinVerifyTrustEx
CryptCATCatalogInfoFromContext

advapi32

BackupEventLogW
GetCurrentHwProfileW
AddAuditAccessAceEx
ReadEventLogW
QueryRecoveryAgentsOnEncryptedFile
QueryServiceStatusEx
RegQueryMultipleValuesA
AreAnyAccessesGranted
AddAccessDeniedAce
RegSetKeySecurity
AllocateAndInitializeSid
WriteEncryptedFileRaw
GetEffectiveRightsFromAclW
LookupAccountNameA
RegSetValueA
SetPrivateObjectSecurity
BuildSecurityDescriptorW

crypt32

CertFreeCertificateContext

Sections

.data
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 207B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 211KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 199KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a537062bb174667e487e058fd1ff4b8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

uxtheme

comctl32

odbc32

wintrust

advapi32

crypt32

Sections

.data Size: 1024B - Virtual size: 972B

.rdata Size: 512B - Virtual size: 207B

.text Size: 211KB - Virtual size: 582KB

.rdata Size: 115KB - Virtual size: 369KB

.idata Size: 199KB - Virtual size: 245KB

.data Size: 237KB - Virtual size: 306KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 972B

.rdata
Size: 512B - Virtual size: 207B

.text
Size: 211KB - Virtual size: 582KB

.rdata
Size: 115KB - Virtual size: 369KB

.idata
Size: 199KB - Virtual size: 245KB

.data
Size: 237KB - Virtual size: 306KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 2KB - Virtual size: 1KB