e9bf370b432c3e5706339093b4e3ca8277adc7d0a12565c806b110a337ab6a3c

Sharing

Copy URL Twitter E-mail

General

Target

e9bf370b432c3e5706339093b4e3ca8277adc7d0a12565c806b110a337ab6a3c
Size

684KB
MD5

e86d856a8e5a58d33e1363bc411e5ce5
SHA1

d09a819e60d7217fed7f7755639937c6403b0bec
SHA256

e9bf370b432c3e5706339093b4e3ca8277adc7d0a12565c806b110a337ab6a3c
SHA512

85cb0c0ddcd9507a4129be9de37c2b16197175ffd551bb4232e584819e09f566e6df7295e94b591cd23b4e234d808d45d999231952433d229cafdf0fcec45af8
SSDEEP

12288:WJyr7udF1Tmc+G8pVAMu3TkDNAiwuqbuUJbF20aBCnc:WEr7udF1TLX8pVAUyiwuqbuEbF2ec

Score

N/A

Malware Config

Signatures

Files

e9bf370b432c3e5706339093b4e3ca8277adc7d0a12565c806b110a337ab6a3c
.exe windows x86

81cafa9698625ca4fd8c21999d566232

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
SystemTimeToFileTime
GetSystemTime
GetWindowsDirectoryA
GetTickCount
SetEvent
OpenEventA
GetPrivateProfileStringA
GetCurrentProcess
GetVersionExA
GetShortPathNameA
GetSystemDirectoryA
WinExec
ReadFile
SetFileTime
SetFileAttributesA
LoadLibraryA
FindNextFileA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
GlobalUnlock
lstrcmpA
FindFirstFileA
GetModuleHandleA
GetVersion
CreateThread
lstrcpynA
Sleep
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
GetCurrentProcessId
CreateFileW
GetLocaleInfoA
LockResource
LoadResource
FindResourceA
FindClose
CreateEventA
QueryPerformanceFrequency
CreateFileA
CloseHandle
GetDiskFreeSpaceA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
SetLastError
GetLastError
GetFileAttributesA
MoveFileA
CopyFileA
GlobalAlloc
GlobalLock
lstrcpyA
DeleteFileA
CreateDirectoryA
GetPrivateProfileSectionA
MoveFileExA
GetModuleFileNameA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
LCMapStringW
MapViewOfFile
UnmapViewOfFile
SearchPathA
VirtualProtect
VirtualQuery
InterlockedExchange
ResetEvent
QueryPerformanceCounter
GetCurrentThread
RtlUnwind
RaiseException
TlsSetValue
ExitThread
HeapAlloc
HeapFree
GetStartupInfoA
ExitProcess
TlsAlloc
TlsGetValue
FlushFileBuffers
SetStdHandle
GetOEMCP
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
GetFileType
GetCPInfo
LCMapStringA
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
CreateFileMappingA
SetUnhandledExceptionFilter
GetACP
GetEnvironmentStrings

user32

CreateDialogIndirectParamA
CharLowerBuffA
wsprintfA
GetDesktopWindow
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperA
ExitWindowsEx
DestroyWindow
LoadStringA
CharNextA
WaitForInputIdle
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetDlgItem
SendMessageA
SetDlgItemTextA
IsDialogMessageA

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
TranslateCharsetInfo

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegConnectRegistryA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
OpenThreadToken
RegEnumKeyExA
RegEnumValueA
AllocateAndInitializeSid
RegQueryValueA
FreeSid
EqualSid
GetTokenInformation

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

OleLoadFromStream
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
CreateFileMoniker
CLSIDFromString
CoCreateGuid
CoRegisterClassObject
StringFromCLSID
CreateItemMoniker
GetRunningObjectTable
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ProgIDFromCLSID
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoRevokeClassObject

oleaut32

RegisterTypeLi
SysStringByteLen
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayPutElement
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLi
SysAllocStringLen
SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayGetDim
LoadTypeLi
SafeArrayCopy
SysAllocString
VariantClear
VariantCopyInd

msi

ord87
ord189
ord18
ord144
ord46
ord136
ord141
ord168
ord7
ord67
ord93
ord91
ord95
ord120
ord17
ord124
ord49
ord75
ord79
ord116
ord73
ord112
ord31
ord159
ord8
ord160
ord117
ord146
ord103
ord33

rpcrt4

RpcRaiseException
NdrConformantStringUnmarshall
RpcServerUseProtseqEpA
RpcServerUnregisterIf
RpcMgmtStopServerListening
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerFree
NdrServerInitializeNew
NdrConvert
I_RpcGetBuffer
RpcServerRegisterIf
RpcServerListen

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81cafa9698625ca4fd8c21999d566232

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

comctl32

version

Sections

.text Size: 416KB - Virtual size: 414KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 36KB - Virtual size: 121KB

.rsrc Size: 76KB - Virtual size: 72KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 416KB - Virtual size: 414KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 36KB - Virtual size: 121KB

.rsrc
Size: 76KB - Virtual size: 72KB

.rrdata
Size: 72KB - Virtual size: 72KB