e8252ea630fda258edea3ae3fb75bc8642df598bcdb60a258f2c5e7ca33d0f66

Sharing

Copy URL

Twitter E-mail

General

Target

e8252ea630fda258edea3ae3fb75bc8642df598bcdb60a258f2c5e7ca33d0f66
Size

318KB
MD5

f58165d5b6af70079cf568a75ca7502a
SHA1

1d1c3ea8f6a0e308a9faaa4b91c8ab22825d690b
SHA256

e8252ea630fda258edea3ae3fb75bc8642df598bcdb60a258f2c5e7ca33d0f66
SHA512

0bcc1a85ff237c0ed309ce192ecb3cb89073129ed0e4c356407b1d064e5b5d04bae57ac46df75024f9c7f65aafafa26278d1316d922395a3fad7683f51d8d75b
SSDEEP

6144:usOtRAj6+u1a6GYx7DPVtLs5J9DDDVeIuvqKa88EOzwF7iBnQ6As2gh:Oc6+u1Jtc5LVcs88EOzYiB/AM

Score

N/A

Malware Config

Signatures

Files

e8252ea630fda258edea3ae3fb75bc8642df598bcdb60a258f2c5e7ca33d0f66
.exe windows x86

c06fc95a953fd176b63970a0240aa2d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mapi32

MAPIOpenFormMgr

ole32

CoUninitialize
CoInitialize
CoCreateInstance
PropVariantClear

shlwapi

SHStrDupA
SHDeleteKeyA
SHDeleteKeyW

kernel32

ExitProcess
GetCPInfo
WriteConsoleW
SetStdHandle
GetLocaleInfoA
InterlockedExchange
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetProcessHeaps
SetCurrentDirectoryA
MultiByteToWideChar
HeapValidate
LeaveCriticalSection
HeapUnlock
DeleteFileA
GetFileType
GetCurrentDirectoryA
GetCurrentThread
CreateProcessA
GetVersionExA
WriteFile
CloseHandle
RemoveDirectoryA
GetLastError
GetFullPathNameW
FindNextFileA
ExitThread
Sleep
ExpandEnvironmentStringsA
CopyFileA
CreateThread
GetCurrentProcessId
LCMapStringW
LoadLibraryA
FreeEnvironmentStringsW
TlsFree
lstrlenA
SetEnvironmentVariableA
HeapSize
WaitForSingleObject
SetFilePointer
MoveFileExA
FlushFileBuffers
GetFileAttributesExA
ResumeThread
GetCurrentProcess
GetTimeZoneInformation
GetStringTypeW
WaitForMultipleObjects
SetConsoleCtrlHandler
GetStringTypeA
GetCommandLineA
LoadLibraryExW
IsValidCodePage
InterlockedCompareExchange
GetExitCodeProcess
LCMapStringA
VirtualFree
GetProcAddress
ExitProcess
CompareStringA
GetDriveTypeA
GetCurrentThreadId
FindClose
HeapLock
GetConsoleWindow
HeapWalk
ReadConsoleInputA
GetModuleFileNameA
RaiseException
GetACP
RtlUnwind
EnterCriticalSection
SetLastError
SetConsoleTitleA
FreeEnvironmentStringsA
SetEvent
GetTickCount
CreateFileA
VirtualQuery
GlobalLock
HeapAlloc
DebugBreak
GetLocalTime
SetUnhandledExceptionFilter
WideCharToMultiByte
UnhandledExceptionFilter
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStrings
GetThreadPriority
GetFileSize
GetProcessHeap
GetFileAttributesW
InitializeCriticalSection
HeapReAlloc
GetNumberOfConsoleInputEvents
InterlockedIncrement
GetFileAttributesA
GlobalUnlock
OpenProcess
CompareStringW
GlobalAlloc
GetStdHandle
GetOEMCP
LocalFree
HeapDestroy
SetEndOfFile
GetConsoleOutputCP
CreateDirectoryW
CreateEventA
GetStartupInfoA
SetFileAttributesA
TlsSetValue
HeapFree
VirtualAlloc
InterlockedDecrement
FindFirstFileA
SetHandleCount
TlsGetValue
GetModuleFileNameW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
TlsAlloc
OutputDebugStringA
CreateFileW
ReadFile
HeapCreate
CreateDirectoryA
GetConsoleMode
LoadLibraryExA
WriteConsoleA
DeleteCriticalSection
FreeLibrary
IsDebuggerPresent
GetModuleHandleA
TerminateProcess

shell32

SHGetMalloc
ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA

user32

DialogBoxParamA
GetDlgItem
GetCursorPos
GetWindowTextLengthA
GetDlgItemInt
EndDialog
EmptyClipboard
IsWindowVisible
wsprintfA
SetDlgItemTextA
GetDesktopWindow
MessageBoxA
ShowWindow
GetKeyState
SetClipboardData
EnumWindowStationsW
SetDlgItemInt
GetWindowThreadProcessId
EnumWindows
DdeDisconnect
ScreenToClient
GetWindowRect
OpenClipboard
SetWindowPos
PeekMessageA
CloseClipboard

advapi32

OpenServiceA
RegDeleteValueA
RegCloseKey
StartServiceA
QueryServiceStatus
OpenSCManagerA
RegisterServiceCtrlHandlerA
DeleteService
RegEnumValueA
RegisterEventSourceA
RegSetValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
CreateServiceA
GetSecurityDescriptorDacl
QueryServiceStatusEx
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExA
CloseServiceHandle
InitializeSecurityDescriptor
ConvertStringSidToSidA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExW
SetNamedSecurityInfoA
ChangeServiceConfigA
RegOpenKeyExA
ChangeServiceConfig2A
RegCreateKeyExA
SetServiceObjectSecurity
DeregisterEventSource
StartServiceCtrlDispatcherA
ControlService
RegEnumKeyExA
SetServiceStatus
ReportEventA
QueryServiceObjectSecurity
AdjustTokenPrivileges

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denue
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c06fc95a953fd176b63970a0240aa2d6

Headers

File Characteristics

Imports

mapi32

ole32

shlwapi

kernel32

shell32

user32

advapi32

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 100KB - Virtual size: 100KB

.denue Size: 5KB - Virtual size: 72KB

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 100KB - Virtual size: 100KB

.denue
Size: 5KB - Virtual size: 72KB