d2458a99b58a82ff1ca962d14f1321f16329fa3dca1de34315ca61a09ae0ea4c

Sharing

Copy URL Twitter E-mail

General

Target

d2458a99b58a82ff1ca962d14f1321f16329fa3dca1de34315ca61a09ae0ea4c
Size

221KB
MD5

b04a575665ec33ab1081abc26bcd651f
SHA1

8ccdc55f7250fc4cd196ac6c0599ba6adf320a4b
SHA256

d2458a99b58a82ff1ca962d14f1321f16329fa3dca1de34315ca61a09ae0ea4c
SHA512

9bb39cdb9e0e00c5d6a7f386c4cf45fa6b48bc1742bf48efd91b37c4c343f8110414bba278bd3bf956f769468cc1f1686ea42161b32d5812a8a9ba7a385f2a14
SSDEEP

6144:RRqqDLlhi0D76fLiN86iRAPmwh0ErFJBKJwNGcKyzi9/ip8PlkR:Rsqnlhi0D76fLk86iyPmwjv9KrCcs

Score

N/A

Malware Config

Signatures

Files

d2458a99b58a82ff1ca962d14f1321f16329fa3dca1de34315ca61a09ae0ea4c
.exe windows x86

4f9848aacf1cc7565483429393b240f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
SetLastError
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
VirtualQueryEx
SetFileAttributesW
ExpandEnvironmentStringsW
ExitProcess
GetModuleFileNameW
CreateFileW
MoveFileExW
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNativeSystemInfo
GetVersionExW
lstrcmpiA
GetModuleHandleA
GlobalLock
GlobalUnlock
CreateRemoteThread
OpenEventW
GetThreadContext
SetThreadContext
GetProcessId
WTSGetActiveConsoleSessionId
GetCommandLineW
SetErrorMode
GetComputerNameW
DuplicateHandle
GetCurrentProcessId
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetModuleHandleW
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
GetTimeZoneInformation
Thread32Next
GetFileAttributesW
lstrcpynW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
GetFileAttributesExW
OpenProcess
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
FindFirstFileW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
CreateThread
GetSystemTime
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSection
CreatePipe
ReadFile
WriteFile
SetHandleInformation
WaitForSingleObject
CreateProcessW
ResetEvent
TerminateProcess
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
CloseHandle
WaitForMultipleObjects
CreateEventW
GetLocalTime
ExitThread
GetTickCount
ReleaseMutex
WriteProcessMemory

user32

PeekMessageW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
CharLowerA
EqualRect
PrintWindow
IsRectEmpty
MapVirtualKeyW
PostMessageW
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetCursorPos
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
GetWindowLongW
TranslateMessage
CharToOemW
CharLowerW
WindowFromPoint
MsgWaitForMultipleObjects
GetKeyboardLayoutList
ExitWindowsEx
DrawIcon
GetIconInfo
GetKeyboardState
ToUnicode
MessageBoxA
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
CharLowerBuffA
MapWindowPoints
GetMessageA
SetCapture
GetDCEx
GetCapture
GetDC
GetMenu
RegisterClassExW
GetClipboardData
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
CallWindowProcA
GetTopWindow
SetKeyboardState
LoadImageW
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
GetSystemMetrics
IntersectRect

advapi32

CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RegOpenKeyExW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
CreateProcessAsUserA
RegEnumKeyExW
ConvertSidToStringSidW
SetSecurityInfo
GetLengthSid
InitiateSystemShutdownExW
EqualSid
IsWellKnownSid
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW

shlwapi

PathMatchSpecW
StrCmpNIW
PathIsURLW
StrStrIW
StrStrIA
PathRenameExtensionW
PathQuoteSpacesW
wvnsprintfA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
GetDIBits
CreateDIBSection
DeleteObject

ws2_32

WSAEventSelect
listen
send
closesocket
WSASetLastError
freeaddrinfo
socket
bind
recvfrom
getpeername
inet_addr
WSASend
gethostbyname
WSAIoctl
connect
getsockname
accept
WSAGetLastError
sendto
setsockopt
shutdown
select
getaddrinfo
WSAStartup
WSAAddressToStringW
recv

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore

wininet

HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
InternetQueryOptionW
InternetReadFile
InternetGetCookieA
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpEndRequestW
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
HttpQueryInfoA
InternetConnectA
InternetSetStatusCallbackA
InternetCrackUrlA
HttpAddRequestHeadersW

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f9848aacf1cc7565483429393b240f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 208KB - Virtual size: 207KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 208KB - Virtual size: 207KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB