b3ecf7caf092214e96ef927b91978112f460c454562af3d33ffbd2e16e96bdd1

Sharing

Copy URL Twitter E-mail

General

Target

b3ecf7caf092214e96ef927b91978112f460c454562af3d33ffbd2e16e96bdd1
Size

284KB
MD5

a40ae500e533f113364e8784636baa07
SHA1

2748328495c0dd28e7afb714ed1cbd4452ba2654
SHA256

b3ecf7caf092214e96ef927b91978112f460c454562af3d33ffbd2e16e96bdd1
SHA512

d198e98c27f4acdb36877b3210c0d13da1c0204d3094730d49cd81046fe08266ab0c7604575000feb97e7fd59ef26d616f1f501fd29d01aeb1a6a14c3de8a0ea
SSDEEP

6144:5AXJBRSiRNNX4fMROV9wCf6WXk+apRoAcnlQV7EQi3:5AXLRSiFOXjPXtijb7EQE

Score

N/A

Malware Config

Signatures

Files

b3ecf7caf092214e96ef927b91978112f460c454562af3d33ffbd2e16e96bdd1
.exe windows x86

93f3e26a602a4d9c333a70daa734eb6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
CompareStringW
FindFirstFileW
RaiseException
GetCommandLineA
lstrlenW
GetFileType
GetTempFileNameW
GetDriveTypeW
CreateProcessW
HeapAlloc
HeapSize
FileTimeToSystemTime
lstrcmpiW
CreateThread
UnhandledExceptionFilter
Process32NextW
EnumSystemLocalesA
GetFileAttributesExW
GetSystemInfo
SetStdHandle
GetDiskFreeSpaceW
MulDiv
GetSystemDirectoryW
TlsFree
FreeEnvironmentStringsW
GetSystemTime
WaitForMultipleObjects
UnmapViewOfFile
GetUserDefaultLCID
WriteFile
GetDiskFreeSpaceExW
LeaveCriticalSection
GetACP
LocalAlloc
GetTempPathW
FreeLibrary
FindClose
ReleaseMutex
CreateFileW
OutputDebugStringW
SetHandleCount
CreateFileMappingW
SetEnvironmentVariableA
FindResourceW
lstrlenA
GetFileInformationByHandle
TlsGetValue
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
Module32FirstW
Process32FirstW
SetUnhandledExceptionFilter
LoadResource
GetLocalTime
IsValidLocale
GetOEMCP
FindNextFileW
GetFullPathNameW
SetEndOfFile
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
IsDebuggerPresent
FindResourceExW
LCMapStringW
ExpandEnvironmentStringsW
GetStdHandle
SetCurrentDirectoryW
GetFileSize
IsValidCodePage
lstrcmpA
DuplicateHandle
GetPrivateProfileSectionW
TlsSetValue
CloseHandle
ResetEvent
GetSystemWindowsDirectoryW
ResumeThread
HeapReAlloc
FormatMessageW
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
GetCommandLineW
RemoveDirectoryW
HeapDestroy
SetEnvironmentVariableW
RtlUnwind
CopyFileW
GetPrivateProfileStringW
GetProcessHeap
OpenMutexW
PeekNamedPipe
lstrcmpW
FindFirstFileExW
GetModuleHandleW
ReadFile
CreateEventW
EnumUILanguagesW
EnterCriticalSection
CreateMutexW
LockResource
GetFileSizeEx
SizeofResource
CreateDirectoryW
HeapFree
GetShortPathNameW
SetLastError
IsWow64Process
ExitThread
DeleteFileW
GetSystemTimeAsFileTime
OpenProcess
WriteConsoleW
LocalFree
SetFilePointer
WideCharToMultiByte
WaitForSingleObject
FlushFileBuffers
GetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentThreadId
TlsAlloc
MapViewOfFile
VirtualAlloc

wintrust

WinVerifyTrust

advapi32

RegCloseKey
LsaFreeMemory
CloseServiceHandle
RegSetValueExW
RegDeleteKeyW
OpenServiceW
RegDeleteValueW
OpenSCManagerW
RegQueryValueExW
LsaQueryInformationPolicy
QueryServiceConfigW
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
QueryServiceStatus
LsaOpenPolicy
LsaClose

psapi

GetModuleBaseNameW

shell32

CommandLineToArgvW
SHGetFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetCertificateChain
CryptMsgClose
CryptDecodeObject
CryptMsgGetAndVerifySigner
CertCloseStore
CryptHashPublicKeyInfo
CertFreeCertificateChain
CertFreeCertificateContext
CryptUnprotectData
CryptMsgGetParam
CryptQueryObject
CertVerifyCertificateChainPolicy

shlwapi

PathRemoveBlanksW
PathCombineW
PathStripToRootW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathCommonPrefixW
PathIsRootW
PathAppendW
PathIsSameRootW
PathCanonicalizeW

ole32

CLSIDFromProgID
OleRun
CoTaskMemFree
CoCreateGuid
CoTaskMemRealloc
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CoInitializeEx
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SystemTimeToVariantTime
SafeArrayDestroy
VariantClear
SafeArrayCreate
SysStringByteLen
LoadTypeLi
SysFreeString
VarUI4FromStr
VariantCopy
SysStringLen
SysAllocStringLen
VariantTimeToSystemTime
SetErrorInfo
SysAllocStringByteLen
VarBstrCmp
CreateErrorInfo
SafeArrayPutElement
VariantInit
SysAllocString
LoadRegTypeLi
GetErrorInfo
DispGetParam

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject
CreateDCA
CreateDIBSection
StretchDIBits
CreateFontIndirectExW
CreateFontW
TranslateCharsetInfo
RemoveFontResourceW
CreateRectRgn
GetTextExtentPointA

setupapi

SetupIterateCabinetW

cabinet

ord22
ord23
ord20
ord21

user32

CharNextW
CharPrevW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
PeekMessageW
SystemParametersInfoW
GetDC
ReleaseDC
TranslateMessage
MessageBoxW

gpedit

DeleteGPOLink

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93f3e26a602a4d9c333a70daa734eb6d

Headers

File Characteristics

Imports

kernel32

wintrust

advapi32

psapi

shell32

version

crypt32

shlwapi

ole32

oleaut32

gdi32

setupapi

cabinet

user32

gpedit

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 237KB - Virtual size: 1.0MB

.rsrc Size: 18KB - Virtual size: 59KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 237KB - Virtual size: 1.0MB

.rsrc
Size: 18KB - Virtual size: 59KB