866a082bbdeddcad91399e211b4428cbed2378a3a4e60ba9231b645bef202dd9

Sharing

Copy URL Twitter E-mail

General

Target

866a082bbdeddcad91399e211b4428cbed2378a3a4e60ba9231b645bef202dd9
Size

405KB
MD5

6eca62b4c9e8e62429d9e2550c444047
SHA1

684936b3d932351478a703de35db61e52ceed404
SHA256

866a082bbdeddcad91399e211b4428cbed2378a3a4e60ba9231b645bef202dd9
SHA512

f689085d8b3b91ea9ef6de5d58a99e6b7776e6d3339b7fb0d1607875a355e337d344a99becbc186f4633ee6926d1ac313ae655f3867263606c626f161e9f1264
SSDEEP

12288:DNO8OXftqLB9/W9FASmtzCW96S3aGW8sG:B4tqb/gFADtp96S3aD8sG

Score

N/A

Malware Config

Signatures

Files

866a082bbdeddcad91399e211b4428cbed2378a3a4e60ba9231b645bef202dd9
.exe windows x86

ab08c573b4779fcfc8f3b1136990ce18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
EnumSystemCodePagesW
EnumResourceNamesA
ReadConsoleInputW
LocalSize
GetACP
LocalLock
lstrlenA
LoadLibraryExW
IsValidLocale
CreateFileW
GetVersionExA
SetComputerNameW
SetConsoleTitleA
Toolhelp32ReadProcessMemory
GetCurrentDirectoryW
CompareStringA
GetCommandLineA
InterlockedIncrement
GetFileAttributesA
FreeLibraryAndExitThread
WaitForSingleObjectEx
InterlockedExchangeAdd
GetNumberOfConsoleInputEvents
GetDriveTypeA
GlobalAddAtomA
SetWaitableTimer
GetFullPathNameW
LockFileEx
GetDiskFreeSpaceExW
SetThreadPriorityBoost
SetThreadContext
CreateNamedPipeA
SetConsoleMode
GlobalSize
WriteFileGather
WaitForMultipleObjects
SetFilePointer
GetStringTypeA
TlsSetValue
Sleep
GetConsoleCP
FindCloseChangeNotification
GetSystemPowerStatus
SetConsoleWindowInfo
GetEnvironmentStrings
FoldStringA
WriteProcessMemory
AddAtomA
FlushFileBuffers
FillConsoleOutputCharacterA
SignalObjectAndWait
Process32Next
Heap32ListNext
GetConsoleTitleW
ReadFile
lstrcatA
GetPrivateProfileStringW
HeapCompact
GetDateFormatW
DefineDosDeviceW
lstrcatW
TransactNamedPipe
SetThreadAffinityMask
GetSystemDefaultLCID
DebugBreak
BeginUpdateResourceA
ReadFileEx
GetNamedPipeInfo
GetThreadPriorityBoost
GetVolumeInformationA
GetNumberOfConsoleMouseButtons
SetConsoleTitleW
GetPrivateProfileIntW
GetConsoleMode
GetPrivateProfileIntA
FindFirstChangeNotificationW
WritePrivateProfileStructA
LocalCompact
InitAtomTable
Module32First
GetExitCodeThread
GetCompressedFileSizeA
WaitNamedPipeW
OpenEventA
GlobalHandle
GetTempPathA
UnhandledExceptionFilter
Module32Next
HeapCreate
lstrcpyW
FileTimeToSystemTime
FillConsoleOutputCharacterW
SetVolumeLabelA
ReleaseSemaphore
GetAtomNameW
SystemTimeToFileTime
MulDiv
FindResourceW
MapViewOfFile
WaitForMultipleObjectsEx
SetConsoleActiveScreenBuffer
GetStringTypeExA
CreateProcessW
SleepEx
ReleaseMutex
ExpandEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
GetNamedPipeHandleStateA
GetLocalTime
EnumSystemLocalesA
CopyFileA
GetLocaleInfoA
CreatePipe
EnumDateFormatsExW
GetComputerNameA
MapViewOfFileEx
GlobalUnWire
lstrcmpiW
ReadDirectoryChangesW
WriteConsoleOutputCharacterW
GetStartupInfoA
GetThreadContext
CreateNamedPipeW
EnumResourceTypesW
AddAtomW
GetLogicalDrives
CreateFileMappingW
CreateEventW
ReadProcessMemory
SetLocaleInfoW
GetDiskFreeSpaceExA
OpenProcess
GlobalMemoryStatus
ReadFileScatter
lstrcpyn
DeviceIoControl
HeapValidate
lstrcpynA
SetLastError
WriteConsoleInputA
GlobalFindAtomA
FreeLibrary
HeapLock
FindNextFileA
SetPriorityClass
GlobalUnfix
GetUserDefaultLCID
MoveFileExA
GetPrivateProfileSectionNamesA
RemoveDirectoryA
GetThreadLocale
PeekNamedPipe
GlobalGetAtomNameW
MoveFileExW
GetShortPathNameA
UnmapViewOfFile
SetConsoleCursorPosition
FileTimeToDosDateTime
LocalReAlloc
GlobalFree
GetProfileStringA
SetThreadExecutionState
SetConsoleOutputCP
GlobalWire
GetProcessShutdownParameters
DisconnectNamedPipe
FindResourceExW
GetProcessVersion
SearchPathW
CreateMailslotW
LocalFree
EraseTape
GetFileType
GetThreadPriority
lstrcpy
lstrcmpi
FindFirstFileExA
HeapSize
CloseHandle
EnumTimeFormatsA
GlobalReAlloc
ReadConsoleOutputAttribute
OpenSemaphoreA
TerminateThread
GetThreadTimes
GlobalDeleteAtom
CreateDirectoryExA
SetConsoleCP
LoadResource
GetProfileIntW
CreateFileMappingA
GetVolumeInformationW
ResumeThread
GetPriorityClass
WaitForSingleObject
GetLargestConsoleWindowSize
GetCommandLineW
DefineDosDeviceA
ReadConsoleOutputA
GetDiskFreeSpaceW
LocalFlags
GetPrivateProfileSectionW
GetDateFormatA
GetCompressedFileSizeW
ReadConsoleOutputCharacterA
TlsGetValue
GlobalAlloc
GetEnvironmentStringsW
InitializeCriticalSection
WriteConsoleOutputAttribute
VirtualQueryEx
FlushInstructionCache
lstrcmpW
GetQueuedCompletionStatus
ResetEvent
WriteProfileStringA
EnumTimeFormatsW
GetWindowsDirectoryA
DeleteFiber
RtlZeroMemory
GetModuleFileNameW
ReadConsoleOutputCharacterW
FillConsoleOutputAttribute
EnumCalendarInfoExA
GetThreadSelectorEntry
SetConsoleScreenBufferSize
GetCalendarInfoA
WriteConsoleOutputCharacterA
GetWriteWatch
GlobalFlags
VirtualProtect
CreateToolhelp32Snapshot
OutputDebugStringW
SetThreadLocale
CreateWaitableTimerA
GetProcessHeaps
OpenMutexW
EnumResourceLanguagesA
SetConsoleCursorInfo
CreateDirectoryW
GetLongPathNameA
GetTimeZoneInformation
LocalHandle
UpdateResourceW
EnumDateFormatsA
DuplicateHandle
CreateMailslotA
GetTempFileNameA
SetTimeZoneInformation
Thread32Next
PulseEvent
GetFileSize
SetEvent
EnumResourceNamesW
InterlockedDecrement
FormatMessageA
GetProcAddress
DeleteCriticalSection
lstrcmp
GetProfileIntA
WritePrivateProfileStringW
ExpandEnvironmentStringsA
SetFileAttributesW
HeapDestroy
SetComputerNameA
GetPrivateProfileSectionA
OpenFile
FindAtomA
GetCurrentDirectoryA
FreeEnvironmentStringsW
lstrcmpiA
EnumResourceLanguagesW
SetCurrentDirectoryA
GetCurrencyFormatW
SetLocalTime

wininet

ShowX509EncodedCertificate
FtpRenameFileW
InternetQueryFortezzaStatus
InternetCreateUrlW
RunOnceUrlCache
HttpOpenRequestW
ReadUrlCacheEntryStream
FtpGetCurrentDirectoryW
GetUrlCacheHeaderData
DeleteUrlCacheContainerA
FtpRenameFileA
SetUrlCacheEntryGroupW
UrlZonesDetach
InternetDial
InternetReadFileExW
RetrieveUrlCacheEntryStreamW
InternetSetCookieW
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryW
GopherGetAttributeW
InternetSetFilePointer
DeleteUrlCacheGroup
InternetFindNextFileW
IncrementUrlCacheHeaderData
FindNextUrlCacheEntryA
InternetGoOnlineA
DeleteUrlCacheContainerW
IsUrlCacheEntryExpiredW
FindFirstUrlCacheEntryW
InternetGetConnectedStateExA
InternetSetDialStateW
FtpOpenFileW
InternetConfirmZoneCrossing
LoadUrlCacheContent
InternetWriteFile
IsUrlCacheEntryExpiredA
DeleteUrlCacheEntry
InternetShowSecurityInfoByURL
InternetGetLastResponseInfoA
InternetCanonicalizeUrlW
InternetQueryOptionA

advapi32

RegLoadKeyW
RegConnectRegistryW
LookupPrivilegeValueA
CryptGetProvParam
LogonUserA
RegEnumKeyW
CryptGetHashParam
RegReplaceKeyA
RegConnectRegistryA
GetUserNameW
CryptImportKey
CryptSetProvParam
RegEnumValueW
RegEnumValueA
LookupSecurityDescriptorPartsA
RevertToSelf
CryptSetKeyParam
CryptSetProviderExW
RegQueryValueA
CryptDecrypt
LookupPrivilegeDisplayNameA
CryptHashData
CryptGetUserKey
ReportEventW
RegOpenKeyExW
RegDeleteKeyA
RegRestoreKeyA
LookupAccountSidW
RegSetValueA
RegQueryMultipleValuesA
RegCreateKeyExW
CryptAcquireContextW
CryptVerifySignatureA
CryptSetProviderW
CryptDestroyKey
RegNotifyChangeKeyValue
RegSetValueExA
StartServiceW
CryptEncrypt
RegQueryInfoKeyW
RegCloseKey
RegReplaceKeyW
RegOpenKeyExA
RegSaveKeyA
LookupPrivilegeNameA
RegOpenKeyA
RegDeleteValueA
RegQueryInfoKeyA
AbortSystemShutdownW
RegFlushKey
RegCreateKeyW
CryptSetProviderExA
CryptEnumProvidersW
CryptDuplicateKey
RegDeleteKeyW
CryptHashSessionKey
RegQueryValueExW
CryptVerifySignatureW
LogonUserW
RegDeleteValueW
CryptDeriveKey
CreateServiceW
LookupAccountNameA
LookupSecurityDescriptorPartsW
RegQueryMultipleValuesW
RegQueryValueW
CryptReleaseContext
ReportEventA
RegCreateKeyExA
RegEnumKeyA
CryptGenRandom
RegCreateKeyA
RegSetValueExW
LookupAccountSidA
GetUserNameA
CryptEnumProviderTypesA
CryptSignHashA
InitiateSystemShutdownA

comdlg32

PageSetupDlgA
GetSaveFileNameA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab08c573b4779fcfc8f3b1136990ce18

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

comdlg32

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 282KB - Virtual size: 282KB

.reloc Size: 13KB - Virtual size: 13KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 282KB - Virtual size: 282KB

.reloc
Size: 13KB - Virtual size: 13KB

.bss
Size: 5KB - Virtual size: 5KB