47f9e02b3d885f10c666dd11b997ac5edeacee127a4b6dbb1ba17aede29f1905

Sharing

Copy URL Twitter E-mail

General

Target

47f9e02b3d885f10c666dd11b997ac5edeacee127a4b6dbb1ba17aede29f1905
Size

52KB
MD5

f2512d4d34a2cfa84eac04d8ba0ef4cf
SHA1

53fb7188f50250e0cade5373a60986b13d6db4f9
SHA256

47f9e02b3d885f10c666dd11b997ac5edeacee127a4b6dbb1ba17aede29f1905
SHA512

70985b60ee4c972019b6c958363bf5364876e0afc871dc69a0e5791ab2ffa3b2384c3a33a4926949a12febf0deeaaa7107d29b65a2e8cd646b094c83654b2ec0
SSDEEP

768:buJtDH1UhTFDEQjLYn2inR6f+GlywAdidoj7yuawlayMaCj4MvWUDHmCRZaecv:qJklFYXGgwAdidonaSqj4/saecv

Score

N/A

Malware Config

Signatures

Files

47f9e02b3d885f10c666dd11b997ac5edeacee127a4b6dbb1ba17aede29f1905
.exe windows x86

d02554f61fb96e48f82495d1ed6089fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isxdigit
srand
_strnicmp
wcsncmp
wcsstr
_wcsnicmp
strncpy
strcpy
sprintf
memcmp
memcpy
_vsnprintf
_snprintf
atoi
strncmp
wcscpy
wcscmp
rand
wcslen
wcsncpy
_snwprintf
strcmp
memset
strstr
strlen

ntdll

RtlAllocateHeap
NtSuspendThread
NtReadVirtualMemory
NtFlushInstructionCache
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtQueueApcThread
NtTerminateThread
NtWriteVirtualMemory
RtlFreeHeap
NtQueryInformationThread

kernel32

WaitForMultipleObjects
GetTickCount
CreateProcessW
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
lstrcmpW
GetProcessId
Module32FirstW
Module32NextW
HeapSize
HeapReAlloc
GetLogicalDriveStringsW
GetModuleHandleW
CreateFileW
DeleteFiber
GetLastError
DeviceIoControl
IsDebuggerPresent
CloseHandle
CheckRemoteDebuggerPresent
GetProcessHeap
VirtualQueryEx
Thread32First
VirtualFreeEx
Sleep
ReadProcessMemory
Thread32Next
MoveFileW
VirtualProtectEx
Process32FirstW
OpenThread
Process32NextW
CreateToolhelp32Snapshot
DuplicateHandle
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
lstrlenA
ConnectNamedPipe
CreateNamedPipeW
WriteFile
ReadFile
DisconnectNamedPipe
FlushFileBuffers
ExitProcess
SetErrorMode
WaitForSingleObject
CreateThread
GetFileAttributesW
GetProcAddress
ReleaseMutex
CreateFileA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
CreateFileMappingW
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
WriteProcessMemory
FindFirstFileW
GetLocaleInfoA
GetModuleFileNameW
ExitThread
lstrlenW
FindNextFileW
GetVersionExA
GetCommandLineW
CreateMutexW
LoadLibraryW
GetCurrentDirectoryW
OpenMutexA
GetCurrentProcessId
LocalFree
CreateRemoteThread
OpenProcess
LockFile
GetDriveTypeW
CopyFileW
GetFileSize
UnlockFile
OpenMutexW

ws2_32

WSACleanup
recv
htons
closesocket
WSAStartup
connect
inet_ntoa
getpeername
gethostbyname
send
sendto
ioctlsocket
select
socket
inet_addr

shlwapi

StrStrIW
StrCmpIW
StrStrW
StrStrIA

wininet

InternetOpenW
InternetQueryOptionA
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetReadFile

ole32

CLSIDFromString
CoInitialize
CoCreateInstance

psapi

GetModuleFileNameExW
EnumProcessModules

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

advapi32

RegOpenKeyExA
RegEnumValueW
RegCloseKey
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetUserNameW
LookupPrivilegeValueA
AdjustTokenPrivileges
GetCurrentHwProfileA
FreeSid
CheckTokenMembership
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
AllocateAndInitializeSid
RegSetValueExW

user32

LoadCursorW
PostQuitMessage
RegisterDeviceNotificationW
DefWindowProcW
RegisterClassW
CreateWindowExW
UnregisterDeviceNotification
DispatchMessageW
DestroyWindow
GetMessageW
CharUpperBuffA
TranslateMessage
CharLowerBuffA

urlmon

ObtainUserAgentString

wintrust

WinVerifyTrust

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d02554f61fb96e48f82495d1ed6089fc

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

ws2_32

shlwapi

wininet

ole32

psapi

shell32

advapi32

user32

urlmon

wintrust

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB