4248c81a09d54e5f5fc34982553371137e973ad78ab380e0e9436ea774d42628

Sharing

Copy URL

Twitter E-mail

General

Target

4248c81a09d54e5f5fc34982553371137e973ad78ab380e0e9436ea774d42628
Size

321KB
MD5

b7b716aedb9c9ab8f55397fa2eeef2c8
SHA1

0793f69bf3469cd688b3ec40bc8bfe7dcd50c2e2
SHA256

4248c81a09d54e5f5fc34982553371137e973ad78ab380e0e9436ea774d42628
SHA512

e0d45103da5b94eb8086739f28697afaf9b0875474043d3f23667c44bc749b8af5bc00c89ac52f5e6299a0c2669b71b4dfd731f89a07709f61f328a43106a096
SSDEEP

6144:mS7DQbF4STaLTprrDQITArJXEkhwqJAgxSSJDWM+i6qZAxavc:PPQR4HLT1RKJXyqJLFWEtZAAU

Score

N/A

Malware Config

Signatures

Files

4248c81a09d54e5f5fc34982553371137e973ad78ab380e0e9436ea774d42628
.exe windows x86

43fdd17efbff30208d525ae8d660595d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
LocalFree
MapViewOfFile
DeleteFileW
RaiseException
ReadFile
FreeLibrary
WideCharToMultiByte
LocalAlloc
SetUnhandledExceptionFilter
GetSystemInfo
CreateFileA
CreateEventW
OpenFileMappingW
ReadProcessMemory
CreateDirectoryW
HeapReAlloc
DeleteCriticalSection
SetWaitableTimer
FindNextFileW
UnmapViewOfFile
MoveFileExW
OpenProcess
HeapFree
ExpandEnvironmentStringsW
CreateFileMappingW
GetCurrentThreadId
WaitForSingleObject
HeapSize
GetSystemDirectoryW
Module32NextW
WriteFile
HeapAlloc
GetSystemTime
CreateToolhelp32Snapshot
GetModuleHandleW
SizeofResource
IsDebuggerPresent
CreateThread
GlobalLock
CreateEventA
FindClose
LockResource
GetSystemTimeAsFileTime
CreateFileW
CreateMutexW
FormatMessageW
CloseHandle
Module32FirstW
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
InitializeCriticalSectionAndSpinCount
FindResourceExW
SetThreadPriority
ProcessIdToSessionId
GlobalMemoryStatus
FindFirstFileW
GetFileSize
GlobalAlloc
SetLastError
GlobalUnlock
GlobalFree
GetProcessHeap
CopyFileW
WaitForMultipleObjects
GetCommandLineW
TerminateThread
HeapDestroy
CreateWaitableTimerW
SetFilePointer
LoadResource
GetLocalTime
ReleaseMutex
ResumeThread
FindResourceW
VirtualAllocEx

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

user32

MessageBoxW
SetWindowLongW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

advapi32

RegCreateKeyExW
RegSetValueExW
SetEntriesInAclW
InitializeSid
CryptHashData
StartServiceCtrlDispatcherW
CryptCreateHash
GetAce
DuplicateTokenEx
SetServiceStatus
CryptReleaseContext
RegCloseKey
GetUserNameW
GetSidLengthRequired
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerW
AddAce
GetSidSubAuthority
GetNamedSecurityInfoW
FreeSid
CryptAcquireContextW
OpenProcessToken
ImpersonateLoggedOnUser
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
CryptGetHashParam
CryptDestroyHash
RegDeleteValueW
GetSidIdentifierAuthority
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
GetLengthSid
GetSidSubAuthorityCount
SetNamedSecurityInfoW
RevertToSelf
LogonUserW
GetAclInformation

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathUnquoteSpacesW
PathRemoveExtensionW
SHDeleteKeyW
PathStripPathW
PathAppendW
PathFindFileNameW
PathRemoveBlanksW
PathFileExistsW
PathIsUNCServerShareW
SHDeleteEmptyKeyW
PathRemoveFileSpecW

comctl32

CreateStatusWindow
ImageList_GetImageInfo
FlatSB_GetScrollInfo
ImageList_LoadImage
CreateStatusWindowW
InitCommonControls

atmlib

ATMEnumMMFontsA
ATMGetOutline
ATMGetPostScriptNameA
ATMRemoveFontA
ATMProperlyLoaded
ATMFinish
ATMEnumFontsA
ATMGetFontBBox
ATMGetFontInfoA

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 32KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43fdd17efbff30208d525ae8d660595d

Headers

File Characteristics

Imports

kernel32

psapi

user32

shell32

advapi32

version

wintrust

oleaut32

shlwapi

comctl32

atmlib

Sections

.text Size: 21KB - Virtual size: 20KB

.bss Size: 32KB - Virtual size: 755KB

.reloc Size: 178KB - Virtual size: 564KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 65KB - Virtual size: 305KB

.rsrc Size: 18KB - Virtual size: 136KB

.text
Size: 21KB - Virtual size: 20KB

.bss
Size: 32KB - Virtual size: 755KB

.reloc
Size: 178KB - Virtual size: 564KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 65KB - Virtual size: 305KB

.rsrc
Size: 18KB - Virtual size: 136KB