e516d844915fbcf33a5282110f04bd6724807b22366cb276b8e8d088c4228876

Sharing

Copy URL Twitter E-mail

General

Target

e516d844915fbcf33a5282110f04bd6724807b22366cb276b8e8d088c4228876
Size

252KB
MD5

c50de180d998953c72cd76d49ef61307
SHA1

4593c45b06b7ae5ee80b8e39a6aa65e90f18e068
SHA256

e516d844915fbcf33a5282110f04bd6724807b22366cb276b8e8d088c4228876
SHA512

3e8e2017ac304010d44f757b1aa820af4793e597371e7f9fb347703b46f63c07ed48d5a18bbddbdcea7dfa1bd92dc8ed43e182cb9776d67a5dce619f2b3e037e
SSDEEP

6144:lyMy/6ln6eI6MaBJls6DrBxJlZuMOlszCBr6IFzXlR8F4b:ly0ln+6MaBJl/52lszCRxwF4b

Score

N/A

Malware Config

Signatures

Files

e516d844915fbcf33a5282110f04bd6724807b22366cb276b8e8d088c4228876
.exe windows x86

5bfbc6d51571f3e9111b0bfffe9f0398

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetACP
HeapFree
DeleteAtom
GetSystemTime
CloseHandle
SetThreadContext
MoveFileW
GetLongPathNameW
FileTimeToSystemTime
CreateProcessA
GetDiskFreeSpaceExW
GetSystemDefaultLCID
SetThreadPriority
CreateMutexA
SetUnhandledExceptionFilter
SystemTimeToFileTime
FindNextFileW
GetFullPathNameW
HeapAlloc
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSetInformation
GetUserDefaultUILanguage
LockResource
TlsSetValue
IsValidCodePage
FindClose
FlushInstructionCache
DeleteFileW
CompareFileTime
VirtualProtect
RaiseException
GetThreadContext
SetEnvironmentVariableW
CompareStringA
CreateSemaphoreW
FlushFileBuffers
ResumeThread
WriteFile
CreateEventW
VirtualQuery
lstrlenA
CompareStringW
ReadFile
UnhandledExceptionFilter
LoadResource
TlsAlloc
LocalFree
OpenThread
FormatMessageW
SetFilePointer
CreateFileMappingW
VirtualQueryEx
WaitForSingleObject
ReleaseSemaphore
OutputDebugStringW
LeaveCriticalSection
CreateFileA
MapViewOfFile
VirtualAlloc
ReleaseMutex
UnmapViewOfFile
GetExitCodeThread
FreeLibrary
FindFirstFileW
CreateProcessW
CreateFileW
GetCurrentThreadId
IsDebuggerPresent
AddAtomW
HeapSize
SuspendThread
GetFileAttributesExW
WideCharToMultiByte
FindAtomW
CreateEventA
HeapReAlloc
ExpandEnvironmentStringsW
HeapDestroy
EnterCriticalSection
CreateFileMappingA
GetModuleHandleA
GetDriveTypeW
lstrlenW
GetStdHandle
QueueUserAPC
GetSystemInfo
GetFileSize
GetSystemTimeAsFileTime
TlsGetValue
GetUserDefaultLCID
DuplicateHandle
CreateDirectoryW
TlsFree
FindResourceExW
DeleteCriticalSection
IsProcessorFeaturePresent
SwitchToThread
GetModuleHandleW
SizeofResource
CreateThread
SetLastError
FindResourceW
GetLogicalDrives
CopyFileW
OpenProcess
GetStartupInfoW

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC

ole32

OleInitialize
IIDFromString
OleUninitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeSecurity
CoTaskMemAlloc
CoInitialize
StringFromCLSID
CoCreateGuid
StringFromGUID2

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptUnprotectData

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetFileInfoW
SHFileOperationW

advapi32

RegOpenKeyExW
RegQueryValueExA
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyW
IsValidSid
CheckTokenMembership
RegEnumValueW
CryptCreateHash
FreeSid
CryptReleaseContext
RegDeleteValueW
GetTokenInformation
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptHashData
RegEnumValueA
CryptImportKey
RegQueryInfoKeyA
CryptVerifySignatureW
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
CryptDestroyHash
RegSetValueExW
CryptDestroyKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegEnumKeyExW
AllocateAndInitializeSid
RegQueryValueExW
OpenProcessToken

user32

SetTimer
TranslateMessage
UnregisterClassW
CharNextW
LoadStringW
DestroyWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
LoadImageW
GetSystemMetrics
DispatchMessageW
CreateWindowExW
GetWindowTextW
GetMessageTime
RegisterClassW
DefWindowProcW
MessageBoxExW
KillTimer
SystemParametersInfoA
UpdateLayeredWindow
LoadIconW
MessageBoxW
ShowWindow
GetWindowLongW

shlwapi

SHCreateStreamOnFileEx
PathFindFileNameW
StrToInt64ExW
PathCombineW
StrToIntExW
PathStripPathW
PathRemoveBlanksW
PathIsFileSpecW
PathIsDirectoryW
PathAddBackslashW
PathFindExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFileExistsW
PathAppendW
AssocQueryStringW
StrToIntW
PathMatchSpecW

oleaut32

SysStringByteLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
VariantTimeToSystemTime
VarBstrCat
SafeArrayGetUBound
SysStringLen
SysAllocStringLen
SysFreeString
SetErrorInfo
SafeArrayGetLBound
GetErrorInfo
SysAllocString
SafeArrayUnlock
SystemTimeToVariantTime
SysAllocStringByteLen

comctl32

CreateStatusWindow
CreateUpDownControl
InitializeFlatSB
ImageList_Remove
FlatSB_GetScrollInfo
ImageList_GetImageRect
DllGetVersion
ImageList_DrawIndirect
ImageList_GetIcon

msdart

MpHeapAlloc
UMSEnterCSWraper
?IsWin98orLater@CMdVersionInfo@@SAHXZ
MpHeapFree
MPInitializeCriticalSection
MPCSInitialize

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bfbc6d51571f3e9111b0bfffe9f0398

Headers

File Characteristics

Imports

kernel32

gdi32

ole32

version

crypt32

shell32

advapi32

user32

shlwapi

oleaut32

comctl32

msdart

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 228KB - Virtual size: 1.1MB

.rsrc Size: 5KB - Virtual size: 16KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 228KB - Virtual size: 1.1MB

.rsrc
Size: 5KB - Virtual size: 16KB