e4ba083f52b1f7d56194fdfe8028513965ef6cc9df9fc85a1e5734816206b1d1

Sharing

Copy URL Twitter E-mail

General

Target

e4ba083f52b1f7d56194fdfe8028513965ef6cc9df9fc85a1e5734816206b1d1
Size

267KB
MD5

37097aaf6161e202b893535909cc0a70
SHA1

f7865343abf7e4f26102d2db0d77a108b95d61be
SHA256

e4ba083f52b1f7d56194fdfe8028513965ef6cc9df9fc85a1e5734816206b1d1
SHA512

d2a93db968e6ef5bce53ef99f6d083a2b745c07dd883d991c64b3eb217270e077914452a049d5acdb650b144587bc6835123fe6b4a98a9704d03f49e4fecbc33
SSDEEP

3072:ckkKlFBAUBjvHuc+YvUkdmt9D3py0LGX9qnoa8CCKFyv:8Kl0UBTHp2s49Tpy0SAnoa/CK

Score

N/A

Malware Config

Signatures

Files

e4ba083f52b1f7d56194fdfe8028513965ef6cc9df9fc85a1e5734816206b1d1
.exe windows x86

90aec497e021fcbce86bd33c77665c90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LocalReAlloc
MapViewOfFile
MultiByteToWideChar
OpenProcess
GetStartupInfoA
ReleaseMutex
RtlUnwind
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetLastError
SetUnhandledExceptionFilter
GetSystemDefaultLangID
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcpynA
lstrlenA
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLastError
GetFullPathNameW
GetFileAttributesW
GetDateFormatW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
GetCommandLineA
FreeLibrary
FormatMessageW
Sleep
GetStdHandle
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
EnterCriticalSection
DuplicateHandle
DeleteCriticalSection
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateEventW
CreateEventA
CompareFileTime
CloseHandle
AreFileApisANSI
GetOEMCP
VirtualAlloc
GetProcessHeap
GetStartupInfoW
QueryPerformanceCounter
CreateFileA

user32

GetForegroundWindow
GetClassNameA
DispatchMessageA
GetShellWindow
DefWindowProcA
CreateWindowExA
CreateMenu
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
wsprintfA
DestroyWindow

gdi32

GetStockObject

advapi32

RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupAccountSidA
GetUserNameW
GetUserNameA
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegEnumKeyA

shlwapi

StrStrIA
StrCpyNW
SHRegGetBoolUSValueA
SHGetValueA
PathRemoveFileSpecA
PathQuoteSpacesA
PathFindFileNameA
PathAppendA
wnsprintfA

msvcrt

_XcptFilter
__argc
__argv
__dllonexit
__getmainargs
__lconv_init
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_ftol
_initterm
_mbschr
_mbsinc
_mbslen
_mbsrchr
_onexit
_stricmp
_strnicmp
_wcsicmp
atoi
exit
free
isleadbyte
isspace
memmove
setlocale
strchr
strncmp
strncpy
strrchr
strtoul
toupper
towlower
wcscmp
wcsncpy

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text9
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text8
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text7
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text6
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90aec497e021fcbce86bd33c77665c90

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

msvcrt

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 1024B - Virtual size: 880B

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 19KB

.text9 Size: 512B - Virtual size: 199B

.text8 Size: 512B - Virtual size: 199B

.text7 Size: 210KB - Virtual size: 210KB

.text6 Size: 512B - Virtual size: 199B

.text5 Size: 1024B - Virtual size: 776B

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 1024B - Virtual size: 880B

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 19KB

.text9
Size: 512B - Virtual size: 199B

.text8
Size: 512B - Virtual size: 199B

.text7
Size: 210KB - Virtual size: 210KB

.text6
Size: 512B - Virtual size: 199B

.text5
Size: 1024B - Virtual size: 776B

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 2KB - Virtual size: 2KB