bf503fdb9344b22c8e067e71fb5c33bbcd2f3807305a1690a808045943ed65ca

Sharing

Copy URL

Twitter E-mail

General

Target

bf503fdb9344b22c8e067e71fb5c33bbcd2f3807305a1690a808045943ed65ca
Size

294KB
MD5

50ce560b3e5b86da15cc8be873468bc6
SHA1

4f2e3c770dedf9005eb34765983d4b255a746060
SHA256

bf503fdb9344b22c8e067e71fb5c33bbcd2f3807305a1690a808045943ed65ca
SHA512

c13045ef7a2c4560e4af181c2028a59039b834a929ff32e9472e5bd98584ebb60b9a4086f8cfb01f5234fa4b6460b1fc83889ad8f5d95c0f7182a44fec49bbc1
SSDEEP

6144:zpQCd1au9KZBXD7Bp3A4JwQzVKINYtYpeRrBaS8dt:zpQyau9KbfBpw3QzVKINI/r8S8d

Score

N/A

Malware Config

Signatures

Files

bf503fdb9344b22c8e067e71fb5c33bbcd2f3807305a1690a808045943ed65ca
.exe windows x86

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageW
TranslateMessage
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetWindowLongW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun

psapi

GetModuleFileNameExW
EnumProcessModules

shlwapi

PathRemoveFileSpecW
StrCmpW
StrStrIA
PathFileExistsW
SHDeleteEmptyKeyW

kernel32

SetThreadPriority
UnhandledExceptionFilter
ExpandEnvironmentStringsW
SizeofResource
OpenProcess
LockResource
WideCharToMultiByte
FormatMessageW
LoadLibraryExW
OpenFileMappingW
GetSystemTimeAsFileTime
HeapFree
GetTempFileNameW
ResumeThread
TerminateThread
IsDebuggerPresent
DeleteFileW
CloseHandle
WaitForMultipleObjects
ReleaseMutex
GetTempPathW
GlobalFree
SetLastError
LoadResource
WaitForSingleObject
CreateFileMappingW
CreateThread
RaiseException
GlobalAlloc
FindResourceW
GetCurrentThreadId
EnterCriticalSection
HeapDestroy
HeapReAlloc
lstrlenA
GlobalLock
GlobalUnlock
GetModuleHandleW
FindClose
FindNextFileW
CreateEventW
SetFilePointer
LeaveCriticalSection
FindFirstFileW
HeapAlloc
GetFileSize
MapViewOfFile
SetUnhandledExceptionFilter
CreateFileW
GetSystemInfo
GetProcessHeap
QueryPerformanceFrequency
UnmapViewOfFile
lstrcpyW
OpenMutexW
VirtualQuery
FreeLibrary
OpenEventW
FindResourceExW
CreateMutexW
OutputDebugStringW
DeleteCriticalSection
HeapSize
ResetEvent
WriteFile
lstrlenW
GetLocalTime
LocalAlloc
CreateDirectoryW
LocalFree
InitializeCriticalSectionAndSpinCount
CompareFileTime
VirtualAlloc

oleaut32

SysStringLen
VarUdateFromDate
SysFreeString
SysStringByteLen
VarCmp
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
FreeSid
SetNamedSecurityInfoW
RegOpenKeyW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
RegEnumKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
RegCloseKey
SetSecurityDescriptorSacl
CryptReleaseContext
InitializeAcl
GetNamedSecurityInfoW
GetAce
RegDeleteValueW
RegCreateKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegEnumValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetUserNameW
CryptAcquireContextW
GetSidIdentifierAuthority
CryptGenRandom
RegDeleteKeyW
RegQueryValueExW
GetAclInformation
AddAce
AllocateAndInitializeSid
AddAccessAllowedAce

mapi32

ord75
ord17
ord185
ord135
ord11
ord45
ord140

esent

JetOpenTable
JetFreeBuffer
JetOpenDatabase
JetGetObjectInfo
JetCreateIndex
JetBeginSession
JetGetTableIndexInfo
JetCloseDatabase
JetTerm
JetAttachDatabase
JetSetIndexRange
JetSetCurrentIndex
JetCommitTransaction
JetMove
JetSeek
JetGetInstanceInfo
JetSetSystemParameter
JetBeginTransaction
JetEndSession
JetCreateInstance
JetMakeKey
JetInit
JetGetTableColumnInfo
JetRetrieveColumn
JetDetachDatabase
JetCloseTable

comctl32

CreateStatusWindow
ImageList_GetImageCount
CreateUpDownControl
ImageList_EndDrag
ImageList_DragMove
ImageList_Destroy
CreateStatusWindowW
ImageList_GetImageRect

loadperf

RestorePerfRegistryFromFileW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

Imports

user32

shell32

ole32

psapi

shlwapi

kernel32

oleaut32

version

advapi32

mapi32

esent

comctl32

loadperf

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 256KB - Virtual size: 274KB

.rsrc Size: 15KB - Virtual size: 118KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 256KB - Virtual size: 274KB

.rsrc
Size: 15KB - Virtual size: 118KB