b8a213fb8a3545e2f964c2e8582f4e33aaf836666e008b9212452abf92392c1c

Sharing

Copy URL Twitter E-mail

General

Target

b8a213fb8a3545e2f964c2e8582f4e33aaf836666e008b9212452abf92392c1c
Size

296KB
MD5

74abd74dca1a8c260f23db051c49d3c8
SHA1

31130463fdf6c222afa322ed0e550e7f8e231c2e
SHA256

b8a213fb8a3545e2f964c2e8582f4e33aaf836666e008b9212452abf92392c1c
SHA512

d724266d56193963ae099fe988e647469e4e6353b59c2aca9a273dcc3590cc0dab87cc1b07aa80498e70323d49c25f6ae8b89388625b89597a64ccd980ae03bf
SSDEEP

6144:d6fFG6pi1mbRSl6Ro1Ulpxs1QwHkzUx6S1wA5XMtzCoMCP/sIJPFMI9WIvxe:d6Y8Sipx5QbFJQ2HCPPPOwWI8

Score

N/A

Malware Config

Signatures

Files

b8a213fb8a3545e2f964c2e8582f4e33aaf836666e008b9212452abf92392c1c
.exe windows x86

3ed61d2759f6a5e5b8188ad64bb72a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntryW

user32

CharNextW
UnregisterClassA

kernel32

CreateFileA
GetThreadLocale
FreeEnvironmentStringsW
IsDebuggerPresent
FlushFileBuffers
GetTempPathW
WriteConsoleW
WriteFile
FindResourceExW
FreeEnvironmentStringsA
GetStdHandle
LockResource
CreateEventW
SignalObjectAndWait
IsValidCodePage
RtlUnwind
HeapReAlloc
FreeLibrary
SetThreadLocale
UnhandledExceptionFilter
LoadResource
GetProcessHeap
LCMapStringA
HeapSize
WriteConsoleA
SetLastError
GetConsoleCP
TlsFree
DeleteCriticalSection
SetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
lstrcmpiW
GetFileType
FindResourceW
CreateMutexW
HeapAlloc
lstrlenW
GetOEMCP
WaitForSingleObject
GetConsoleOutputCP
GetModuleHandleA
FormatMessageW
WaitForMultipleObjects
CreateThread
OutputDebugStringW
ResumeThread
GetACP
ReleaseMutex
ResetEvent
SetFilePointer
GetConsoleMode
LeaveCriticalSection
TlsGetValue
TlsSetValue
EnterCriticalSection
LoadLibraryExW
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateFileW
GetLocalTime
GetModuleHandleW
SizeofResource
GetUserDefaultLangID
OpenEventW
RaiseException
HeapDestroy
LocalFree
VirtualFree
WideCharToMultiByte
HeapFree
TlsAlloc
GetCommandLineA
LCMapStringW
VirtualAlloc
LoadLibraryW
VirtualAllocEx

urlmon

CoInternetGetSession
CoInternetCreateSecurityManager
FindMimeFromData

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
CoUninitialize
OleRun
CLSIDFromString
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

shlwapi

PathAppendW
PathStripPathW
PathRemoveFileSpecW

oleaut32

SafeArrayRedim
SafeArrayGetLBound
LoadTypeLi
DispCallFunc
SysAllocStringByteLen
SysFreeString
SafeArrayGetUBound
SafeArrayGetVartype
UnRegisterTypeLi
SafeArrayUnlock
VariantInit
VariantClear
SafeArrayCopy
RegisterTypeLi
SafeArrayDestroy
VarUI4FromStr
LoadRegTypeLi
SafeArrayCreate
GetErrorInfo
SafeArrayLock
SysStringLen
VariantCopyInd
SysAllocString

advapi32

RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

atmlib

ATMFinish
ATMGetNtmFields
ATMBBoxBaseXYShowText
ATMFontStatusW
ATMForceFontChange
ATMFontAvailableA
ATMClient
ATMGetFontBBox
ATMEnumFontsA
ATMEndFontChange
ATMGetFontInfo
ATMGetOutline

kbdsl1

KbdLayerDescriptor

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ed61d2759f6a5e5b8188ad64bb72a92

Headers

File Characteristics

Imports

wininet

user32

kernel32

urlmon

ole32

shlwapi

oleaut32

advapi32

atmlib

kbdsl1

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 264KB - Virtual size: 1.3MB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 264KB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 6KB