90e6749e17815f6bb537c75feefc405a909109580d0c1458d734429a53f8d4cf

Sharing

Copy URL Twitter E-mail

General

Target

90e6749e17815f6bb537c75feefc405a909109580d0c1458d734429a53f8d4cf
Size

147KB
MD5

1064c7dde33751e9bcad3b5250e54742
SHA1

8460f00adb06341ab3a49ab2f08fd91ceb9ec83b
SHA256

90e6749e17815f6bb537c75feefc405a909109580d0c1458d734429a53f8d4cf
SHA512

c37cbed0a40411bb4b40ae30e8049a9d8dc797cebc760ffdb48f12f171e57ae16deb1288922ccfc23773d77b8c15cba2e5ec2472220246e6f6fc81fc50aba212
SSDEEP

3072:HyVadn7/0JM5h54XvR/xCb1E3l1/Eizup210nrgO4:957/0JM5He/aE3D85wCK

Score

N/A

Malware Config

Signatures

Files

90e6749e17815f6bb537c75feefc405a909109580d0c1458d734429a53f8d4cf
.exe windows x86

c82ce199442d9e64c82a57c90165ebaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateOleAdviseHolder
StgOpenStorage
CoReleaseMarshalData
StgIsStorageFile
CoInitialize
GetHGlobalFromStream
CoUninitialize
CoFreeUnusedLibraries
CoSetProxyBlanket
CoTaskMemRealloc
PropVariantClear
CreateDataAdviseHolder
CoInitializeEx
CoGetMalloc
CoCreateInstanceEx
OleUninitialize
OleLoadFromStream

user32

IsChild
RegisterClipboardFormatW
ScreenToClient
CopyRect
GetSystemMetrics
EndPaint
CharPrevW
GetSysColor
GetAncestor
GetWindowLongW
MessageBoxA
RegisterWindowMessageA
ChangeMenuA
CharNextW
DefWindowProcA
MessageBoxW
GetDlgItem
MoveWindow
LoadCursorW
GetCapture
GetPropA
BeginPaint
GetClientRect
GetActiveWindow
PostMessageA
GetWindowTextA
SetWindowLongA
LoadCursorA
RegisterClassExW
SetDlgItemTextA
GetClassNameA
CharUpperA
IsWindowVisible
CharPrevA
CheckDlgButton
LoadStringW
DestroyMenu
IsRectEmpty
IsDlgButtonChecked
GetCursorPos
SetCursor
GetMessagePos
SetWindowRgn

msvcrt

wcsncmp
wcschr
wcsstr
_strlwr
_unlock
_amsg_exit
_access
_finite
_local_unwind2
mbstowcs
realloc
_commit
_fileno
srand
wcstok
??3@YAXPAX@Z
sprintf
exit
memset
_onexit
rand
_ltoa
__p__commode
fseek
memmove
__set_app_type
__p__iob
_cexit
fwrite
_iob
__p__osver
__p__fmode
__setusermatherr

ntdll

RtlOemToUnicodeN
NtQueryVirtualMemory
DbgPrint
wcsrchr
NtAllocateLocallyUniqueId
VerSetConditionMask
qsort
RtlNtStatusToDosError
wcsncat
RtlUpcaseUnicodeString
NtQuerySecurityObject
DbgBreakPoint
RtlAcquireResourceExclusive
NtSetSecurityObject
RtlUnicodeStringToInteger
RtlDetermineDosPathNameType_U
NtQueryKey
RtlCopyUnicodeString

advapi32

OpenThreadToken
IsValidSid
RegQueryValueExW
RegSetValueA
InitializeSecurityDescriptor
RegSetValueW
RegOpenKeyW
SetFileSecurityW
CryptDestroyKey
IsValidSecurityDescriptor
RegFlushKey
RegDeleteKeyW
RegSetValueExA
SetSecurityDescriptorOwner
GetAce
AddAce
RegOpenKeyA
StartServiceW
ReportEventW
ConvertStringSidToSidW
RegEnumKeyExW
RegQueryValueW
MakeSelfRelativeSD
OpenServiceW
CryptCreateHash
CloseServiceHandle
IsValidAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
OpenSCManagerA
AllocateAndInitializeSid
RegEnumKeyW
RegEnumValueA
RegDeleteValueA
GetSecurityDescriptorDacl
RegisterTraceGuidsW
RegQueryValueExA
CryptReleaseContext
OpenServiceA
GetAclInformation
RegConnectRegistryW
LookupPrivilegeValueA
RegQueryInfoKeyW
FreeSid
RegEnumValueW

kernel32

GetCurrentProcessId
GetOEMCP
GetExitCodeProcess
DuplicateHandle
GetStdHandle
GetFileSize
EnterCriticalSection
lstrcpyW
RemoveDirectoryW
GetCurrentThreadId
SetLastError
VirtualAlloc
GetFileAttributesA
CreateMutexW
CompareStringA
GetACP
SetEndOfFile
LoadResource
MultiByteToWideChar
GetLocaleInfoW
GetCommandLineW
GetVersionExA
MulDiv
lstrcmpiW
GetSystemDirectoryW
OpenEventW
ExitProcess

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c82ce199442d9e64c82a57c90165ebaa

Headers

File Characteristics

Imports

ole32

user32

msvcrt

ntdll

advapi32

kernel32

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 40KB - Virtual size: 165KB

.idata Size: 47KB - Virtual size: 47KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 40KB - Virtual size: 165KB

.idata
Size: 47KB - Virtual size: 47KB

.reloc
Size: 1KB - Virtual size: 1KB