e508f4152f8e686d8ee9653018bd7758ccff8e755d7e65494675783440001e97

Sharing

Copy URL Twitter E-mail

General

Target

e508f4152f8e686d8ee9653018bd7758ccff8e755d7e65494675783440001e97
Size

503KB
MD5

8e33228c5bb6777f2863d3f0f04632a9
SHA1

939868a33bd3359d97f8b6cd7c5916adb7d6aaa2
SHA256

e508f4152f8e686d8ee9653018bd7758ccff8e755d7e65494675783440001e97
SHA512

9d7568dab02e7db96d453022a18fb44eb0a7f7bf41e7298d66bfd0bd51c31620c876009f7d5ad672d98b007475f6c107605e4a4650abb43cfdd0781186c30f11
SSDEEP

6144:gaNVmRCNF+MxrEcXxY7jspE24o7tppEgn6v2efAFXQIU7nxR:vNViirEcXxYfQT7jpdn6v2MAg

Score

N/A

Malware Config

Signatures

Files

e508f4152f8e686d8ee9653018bd7758ccff8e755d7e65494675783440001e97
.exe windows x86

cb5d0d9ebe2be201256f8eab4e0dc3c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW
UuidToStringW

kernel32

LocalFree
LocalAlloc
WideCharToMultiByte
OutputDebugStringW
WinExec
GetVersion
GetCurrentProcess
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
DeleteFileW
ExitProcess
FlushInstructionCache
GlobalAlloc
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
Sleep
GetCurrentThreadId
InterlockedCompareExchange
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
FindResourceExW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
WriteFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
GetSystemInfo
VirtualProtect
GetDateFormatA
LockResource
CreateMutexW
SetLastError
GetTickCount
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
SizeofResource
RaiseException
lstrcmpiW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
InterlockedPushEntrySList
GetLastError
MultiByteToWideChar
FreeLibrary
LoadResource
FindResourceW
HeapSize
HeapReAlloc
IsValidLocale
GetTimeFormatA
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapDestroy

user32

TranslateAcceleratorW
TranslateMessage
GetMessageW
IsWindow
UnregisterClassA
GetWindow
GetWindowTextW
SendMessageW
SetWindowLongW
GetWindowLongW
CreateWindowExW
CharNextW
GetClassNameW
DispatchMessageW
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
FillRect
GetFocus
DestroyAcceleratorTable
GetSysColor
GetDlgItem
GetParent
IsChild
SetFocus
SetCapture
KillTimer
SetTimer
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetWindowTextLengthW
SetWindowTextW
DestroyWindow

gdi32

GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps
GetObjectW

advapi32

RegDeleteValueW
GetSidIdentifierAuthority
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
OleRun
CoGetClassObject
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
OleUninitialize
OleInitialize

oleaut32

GetErrorInfo
DispCallFunc
OleCreateFontIndirect
SysFreeString
VarUI4FromStr
SysAllocString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi

shlwapi

PathAppendW
StrToIntW

urlmon

URLDownloadToFileW

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb5d0d9ebe2be201256f8eab4e0dc3c7

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 49KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 49KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 31KB - Virtual size: 31KB