defa34f7d7a644fca86c6c62d306970572c96b0d22b5245a76de9ad9b337af2d

Sharing

Copy URL Twitter E-mail

General

Target

defa34f7d7a644fca86c6c62d306970572c96b0d22b5245a76de9ad9b337af2d
Size

273KB
MD5

8bf3f020058c2291705024b7f1da2847
SHA1

588d27ad11e7be17945b0463def94665d70d4ee6
SHA256

defa34f7d7a644fca86c6c62d306970572c96b0d22b5245a76de9ad9b337af2d
SHA512

3d8754d3867b855b5a407011ecebca4a9dc41d61fe1f7bc1619ef25b88290262267da134a1b38a56167664453710fef3ae9b67dad404892fb572900275161539
SSDEEP

6144:6oGg5uUz8jBlzZSqg/QIrNtsJ4LhHrS1oW+Fn:6LfjBltSqg/JtsJ4LJrW

Score

N/A

Malware Config

Signatures

Files

defa34f7d7a644fca86c6c62d306970572c96b0d22b5245a76de9ad9b337af2d
.exe windows x86

9ab5817626d4b6c3b9aa7601b8763dbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

advapi32

RegCreateKeyExW
OpenProcessToken
StartTraceW
RegSetValueExW
RegOpenKeyExW
ControlTraceW
EnableTrace
RegCloseKey
RegQueryValueExW
LookupAccountSidW
GetTokenInformation
RegOpenKeyW
EnumerateTraceGuids
RegDeleteValueW

wininet

InternetCloseHandle

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

secur32

GetComputerObjectNameW

shell32

SHCreateDirectoryExW

crypt32

CryptMsgClose
CertFreeCertificateContext
CryptMsgGetParam
CryptHashPublicKeyInfo
CertCloseStore
CryptMsgGetAndVerifySigner
CryptQueryObject
CryptDecodeObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

kernel32

HeapSize
GetConsoleMode
GetCommandLineA
CancelWaitableTimer
LocalFree
FormatMessageW
SetHandleCount
MapViewOfFile
LocalAlloc
GetFileAttributesExW
WriteConsoleW
FindResourceExW
GetFileSizeEx
GetCurrentDirectoryW
CreateWaitableTimerW
UnhandledExceptionFilter
SetFilePointer
GetConsoleCP
lstrcmpA
TlsFree
CreateToolhelp32Snapshot
GetModuleHandleW
LeaveCriticalSection
GetTempPathW
LoadResource
ReadFile
CreateDirectoryW
Process32NextW
WaitForSingleObject
HeapAlloc
SetWaitableTimer
LCMapStringW
Process32FirstW
IsValidCodePage
SetUnhandledExceptionFilter
GetThreadLocale
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetOEMCP
GetFileSize
GetFileType
FreeEnvironmentStringsW
GetSystemDirectoryW
MoveFileExW
IsProcessorFeaturePresent
SetStdHandle
CreateEventW
GetSystemTimeAsFileTime
RtlUnwind
FreeLibrary
HeapDestroy
CloseHandle
GlobalFree
FindResourceW
TlsAlloc
RemoveDirectoryW
SizeofResource
TlsGetValue
CreateThread
GetACP
LockResource
HeapReAlloc
CreateFileW
IsDebuggerPresent
DeleteCriticalSection
WriteFile
EnumSystemLocalesA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetCommandLineW
CreateFileMappingW
RaiseException
GetProcessHeap
FlushFileBuffers
GetTempFileNameW
IsValidLocale
OpenProcess
SetLastError
TlsSetValue
HeapFree
GetStdHandle
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
DeleteFileW
VirtualAllocEx

wintrust

WinVerifyTrust

userenv

ExpandEnvironmentStringsForUserW

user32

PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
GetSystemMetrics
TranslateMessage
UpdateWindow

shlwapi

PathFindFileNameW
PathFileExistsW
PathCombineW
SHDeleteKeyW
PathFindExtensionW
PathRemoveFileSpecW

comctl32

CreateStatusWindow
ImageList_SetFilter
FlatSB_ShowScrollBar
DllGetVersion
ImageList_GetIcon
DrawStatusText

catsrv

DllGetClassObject
DllRegisterServer
DllCanUnloadNow
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 39KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 175KB - Virtual size: 837KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ab5817626d4b6c3b9aa7601b8763dbf

Headers

File Characteristics

Imports

urlmon

advapi32

wininet

ole32

secur32

shell32

crypt32

kernel32

wintrust

userenv

user32

shlwapi

comctl32

catsrv

Sections

.text Size: 16KB - Virtual size: 16KB

.bss Size: 39KB - Virtual size: 947KB

.reloc Size: 175KB - Virtual size: 837KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 36KB - Virtual size: 634KB

.rsrc Size: 512B - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.bss
Size: 39KB - Virtual size: 947KB

.reloc
Size: 175KB - Virtual size: 837KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 634KB

.rsrc
Size: 512B - Virtual size: 1KB