d79e87d915a23f632b296379fabf113f4d290a24a83ed4bb45b6d615d4af3233

Sharing

Copy URL Twitter E-mail

General

Target

d79e87d915a23f632b296379fabf113f4d290a24a83ed4bb45b6d615d4af3233
Size

791KB
MD5

2dbf9a267315c78aeeac00df59a9f9e0
SHA1

6e4789112b6637ced0a9a2bf5ee3f5399a7dc58f
SHA256

d79e87d915a23f632b296379fabf113f4d290a24a83ed4bb45b6d615d4af3233
SHA512

f17d4207016483a1a67d69df8667dc317040f3d7f0ec2951b15b2b72e4ad8bd69fab056e6b6d610ea2398d56a34e91287944270b7f2cf610a2b9dfac20c23a75
SSDEEP

12288:fVHLX1neEq4ytE16xDzl4y01JFJG4t4BnqQPl9GYm0hCXbY2A:fr/qnt+Y4/bt01+YB

Score

N/A

Malware Config

Signatures

Files

d79e87d915a23f632b296379fabf113f4d290a24a83ed4bb45b6d615d4af3233
.exe windows x86

38e24a8e46f12c7e884916b10447dc8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ReleaseMutex
CreateMutexW
WaitForSingleObject
CreateThread
CreateEventW
GetCurrentProcess
SetProcessWorkingSetSize
WaitForMultipleObjects
GetTempPathA
GetFileAttributesA
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
SetEvent
GetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
GetACP
InterlockedExchange
FlushInstructionCache
ReadFile
GetFileSize
CreateFileMappingA
GetModuleHandleA
GetStartupInfoW
HeapFree
ExitProcess
GetProcAddress
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
WideCharToMultiByte
GetTimeZoneInformation
LoadLibraryA
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetUserDefaultLCID
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
FindClose
FindFirstFileW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemDefaultLCID
FreeLibrary
CreateDirectoryW
GetCurrentDirectoryW
LocalFree
InterlockedIncrement
InterlockedDecrement
TryEnterCriticalSection
GetVolumeInformationA
CompareFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetComputerNameW
GetProcessHeap
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileW
UnmapViewOfFile
MapViewOfFile
InitializeCriticalSectionAndSpinCount
CreateEventA
Sleep
GetVersion

advapi32

RegSetValueExA
RegCreateKeyExA
LookupAccountNameW
CopySid
GetLengthSid
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
OpenThreadToken
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextA
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDecrypt
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

RegisterWindowMessageW
CreateWindowExW
PostMessageW
KillTimer
LoadImageW
LoadStringW
DestroyMenu
ShowWindow
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
DeleteMenu
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
TrackPopupMenu
LoadCursorW
RegisterClassExW
DefWindowProcW
PostQuitMessage
GetDoubleClickTime
SetTimer
LoadMenuW
GetSubMenu
LoadIconW
GetSystemMetrics
GetDesktopWindow

shell32

ShellExecuteA
Shell_NotifyIconW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysStringLen
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen

crypt32

CryptUnprotectData
CryptProtectData

wininet

InternetSetOptionA
InternetErrorDlg
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38e24a8e46f12c7e884916b10447dc8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shell32

ole32

oleaut32

crypt32

wininet

Sections

.text Size: 201KB - Virtual size: 201KB

.data Size: 26KB - Virtual size: 41KB

.rsrc Size: 62KB - Virtual size: 62KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 201KB - Virtual size: 201KB

.data
Size: 26KB - Virtual size: 41KB

.rsrc
Size: 62KB - Virtual size: 62KB

.vmp0
Size: 500KB - Virtual size: 1.6MB