c333e2f769f408339ff97aab2d628e2e5d480fb6faa2e33d71196830eea5efb7

Sharing

Copy URL

Twitter E-mail

General

Target

c333e2f769f408339ff97aab2d628e2e5d480fb6faa2e33d71196830eea5efb7
Size

132KB
MD5

8ccba4f8e27fb1c3548f5437297d8662
SHA1

63c3db3c2a8bd9d04f124e20bedf79c54aa85df6
SHA256

c333e2f769f408339ff97aab2d628e2e5d480fb6faa2e33d71196830eea5efb7
SHA512

9552f0107a8d7c29df8a54a0b6eb2b6bc64d9d578347de3f29843215e194600b1177c953a01705083022514935548552008e0ff6e7837f763aff076d64c64069
SSDEEP

3072:me8UqeDPX177YE0KhLEOnctrnDbgMiYLc/e7YzrpJOSGYOY4yjRA:me/qeDPXVtDlEdtrnDbZb8mSGYKyjy

Score

N/A

Malware Config

Signatures

Files

c333e2f769f408339ff97aab2d628e2e5d480fb6faa2e33d71196830eea5efb7
.exe windows x86

6eaea098b5fdf7073a64c960b99cce98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WTSGetActiveConsoleSessionId
SetFileAttributesW
GetCurrentThread
SetThreadPriority
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetTickCount
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
lstrcmpiA
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
FindNextFileW
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetSystemTime
GetPrivateProfileStringW
GetPrivateProfileIntW
MoveFileExW
GetUserDefaultUILanguage
GetLocalTime
GlobalLock
GlobalUnlock
GetThreadContext
SetThreadContext
CreateProcessW
WaitForSingleObject
CreateFileW
GetFileAttributesW
LoadLibraryW
CreateDirectoryW
FreeLibrary
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
OpenEventW
CreateRemoteThread
OpenProcess
GetFileAttributesExW
MultiByteToWideChar
VirtualProtect
VirtualFreeEx
TerminateThread
Process32FirstW
GetProcessId
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
CloseHandle
GetWindowsDirectoryW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetProcAddress
GetModuleFileNameW
Sleep
VirtualFree
GetModuleHandleW
GetComputerNameW
SetErrorMode
GetCommandLineW
ExpandEnvironmentStringsW
CreateThread
lstrcmpiW
LocalFree
GetVersionExW
GetNativeSystemInfo
CreateEventW
ResetEvent
EnterCriticalSection
SetLastError
GetLastError
ExitProcess

user32

LoadImageW
ExitWindowsEx
CharToOemW
CharLowerW
CharLowerBuffA
GetCursorPos
GetIconInfo
MsgWaitForMultipleObjects
TranslateMessage
DrawIcon
ToUnicode
GetClipboardData
GetKeyboardState
DispatchMessageW
CharUpperW
PeekMessageW
CharLowerA

advapi32

IsWellKnownSid
ConvertSidToStringSidW
InitiateSystemShutdownExW
EqualSid
CryptGetHashParam
RegEnumKeyExW
CryptHashData
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
GetLengthSid

shlwapi

UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
PathQuoteSpacesW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
StrCmpNIW
wvnsprintfA
StrStrIA
StrStrIW
StrCmpNIA
PathRemoveFileSpecW
PathRemoveBackslashW
PathRenameExtensionW
PathIsURLW
SHDeleteKeyW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

socket
bind
recv
setsockopt
shutdown
select
getsockname
WSAGetLastError
WSASend
WSAEventSelect
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
WSASetLastError
closesocket
send
listen
accept
freeaddrinfo

crypt32

PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx

wininet

HttpSendRequestW
InternetQueryOptionA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eaea098b5fdf7073a64c960b99cce98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB