c537233b8afc706eb8841fbf1e828f2045a43a8ab2a1115040ca3951ae0c9818

Sharing

Copy URL Twitter E-mail

General

Target

c537233b8afc706eb8841fbf1e828f2045a43a8ab2a1115040ca3951ae0c9818
Size

149KB
MD5

dcf733a90bf53797460f60a921af72fa
SHA1

1eceb1be23b7d35cf6d24bfa0e57ed5c5072476f
SHA256

c537233b8afc706eb8841fbf1e828f2045a43a8ab2a1115040ca3951ae0c9818
SHA512

18bba9043fd8cd20bb03a2246f704a94a77da27b31ac6d8d5045607496ae0921a34f980f77e471c07685e2d34bbf7ec24ec5619e4e14541ea987fdfae0d1fc47
SSDEEP

3072:6io11Gi33FwpbcFSG+ln4iNVm0uIj45bFtRIRhv5W8ep/ZW:6i5i3abcQl3MbShv/e+

Score

N/A

Malware Config

Signatures

Files

c537233b8afc706eb8841fbf1e828f2045a43a8ab2a1115040ca3951ae0c9818
.exe windows x86

af398bfd6bcf4d313811c2c4e8435db7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnprintf
_onexit
_stricmp
wcscmp
_ftime
strchr
toupper
rand
malloc
memmove
__dllonexit
_wcsdup
wcschr
strstr
_initterm
_vsnwprintf
wcslen
free
_wcsicmp
srand

oleaut32

SysAllocString
VariantClear
SysStringLen
VariantInit
SysFreeString

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid
StringFromCLSID

kernel32

GetLocalTime
InterlockedIncrement
GetLocaleInfoW
GetProcessWorkingSetSize
FindResourceA
lstrcmpi
GetExitCodeThread
CreateProcessW
GetVolumePathNameW
HeapAlloc
GlobalUnWire
ExpandEnvironmentStringsW
SetVolumeLabelW
CompareStringW
GetCurrentThread
GetCurrentProcess
LocalAlloc
LoadModule
CreateFileMappingW
GetCurrentProcessId
RemoveDirectoryW
GetUserDefaultLangID
FileTimeToDosDateTime
ReadFileEx
GetFileType
InterlockedDecrement
QueryPerformanceCounter
GetSystemDefaultLangID
GetFileSize
CreateEventW
lstrcmpiW
MultiByteToWideChar
CompareStringA
UnmapViewOfFile
FindNextFileW
CreateSemaphoreA
lstrcmpW
GetWindowsDirectoryW
TerminateProcess
ReadFile
WritePrivateProfileStringW
HeapFree
EnumUILanguagesA
GetTickCount
FileTimeToSystemTime
GetProcessHeap
LockResource
InterlockedExchange
LeaveCriticalSection
WriteConsoleInputVDMA
GetFileInformationByHandle
WaitForSingleObject
FileTimeToSystemTime
CreateDirectoryW
SetEvent
GetFileAttributesExW
ReadConsoleInputExA
SetLocaleInfoW
CancelTimerQueueTimer
GetPrivateProfileIntW
CompareFileTime
lstrcpynW
UnhandledExceptionFilter
lstrcmpiW
EnumSystemLanguageGroupsW
MapViewOfFile
GetVersionExW
WinExec
GetLastError
LocalShrink
ReleaseMutex
GetStdHandle
EnterCriticalSection
FormatMessageW
CreateMutexW
MoveFileExA
GetConsoleKeyboardLayoutNameW
InterlockedCompareExchange
WideCharToMultiByte
SetEndOfFile
ScrollConsoleScreenBufferW
GetVolumeInformationW
GetWindowsDirectoryW
DeleteCriticalSection
GetDiskFreeSpaceW
UnlockFile
InitAtomTable
ResetEvent
GetCPInfoExA
lstrlenW
MoveFileW
lstrlenA
SetLastError
WriteTapemark
CloseHandle
SetFilePointer
TransactNamedPipe
GetGeoInfoW
LockFileEx
GetConsoleMode
CancelDeviceWakeupRequest
LocalFree
Heap32ListFirst
GetLogicalDriveStringsW
IsBadReadPtr
GlobalFree
GetExitCodeThread
GetSystemInfo
CreateFileW
SetUnhandledExceptionFilter
WriteConsoleInputW
GlobalAlloc
GetSystemDefaultLCID
HeapReAlloc
Sleep
VerSetConditionMask
FindFirstFileW
FreeLibrary
GetSystemTimeAsFileTime
GlobalFree
GetDriveTypeW
GetConsoleAliasExesA
GetComputerNameExW
CreateMutexA
GetFileAttributesW
CreateActCtxW
WaitForMultipleObjects
DeleteFileW
GetSystemTime
GetFileTime
GetTimeZoneInformation
GetNumaHighestNodeNumber
VirtualAlloc
GetPrivateProfileStringW
GetConsoleInputExeNameA
GetCommConfig
SetFileAttributesW
GlobalUnfix
GetProcessPriorityBoost
SystemTimeToFileTime
GetPrivateProfileStructW
LeaveCriticalSection
SetFileTime

user32

SetWindowsHookW
EnumPropsExA
RegisterUserApiHook
ChangeDisplaySettingsExW
GetPropA
wvsprintfA
EditWndProc
GetClassNameA
DispatchMessageW
EnumWindowStationsA
AnimateWindow
LoadBitmapW
SendMessageW
MsgWaitForMultipleObjects
DefDlgProcW
GetWindowThreadProcessId
SetCursor
GetMenuStringW
OpenInputDesktop
SetProcessWindowStation
CreateCaret
OpenDesktopA
SendMessageTimeoutW
GetScrollPos
WinHelpW
GetRawInputData
CreateDialogIndirectParamAorW
GetClipboardViewer
CharNextW
GetWindowModuleFileName
GetClipboardFormatNameW
OpenWindowStationW
ReasonCodeNeedsBugID
GetUserObjectInformationW
SetClassLongW
GetKeyboardType
FindWindowW
GetRawInputDeviceList
RegisterLogonProcess
CharUpperW
EndTask
DdeQueryConvInfo
DrawIcon
SetScrollPos
SetRect
ToUnicodeEx
EnumPropsW
CharUpperA
GetForegroundWindow
CreateCursor
PaintMenuBar
DlgDirSelectComboBoxExW
BlockInput
BringWindowToTop
IsWindowInDestroy
DdeAccessData
GetClassLongW
VkKeyScanW
GetClientRect
GetKeyState
TranslateMessage
IsCharAlphaNumericW
ModifyMenuA
CheckRadioButton
DdeKeepStringHandle
ShowCaret
CallMsgFilterA
CharUpperA
User32InitializeImmEntryTable
SetMessageQueue
CreateAcceleratorTableA
PostMessageW
GetMenuContextHelpId
ShowWindowAsync
GetDC
DlgDirListComboBoxA
DrawTextA
GetTabbedTextExtentW
GetProgmanWindow
GetDoubleClickTime
GetScrollBarInfo
GetParent
GetClipboardSequenceNumber
MessageBeep
WCSToMBEx
UnregisterUserApiHook
DdeSetUserHandle
SendIMEMessageExA
SendMessageA
EndPaint
CharLowerA
CallMsgFilter
GetActiveWindow
GetWindowTextA
SendMessageW
CreateWindowStationW
SetClassLongA
UnloadKeyboardLayout
DdeCreateDataHandle
DestroyIcon
ExitWindowsEx
IsZoomed
TileWindows
UnionRect
IsWindow
wsprintfA
IsCharAlphaNumericA
SetWindowsHookA
EnumThreadWindows
SetWindowRgn
MessageBoxA
EmptyClipboard
mouse_event
SetScrollRange
MapVirtualKeyA
GetLastActivePopup
GetWindowLongA

shlwapi

PathIsRelativeW
StrChrW
StrStrIW
StrRChrW
PathIsUNCW
StrToIntW
PathFindExtensionW
PathRemoveBackslashW
PathIsRootW
StrCmpIW
PathStripToRootW
StrToIntExW
UrlCombineW
StrCmpW
UrlGetPartW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

advapi32

RegQueryValueExW
FreeSid
LsaNtStatusToWinError
GetSecurityDescriptorDacl
RegOpenKeyW
RegSetValueExW
LsaClose
AdjustTokenPrivileges
RegCreateKeyExW
GetLengthSid
LookupPrivilegeValueW
GetTokenInformation
CopySid
LsaOpenPolicy
IsValidSid
RegEnumKeyExW
EqualSid
RegEnumKeyW
LsaQueryInformationPolicy
SetNamedSecurityInfoW
GetSecurityDescriptorOwner
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
OpenProcessToken
RegDeleteKeyW
RegCloseKey
LsaFreeMemory

wininet

InternetCanonicalizeUrlW
InternetQueryOptionA
InternetCrackUrlW
InternetGetConnectedState

setupapi

CM_Get_DevNode_Registry_PropertyW
SetupOpenFileQueue
SetupCloseFileQueue
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupOpenInfFileW
SetupCloseInfFile
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupScanFileQueueW
SetupDiEnumDriverInfoW
SetupFindFirstLineW
SetupDiInstallDriverFiles
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupGetStringFieldW
CM_Locate_DevNodeW
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInfo
SetupDiSetSelectedDriverW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW

winspool.drv

EnumPrinterDriversW

shfolder

SHGetFolderPathW

advpack

ExtractFiles
RunSetupCommand
ExecuteCab

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

secur32

SaslIdentifyPackageA
InitSecurityInterfaceW
ImpersonateSecurityContext
LsaEnumerateLogonSessions
AddSecurityPackageA
EncryptMessage
SaslGetProfilePackageA
LsaUnregisterPolicyChangeNotification
SaslEnumerateProfilesA
DecryptMessage
LsaRegisterLogonProcess
FreeCredentialsHandle
CompleteAuthToken
LsaCallAuthenticationPackage
EnumerateSecurityPackagesA
AddCredentialsW
LsaRegisterPolicyChangeNotification
DeleteSecurityPackageW
QuerySecurityContextToken
InitializeSecurityContextW
RevertSecurityContext
LsaConnectUntrusted
AcquireCredentialsHandleA
AcceptSecurityContext

Sections

.IDsCt
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vCyFA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hMy
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ

.cNPF
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vRVvK
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.D
Size: 2KB - Virtual size: 43KB

IMAGE_SCN_MEM_READ

.ekDZLB
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.sZDc
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ

.Kd
Size: 3KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af398bfd6bcf4d313811c2c4e8435db7

Headers

File Characteristics

Imports

msvcrt

oleaut32

ole32

kernel32

user32

shlwapi

shell32

advapi32

wininet

setupapi

winspool.drv

shfolder

advpack

version

wintrust

crypt32

secur32

Sections

.IDsCt Size: 2KB - Virtual size: 1KB

.vCyFA Size: 1KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 12KB

.hMy Size: 3KB - Virtual size: 14KB

.cNPF Size: 2KB - Virtual size: 32KB

.rdata Size: 11KB - Virtual size: 11KB

.vRVvK Size: 3KB - Virtual size: 15KB

.data Size: 7KB - Virtual size: 38KB

.D Size: 2KB - Virtual size: 43KB

.ekDZLB Size: 1KB - Virtual size: 11KB

.sZDc Size: 3KB - Virtual size: 41KB

.Kd Size: 3KB - Virtual size: 47KB

.rsrc Size: 91KB - Virtual size: 91KB

.IDsCt
Size: 2KB - Virtual size: 1KB

.vCyFA
Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.hMy
Size: 3KB - Virtual size: 14KB

.cNPF
Size: 2KB - Virtual size: 32KB

.rdata
Size: 11KB - Virtual size: 11KB

.vRVvK
Size: 3KB - Virtual size: 15KB

.data
Size: 7KB - Virtual size: 38KB

.D
Size: 2KB - Virtual size: 43KB

.ekDZLB
Size: 1KB - Virtual size: 11KB

.sZDc
Size: 3KB - Virtual size: 41KB

.Kd
Size: 3KB - Virtual size: 47KB

.rsrc
Size: 91KB - Virtual size: 91KB