780feebb57a2411c6dbb6f77f006b8c51a3f23290f3ce8e9a7fbb8f1898a7764

Sharing

Copy URL Twitter E-mail

General

Target

780feebb57a2411c6dbb6f77f006b8c51a3f23290f3ce8e9a7fbb8f1898a7764
Size

182KB
MD5

f4ad6a2c90c362e9979a3aacdbb3a2f2
SHA1

824c5ea9a228fd0206c0ab21ad0c25f90db9d9c4
SHA256

780feebb57a2411c6dbb6f77f006b8c51a3f23290f3ce8e9a7fbb8f1898a7764
SHA512

3e63a9d7e9fc793f9c71237b6696e81944ceb4dd0e9490373abcfcd0349b13f2a80c51eec5d55c8e6f67b74077e48ec52b3f1e66de8a8dc1d13838da8e783327
SSDEEP

1536:KzE5aMhQm8NDlk2oisKldRUnAQ4/uiTuXCJqPjyvebKlqwT1slCWTxRUy7:raMSFlk2NVUnAhqyJqPGvIo1s9RUO

Score

N/A

Malware Config

Signatures

Files

780feebb57a2411c6dbb6f77f006b8c51a3f23290f3ce8e9a7fbb8f1898a7764
.exe windows x86

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GlobalUnlock
GlobalFree
GetCurrentProcess
FreeLibrary
lstrcmpA
ExpandEnvironmentStringsA
GetTempPathA
CloseHandle
GetFileSize
Sleep
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
_llseek
ExitProcess
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GetTempFileNameA
GlobalAlloc
WaitForSingleObject
CreateDirectoryA
GetFileTime
GetUserDefaultLangID
FreeResource
GlobalLock
LoadResource
SizeofResource
FindResourceA
MulDiv
lstrcmpiA
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lcreat
SetFileTime
LoadLibraryA
GetProcAddress
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetExitCodeProcess
_lread
_lopen
LockResource

user32

SetWindowTextA
ReleaseDC
LoadStringA
CharNextA
DestroyWindow
GetDlgItemTextA
EndDialog
SendMessageA
CreateDialogParamA
EnumChildWindows
MessageBoxA
SetTimer
GetDlgItem
EnableWindow
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxParamA
ShowWindow

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 512B - Virtual size: 4B

.rsrc Size: 55KB - Virtual size: 132KB

.text Size: 98KB - Virtual size: 100KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 512B - Virtual size: 4B

.rsrc
Size: 55KB - Virtual size: 132KB

.text
Size: 98KB - Virtual size: 100KB