a1af0b58efd7e932fce8e0da7ff8964a13117bed7e8de3c31700ce21d1a1a1f3

Sharing

Copy URL Twitter E-mail

General

Target

a1af0b58efd7e932fce8e0da7ff8964a13117bed7e8de3c31700ce21d1a1a1f3
Size

302KB
MD5

78d3c955758a4e4a4776d90b52121b18
SHA1

eda6d10123157d3f0f355fc55c46ddc83bfb4032
SHA256

a1af0b58efd7e932fce8e0da7ff8964a13117bed7e8de3c31700ce21d1a1a1f3
SHA512

b8e50c8c58edc24edc65ef44c8e5671dcacaa282f825a51a67b1f649dafee943bc9e3cf37a7b8e968827521161f1b917e7e80f6a9766b3d5256fab553e82d820
SSDEEP

6144:OomnDa0bULKwnXdUkBSFk3NPjgXC0eaivof77jQtx2bbgnwwv4f:EDa0bgVntKjXxj7Cx6gnwh

Score

N/A

Malware Config

Signatures

Files

a1af0b58efd7e932fce8e0da7ff8964a13117bed7e8de3c31700ce21d1a1a1f3
.exe windows x86

563e48268bc87ce90fbddf3e202df344

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathIsNetworkPathW
PathRemoveBlanksW
StrTrimW
PathFindFileNameW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathFileExistsW
PathAppendW

rasapi32

RasGetProjectionInfoW
RasEnumConnectionsW
RasGetEntryPropertiesW

gdi32

CreatePatternBrush
SelectObject
TextOutW
SetBkColor
LineTo
GetObjectW
DeleteObject
CreateFontIndirectW
CreateSolidBrush
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
GetPixel
DeleteDC
GetTextExtentPoint32W
SetPixel
GetTextFaceW
GetDeviceCaps
SetTextJustification
SetBkMode
MoveToEx
GetTextMetricsW
GetDIBits
BitBlt
CreateDIBSection
GetStockObject
Polygon
ExcludeClipRect

psapi

GetModuleFileNameExW
EnumProcessModules

advapi32

RegQueryValueExW
CloseServiceHandle
GetUserNameW
RegSetValueExW
RegEnumKeyW
CryptAcquireContextW
CryptReleaseContext
RegEnumValueW
OpenServiceW
QueryServiceStatus
RegCreateKeyExW
RegOpenKeyExW
OpenSCManagerW
RegCloseKey
RegOpenKeyW
RegQueryValueW
CryptDestroyHash
StartServiceW
CryptHashData
CryptGetHashParam
CryptCreateHash

comdlg32

GetOpenFileNameW

mpr

WNetGetConnectionW

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Remove
_TrackMouseEvent
ImageList_GetIconSize
CreateStatusWindow
ImageList_DragShowNolock
FlatSB_SetScrollInfo
ImageList_Copy
InitCommonControlsEx
FlatSB_GetScrollPos
CreateToolbarEx
FlatSB_ShowScrollBar

kernel32

FindNextFileW
OutputDebugStringA
GetVolumeNameForVolumeMountPointW
FreeLibrary
GetSystemTimeAsFileTime
GetCommandLineW
GetTempPathW
WideCharToMultiByte
GetFileSize
GlobalUnlock
FindFirstFileW
lstrcpyW
ResetEvent
DeleteCriticalSection
GetFileSizeEx
WriteFile
ExpandEnvironmentStringsW
GetSystemDirectoryA
CreateMutexW
lstrlenW
VirtualQuery
OpenEventW
SetFilePointerEx
QueueUserWorkItem
CreateDirectoryW
GetDriveTypeW
FileTimeToSystemTime
IsDebuggerPresent
HeapFree
OpenProcess
GetLocalTime
CreateEventW
GetModuleHandleW
GlobalAlloc
CreateFileW
GetCurrentThreadId
SetUnhandledExceptionFilter
LocalLock
SleepEx
SetLastError
GetLongPathNameW
LocalUnlock
WinExec
GetSystemInfo
GetShortPathNameW
SystemTimeToFileTime
UnmapViewOfFile
DeleteFileW
FindClose
SignalObjectAndWait
EnterCriticalSection
ReadFile
GetProcessHeap
LeaveCriticalSection
HeapAlloc
OpenMutexW
LocalAlloc
GetFileAttributesExW
SetFilePointer
SetEndOfFile
MapViewOfFile
ReleaseMutex
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
WaitForSingleObject
GlobalLock
TerminateThread
LocalFree
WaitForMultipleObjectsEx
CloseHandle
GlobalFree
UnhandledExceptionFilter
GetSystemDirectoryW
GetStartupInfoA
VirtualAllocEx

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

inet_ntoa
WSACleanup
getservbyname
getservbyport
htons
ntohs
htonl
WSAGetLastError
gethostbyaddr
gethostbyname
WSASetLastError
WSAStartup
inet_addr

oleaut32

SysFreeString
SysAllocString

winmm

PlaySoundW

msimg32

GradientFill

shell32

ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

user32

DispatchMessageW
CallWindowProcW
GetCursor
ClientToScreen
GetSysColor
GetClientRect
GetCursorPos
ReleaseDC
SetWindowLongW
GetWindowPlacement
SetLayeredWindowAttributes
EnableWindow
SetWindowPos
RegisterClassExW
InvalidateRect
PostMessageW
SetClipboardData
GetSysColorBrush
LoadImageW
LoadStringW
GetParent
SetTimer
RegisterWindowMessageW
GetSystemMetrics
TranslateAcceleratorW
DestroyWindow
DestroyIcon
SetForegroundWindow
UpdateWindow
GetSubMenu
RemovePropW
DestroyAcceleratorTable
GetFocus
GetWindowRect
GetDesktopWindow
PeekMessageW
SystemParametersInfoW
LoadIconW
CopyImage
LoadCursorW
CheckMenuItem
GetWindowLongW
MsgWaitForMultipleObjects
OpenClipboard
MapDialogRect
SetCursor
GetAncestor
EnableMenuItem
DrawIconEx
CopyRect
EmptyClipboard
KillTimer
CreateIconIndirect
SetPropW
LoadBitmapW
LoadAcceleratorsW
GetWindowTextW
UnregisterClassW
GetKeyState
DefWindowProcW
DeleteMenu
FrameRect
MessageBeep
PtInRect
LoadMenuW
ScreenToClient
GetPropW
GetDC
InflateRect
DrawTextW
GetIconInfo
TranslateMessage
CreateWindowExW
SetFocus
CloseClipboard
RedrawWindow
DrawFocusRect
SendMessageW
FindWindowW
SetRect
IsWindowVisible
FillRect
GetWindowDC
IntersectRect
GetDlgItem
OffsetRect
IsWindow

efsadu

EfsDetail

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 27KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 184KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

563e48268bc87ce90fbddf3e202df344

Headers

File Characteristics

Imports

shlwapi

rasapi32

gdi32

psapi

advapi32

comdlg32

mpr

comctl32

kernel32

wintrust

version

ws2_32

oleaut32

winmm

msimg32

shell32

user32

efsadu

Sections

.text Size: 20KB - Virtual size: 20KB

.bss Size: 27KB - Virtual size: 741KB

.reloc Size: 184KB - Virtual size: 437KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 42KB - Virtual size: 64KB

.rsrc Size: 18KB - Virtual size: 136KB

.text
Size: 20KB - Virtual size: 20KB

.bss
Size: 27KB - Virtual size: 741KB

.reloc
Size: 184KB - Virtual size: 437KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 42KB - Virtual size: 64KB

.rsrc
Size: 18KB - Virtual size: 136KB