f7405702219bc5ec409191f73ab0ce83e042ba2b51f56a4223a932e5fc08eaeb

Sharing

Copy URL

Twitter E-mail

General

Target

f7405702219bc5ec409191f73ab0ce83e042ba2b51f56a4223a932e5fc08eaeb
Size

1.7MB
MD5

fbc6721dc5ae72e34aaff656e6d2a303
SHA1

bdfbe0441e61fce9ae7a086d96dc426e6ef48a29
SHA256

f7405702219bc5ec409191f73ab0ce83e042ba2b51f56a4223a932e5fc08eaeb
SHA512

7d0e7696bfa9409ccb1cd93b4ebf5a87525f54c7ffc56b84bbece938be849076ea63d987ed799b0533f1dc11ee5df29dba16a3c0b102ea34fcf152107272c759
SSDEEP

24576:o79032GyKEgT2Mo5Fbod7OLnrJm31/vIKQeXwRU7kZSa1rjPola:IL/5lYmkxbQ0VgSsB

Score

N/A

Malware Config

Signatures

Files

f7405702219bc5ec409191f73ab0ce83e042ba2b51f56a4223a932e5fc08eaeb
.exe windows x86

98b81ce54496f185a9b20abc383c64be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW
GetProcessImageFileNameA

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDisposeImage
GdiplusShutdown
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSetSmoothingMode
GdipCloneImage
GdipLoadImageFromStream
GdipFillRectangle
GdipDrawRectangle
GdipDrawLinesI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillPieI
GdiplusStartup

msimg32

AlphaBlend
GradientFill

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathAddBackslashW
StrStrIW
PathFileExistsW
PathAppendW
PathAddBackslashA

iphlpapi

GetAdaptersInfo

wldap32

ord79
ord35
ord33
ord30
ord200
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord301

ws2_32

listen
accept
getpeername
getsockname
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
recvfrom
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
ioctlsocket
ntohl
htonl
gethostname
sendto

crypt32

CertFreeCertificateContext

kernel32

SwitchToThread
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TlsGetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
TlsFree
GetLocaleInfoW
GetCPInfo
RaiseException
RtlUnwind
LoadLibraryExW
GetLocalTime
TlsAlloc
SetUnhandledExceptionFilter
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
TlsSetValue
LCMapStringW
FileTimeToSystemTime
ExitProcess
GetLastError
WaitForSingleObject
CloseHandle
GetTickCount
CreateProcessW
GetTempPathW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetProcAddress
OpenProcess
GetCurrentProcess
GetCurrentProcessId
FindClose
CreateMutexW
GetModuleFileNameW
GetWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
MoveFileExW
FreeResource
LoadResource
SizeofResource
FindResourceW
WriteFile
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiW
lstrlenW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetFileSize
lstrcatW
OutputDebugStringW
lstrcpyW
LocalAlloc
LocalReAlloc
LocalLock
LocalUnlock
LocalSize
LocalFree
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
Sleep
CreateThread
SetEvent
ResetEvent
CreateEventW
SetProcessWorkingSetSize
GetTempFileNameW
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryA
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
Process32First
TerminateProcess
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32NextW
Process32Next
Process32FirstW
GetLogicalDriveStringsA
ResumeThread
GetExitCodeThread
SetLastError
SleepEx
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetFullPathNameW
CompareStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetTimeZoneInformation
HeapSize
LoadLibraryW

user32

OffsetRect
IsRectEmpty
EqualRect
DrawTextW
GetPropW
FillRect
IsZoomed
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CharUpperBuffW
CharLowerBuffW
GetKeyState
GetSystemMetrics
GetSysColor
PtInRect
RedrawWindow
GetFocus
EnableWindow
IsMenu
GetMenuStringW
GetSubMenu
GetMenuItemCount
EndMenu
GetIconInfo
DestroyCursor
LoadImageW
GetClassLongW
CreateCaret
RemovePropW
SetPropW
InvalidateRect
EndPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetCapture
SetFocus
UpdateLayeredWindow
DestroyWindow
CallWindowProcW
IntersectRect
CopyRect
SetRectEmpty
SetCursor
GetClientRect
IsWindow
UpdateWindow
LoadIconW
MessageBoxW
ShowWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
GetCursorPos
GetWindowRect
SetForegroundWindow
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
EndDialog
DialogBoxParamW
SetWindowPos
SendMessageW
wsprintfW
MapWindowPoints
ClientToScreen
GetActiveWindow
GetClassNameW
GetParent
GetDesktopWindow
ScreenToClient
SetClassLongW
SetCaretPos
GetCaretBlinkTime
ShowCaret
HideCaret
DestroyCaret
BeginPaint
LoadCursorW

gdi32

GetTextColor
GetBkMode
GetBkColor
CombineRgn
PatBlt
CreateFontW
CreateBitmap
TextOutW
ExtCreateRegion
SetBkMode
SetTextColor
SetRectRgn
CreatePatternBrush
GetTextExtentPointW
CreateCompatibleBitmap
SelectObject
CreateDIBSection
BitBlt
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
GetTextMetricsW
GetRegionData
DeleteDC
CreateCompatibleDC
SetBkColor
GetViewportOrgEx
GetStockObject
GetCurrentObject
GetClipBox
EnumFontsW
SetViewportOrgEx
GetObjectW
SelectClipRgn
CreateRectRgn

advapi32

RegOpenKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
DispGetIDsOfNames
VariantInit
VariantChangeType
GetErrorInfo
SysFreeString
LoadTypeLi
VariantClear

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpOpenRequest

Sections

.text
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98b81ce54496f185a9b20abc383c64be

Headers

DLL Characteristics

File Characteristics

Imports

psapi

comctl32

gdiplus

msimg32

shlwapi

iphlpapi

wldap32

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

Sections

.text Size: 837KB - Virtual size: 836KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 675KB - Virtual size: 675KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 837KB - Virtual size: 836KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 675KB - Virtual size: 675KB

.reloc
Size: 44KB - Virtual size: 44KB