e085f224aa1eb1a40a60f836215a8738f74a280050b87f90c782f5ea1ab140c9

Sharing

Copy URL

Twitter E-mail

General

Target

e085f224aa1eb1a40a60f836215a8738f74a280050b87f90c782f5ea1ab140c9
Size

1.2MB
MD5

d3aeefb9807224d4c07cbc4742222888
SHA1

112ba26d1acc8a79c2634a0521398730b671221a
SHA256

e085f224aa1eb1a40a60f836215a8738f74a280050b87f90c782f5ea1ab140c9
SHA512

b092ad5c7c31e5d82afa3583ce17d679905b7eb9efe283bd4797d75d816fd8871599b44d2a5d60752ba05e09adf536890d5832fab67274ab07ed6ac3a792cf72
SSDEEP

24576:80xb1oG6erWFIysCFyKXk/yRhLh7heXm8tCtCJ:TZ6XrTF6ghLh7hoZtCtCJ

Score

N/A

Malware Config

Signatures

Files

e085f224aa1eb1a40a60f836215a8738f74a280050b87f90c782f5ea1ab140c9
.exe windows x86

dd3a60f5342d2a6c0f8b32818be0de3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vadvapi32

ReportEventW
RegisterEventSourceW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
IsTextUnicode
RegLoadMUIStringW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW

vkernel32

LoadLibraryA
FreeLibrary
GetProcAddress
GlobalFree
SearchPathW
TlsGetValue
ResetEvent
CreateJobObjectW
QueryInformationJobObject
SetInformationJobObject
TlsSetValue
OpenThread
AssignProcessToJobObject
CompareFileTime
GetFileAttributesExW
GetCurrentProcessId
CreateNamedPipeW
ConnectNamedPipe
InterlockedPushEntrySList
InterlockedExchange
GetModuleHandleW
GetTickCount
DeleteFileW
GetEnvironmentVariableW
RaiseException
LocalFree
CreateProcessW
RegisterWaitForSingleObject
TerminateProcess
ResumeThread
GetExitCodeProcess
WriteFileEx
WaitForMultipleObjects
UnregisterWaitEx
GetFileSizeEx
CreateDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
SetCurrentDirectoryA
GetTempPathW
GetTempFileNameW
WriteFile
SetFilePointer
ReadFile
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
HeapSetInformation
SetErrorMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceExW
SetVolumeLabelW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetSystemWindowsDirectoryW
GetSystemInfo
GetComputerNameW
GetSystemPowerStatus
OutputDebugStringW
GetFileSize
QueueUserAPC
InterlockedFlushSList
InitializeSListHead
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
MulDiv
GlobalDeleteAtom
GlobalGetAtomNameW
GetTickCount64
QueryPerformanceFrequency
CreateWaitableTimerW
SetWaitableTimer
TlsFree
CancelWaitableTimer
GetVersionExW
GetThreadPreferredUILanguages
WideCharToMultiByte
GlobalAddAtomW
GetFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
FormatMessageW
LoadLibraryW
GetSystemDirectoryW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
RegisterApplicationRestart
GlobalMemoryStatusEx
GetCurrentThreadId
TlsAlloc
Sleep
lstrlenW
SetEvent
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
CreateEventW
CreateThread
CreateMutexW
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
VirtualAlloc
VirtualFree
DelayLoadFailureHook
GetFileAttributesW
SetFileAttributesW
CreateFileW
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
lstrcmpW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetModuleFileNameW
CopyFileW
WritePrivateProfileStringW

gdi32

ExtTextOutW
SetBkColor
GetDIBits
CreateCompatibleDC
OffsetWindowOrgEx
SetBkMode
GetClipBox
GetObjectW
BitBlt
SelectObject
CreateDIBSection
SetLayout
CreateFontIndirectW
GetStockObject
GetWindowOrgEx
StretchBlt
SetStretchBltMode
GetPath
LineDDA
GetTextExtentExPointW
SetTextColor
GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
DeleteObject
Rectangle
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile

vuser32

TrackPopupMenu
CheckMenuItem
SetMenuDefaultItem
GetForegroundWindow
DeregisterShellHookWindow
GetWindowThreadProcessId
FindWindowW
ChangeWindowMessageFilter
ShowWindow
SetWindowPos
SetWindowRgn
AllowSetForegroundWindow
PostMessageW
DefWindowProcW
DestroyWindow
LoadStringW
MessageBoxW
DrawTextExW
GetSystemMetrics
PostThreadMessageW
InflateRect
OffsetRect
EqualRect
CharUpperW
GetShellWindow
MessageBeep
UnhookWinEvent
SetWinEventHook
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationW
CloseDesktop
InsertMenuItemW
GetWindowTextW
SetWindowTextW
EndDialog
DrawFrameControl
CreatePopupMenu
AppendMenuW
AdjustWindowRectEx
MonitorFromRect
SetActiveWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
MsgWaitForMultipleObjectsEx
IsDialogMessageW
GetWindowInfo
DestroyIcon
GetIconInfo
PostQuitMessage
SetDlgItemTextW
GetDlgItem
SwitchToThisWindow
SendMessageW
RegisterWindowMessageW
SendMessageTimeoutW
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxIndirectW
CharUpperBuffW
GetParent
GetKeyState
InvalidateRect
IsWindow
DestroyAcceleratorTable
SetFocus
GetFocus
IsChild
UnionRect
PtInRect
CreateWindowExW
GetWindowLongW
SetWindowLongW
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
ReleaseDC
GetDC
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
GetWindow
EnumWindows
DeleteMenu
GetMenuItemCount
GetMonitorInfoW
MapWindowPoints
FillRect
SetRect
MsgWaitForMultipleObjects
RemovePropW
SetPropW
GetPropW
RegisterClassW
LoadCursorW
DialogBoxParamW
CreateDialogParamW
GetCursorPos
GetDoubleClickTime
GetWindowRect
SetCapture
ReleaseCapture
NotifyWinEvent
UpdateLayeredWindow
SetTimer
KillTimer
RedrawWindow
ScreenToClient
SetCursor
GetMessagePos
GetKeyboardState
GetMessageTime
SetForegroundWindow
EnableWindow
EnumDisplayMonitors
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
LoadIconW
IsHungAppWindow
IsWindowVisible
IsRectEmpty
SetParent
UpdateWindow
WindowFromPoint
RegisterHotKey
SystemParametersInfoW
UnregisterHotKey
PrintWindow
SetLayeredWindowAttributes
GetSysColor
MonitorFromWindow
RegisterShellHookWindow

vmsvcrt

??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_CIexp
floor
ceil
_CIfmod
_CIsqrt
_CIcos
_CIsin
_CxxThrowException
_wtof
_itow
wcschr
iswalpha
wcsrchr
_ftol2_sse
_exit
_cexit
__getmainargs
wcsstr
time
strrchr
strtok
_lseek
_close
_write
_read
_open
_wtol
realloc
wcstok
_wtoi
wcsspn
_vsnwprintf
memcpy
_controlfp
memmove
_ftol2
_purecall
??_U@YAPAXI@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
free
memset
malloc

atl

ord30
ord43
ord20
ord17
ord23
ord57
ord18
ord21
ord16
ord44
ord58
ord45
ord27
ord26
ord31
ord50
ord51
ord60
ord32
ord10
ord11

vntdll

WinSqmEventEnabled
WinSqmAddToStream
NtQuerySystemInformation
WinSqmIsOptedIn
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
WinSqmEventWrite

ole32

CreateOleAdviseHolder
OleUninitialize
OleInitialize
CoTaskMemFree
CLSIDFromProgID
CreateDataAdviseHolder
OleRegGetUserType
CreateBindCtx
CreateStreamOnHGlobal
CoResumeClassObjects
CoSuspendClassObjects
CoInitializeEx
OleRegEnumVerbs
CoUninitialize
CoCreateInstance
ReleaseStgMedium
PropVariantClear
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
GetHGlobalFromStream
CLSIDFromString
CoInitialize

oleaut32

LoadTypeLibEx
SafeArrayUnaccessData
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
DispCallFunc
VariantChangeType
VariantInit
OleCreatePropertyFrame
GetErrorInfo
SetErrorInfo
SysAllocString
VariantCopy
RegisterActiveObject
RevokeActiveObject
GetActiveObject
SafeArrayAccessData
SafeArrayCreateVector
SystemTimeToVariantTime
LoadTypeLi
LoadRegTypeLi
CreateErrorInfo

vgdiplus

GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateHatchBrush
GdipCreateTexture2
GdipSetTextureTransform
GdipCreatePathGradientFromPath
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientSigmaBlend
GdipSetPathGradientLinearBlend
GdipSetPathGradientGammaCorrection
GdipSetLineLinearBlend
GdipCreateLineBrush
GdipSetLineGammaCorrection
GdipSetLineSigmaBlend
GdipSetPathGradientPresetBlend
GdipMultiplyLineTransform
GdipSetLinePresetBlend
GdipSetPathGradientCenterPoint
GdipSetPathGradientFocusScales
GdipFillPath
GdipSetSolidFillColor
GdipSetPenCustomEndCap
GdipSetPenCustomStartCap
GdipSetCustomLineCapStrokeCaps
GdipStartPathFigure
GdipAddPathLine2
GdipCreateCustomLineCap
GdipClonePen
GdipCreatePathIter
GdipPathIterNextSubpath
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenCompoundArray
GdipSetPenDashCap197819
GdipSetPenDashArray
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToStream
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipAddPathRectangle
GdipAddPathEllipse
GdipAddPathPath
GdipAddPathBezier
GdipClosePathFigure
GdipResetPath
GdipDeletePathIter
GdipDeleteCustomLineCap
GdipMeasureString
GdipCreateStringFormat
GdipGetPenColor
GdipTransformPath
GdipSetClipPath
GdipDrawPath
GdipDeleteMatrix
GdipDeleteStringFormat
GdipCreateBitmapFromHBITMAP
GdipCreateMatrix
GdipCreateMatrix2
GdipSetStringFormatFlags
GdipSetWorldTransform
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreatePen1
GdipDeletePen
GdipDeleteRegion
GdipGetImageWidth
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetPenColor
GdipSetPenDashStyle
GdipTranslateWorldTransform
GdipDrawRectangle
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipGetClip
GdipIsVisibleRect
GdipSaveGraphics
GdipRestoreGraphics
GdipCreateRegion
GdipCreateFromHDC
GdipDeleteBrush
GdipImageRotateFlip
GdipCreateSolidFill
GdipDrawLine
GdipCloneBrush
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetImageAttributesColorKeys
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipAddPathLine
GdipAddPathArc
GdipSetPixelOffsetMode
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipFillRectangle
GdipDeletePath
GdipDeleteFont
GdipDeleteFontFamily
GdipGetDC
GdipReleaseDC
GdipSetMatrixElements
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImagePixelFormat
GdipGetPathPoints
GdipGetPathTypes
GdipGetPointCount
GdipClonePath
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipImageSelectActiveFrame
GdipGetImageRawFormat
GdipSetPageUnit
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipBitmapSetResolution
GdipCreateHBITMAPFromBitmap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetInterpolationMode
GdipResetWorldTransform
GdipGetCompositingQuality
GdipGetCompositingMode
GdipAddPathRectangleI
GdipCreatePath
GdipSetClipHrgn
GdipSetClipRectI
GdipRecordMetafile
GdipLoadImageFromFileICM
GdipCreateFromHWND
GdipGetVisibleClipBoundsI
GdipSetStringFormatAlign
GdipGetImageBounds
GdipGetPenWidth
GdipGetPenMode
GdipIsVisiblePathPoint
GdipWidenPath
GdipFlattenPath
GdipGetPropertyItem

shlwapi

AssocQueryStringW
ord214
PathGetDriveNumberW
PathCanonicalizeW
SHCreateStreamOnFileW
ord12
PathIsPrefixW
StrToIntExW
StrStrNIW
StrStrNW
UrlUnescapeW
PathRemoveFileSpecW
UrlEscapeW
PathFindExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathFindFileNameW
PathCommonPrefixW
PathIsRelativeW
PathCombineW
PathFileExistsW
ord270
ord8
ord10
ord7
PathCreateFromUrlW
UrlIsW
PathIsURLW
ord9

vshell32

DragAcceptFiles
DragFinish
ord102
DragQueryFileW
SHCreateItemWithParent
DragQueryPoint
ShellExecuteExW
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathEx
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
ord4
SHGetFolderLocation
ord2
ord155
SHGetFileInfoW
SHBindToObject
ord43
SHParseDisplayName
SHCreateItemFromIDList
SHCreateDirectoryExW
ord165
ShellExecuteW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathAndSubDirW

urlmon

URLOpenBlockingStreamW
CreateURLMoniker
CoInternetGetSession

crypt32

CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CryptDecodeObject
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

sfc

SfcIsFileProtected

vdwmapi

DwmSetWindowAttribute
DwmUpdateThumbnailProperties

cryptui

CryptUIDlgViewCertificateW

msimg32

AlphaBlend

vcomctl32

ord345
ord412
ord413
ord410
ord380
PropertySheetW
CreatePropertySheetPageW

vuxtheme

IsThemeActive
SetWindowThemeAttribute
CloseThemeData
DrawThemeBackground
OpenThemeData
SetWindowTheme
DrawThemeTextEx

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.detour
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uuu9
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd3a60f5342d2a6c0f8b32818be0de3e

Headers

DLL Characteristics

File Characteristics

Imports

vadvapi32

vkernel32

gdi32

vuser32

vmsvcrt

atl

vntdll

ole32

oleaut32

vgdiplus

shlwapi

vshell32

urlmon

crypt32

sfc

vdwmapi

cryptui

msimg32

vcomctl32

vuxtheme

Exports

Exports

Sections

.text Size: 615KB - Virtual size: 614KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 531KB - Virtual size: 530KB

.reloc Size: 30KB - Virtual size: 29KB

.detour Size: 19KB - Virtual size: 19KB

.uuu9 Size: 7KB - Virtual size: 6KB

.text
Size: 615KB - Virtual size: 614KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 531KB - Virtual size: 530KB

.reloc
Size: 30KB - Virtual size: 29KB

.detour
Size: 19KB - Virtual size: 19KB

.uuu9
Size: 7KB - Virtual size: 6KB