681b50bc1b9c1d27b38bf79ffca59c3d3207d005731a04057b8adc9a1a2c8e83

Sharing

Copy URL Twitter E-mail

General

Target

681b50bc1b9c1d27b38bf79ffca59c3d3207d005731a04057b8adc9a1a2c8e83
Size

332KB
MD5

16f4a56d7fcd14a61487505814839ba0
SHA1

df753f4d72e6f29cc17cfd1c793df180b467c917
SHA256

681b50bc1b9c1d27b38bf79ffca59c3d3207d005731a04057b8adc9a1a2c8e83
SHA512

653202c946a313a65ce635cacaabb3674001c2bd5c8d9ff5e907f7ac543411fc1af3a5bd87d739bc10c22f4c2c3a40ac4871d6ceba728e6759e168a4e2f4631f
SSDEEP

6144:ihqiTT8opmqQcfOonGVeS1dLTZmY6P8negO1rr41fBsBh7Jhcw8paRFi6w:ihq68opPlGdjXJ6P8qgmBh7J4p2Fi6w

Score

N/A

Malware Config

Signatures

Files

681b50bc1b9c1d27b38bf79ffca59c3d3207d005731a04057b8adc9a1a2c8e83
.exe windows x86

3170c9995822a600cf7150148370ad04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
FreeLibrary
LoadLibraryExA
GetFileAttributesExA
CloseHandle
CreateFileA
ReadFile
GetFileSize
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
OpenEventA
SetEvent
WriteFile
GetProcAddress
LoadLibraryA
CopyFileA
VirtualQueryEx
OpenProcess
lstrcpyA
CompareStringA
CreateProcessA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCommandLineA
lstrcpynA
GetVersionExA
FindClose
FindNextFileA
FindFirstFileA
IsDBCSLeadByte
DeleteFileA
FileTimeToDosDateTime
GetFileTime
SetFilePointer
GetFileInformationByHandle
GetFileAttributesA
GetFileType
MapViewOfFile
DuplicateHandle
SystemTimeToFileTime
GetLocalTime
lstrcmpiA
lstrlenA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
GetModuleHandleA
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameA

user32

GetDC
EndDialog
GetWindowLongA
SetActiveWindow
EnableWindow
LoadIconA
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
CallWindowProcA
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
SetRectEmpty
GetClassNameA
CreateCursor
OffsetRect
ReleaseDC
UnregisterClassA
DrawTextA
IsDialogMessageA
SetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
GetWindowTextA
CreateWindowExA
GetDesktopWindow
GetWindowTextLengthA
SetWindowTextA
GetActiveWindow
DialogBoxParamA
IsWindow
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
SetWindowLongA
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CharNextA
DestroyCursor
DestroyWindow
CreateDialogParamA
PostQuitMessage
DefWindowProcA
GetParent
SetWindowPos
GetDlgItem
SendMessageA
MapWindowPoints

gdi32

SetBkMode
CreateFontIndirectA
DeleteDC
SelectObject
GetObjectA
GetStockObject
CreateFontA
SetTextColor
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA

shell32

ShellExecuteA
ExtractIconExA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
OleRun
CLSIDFromProgID
CoCreateGuid
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
VariantInit
SysStringLen
SysFreeString

shlwapi

PathRemoveBackslashA
PathRemoveFileSpecA
PathFileExistsA
PathIsRelativeA
PathAppendA
PathStripPathA
PathFindExtensionA
PathCanonicalizeA
PathAddBackslashA

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvcr90

malloc
??_V@YAXPAX@Z
_resetstkoflw
??_U@YAPAXI@Z
memset
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_mbsicmp
??0exception@std@@QAE@ABV01@@Z
_vscprintf
vsprintf_s
_mbsnbcpy
_ctime64
calloc
_mktime64
_mbscmp
_mbsrchr
getenv
_purecall
atoi
_mbschr
_mbspbrk
_mbstok
_mbsinc
_mbslwr_s
_ismbcspace
strtoul
_ultoa
strchr
_mbsnbcmp
_ismbcprint
_snprintf
memcpy
strncpy
iswprint
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_mbsstr
_mbsnbcpy_s
_recalloc
free
_splitpath
__CxxFrameHandler3
memcpy_s
strnlen
memmove_s
_CxxThrowException
exit
??3@YAXPAX@Z
_tzset
_stricmp
??2@YAPAXI@Z

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

dbghelp

MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump

wininet

InternetWriteFile
InternetCrackUrlA
HttpAddRequestHeadersA
InternetConnectA
HttpOpenRequestA
InternetOpenA
HttpEndRequestA
HttpSendRequestExA
InternetErrorDlg
InternetCloseHandle

psapi

GetModuleFileNameExA

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3170c9995822a600cf7150148370ad04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msvcr90

msvcp90

dbghelp

wininet

psapi

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 91KB - Virtual size: 92KB