bdb76e9e729034189d51751bad9eb8ff738503b5038b7a5ef1e00037143c6974

Sharing

Copy URL Twitter E-mail

General

Target

bdb76e9e729034189d51751bad9eb8ff738503b5038b7a5ef1e00037143c6974
Size

256KB
MD5

020e3f9d159edbbc87a2b44a9120171b
SHA1

8b9a08eba305ac43264744d08b6b4dd2adff15b1
SHA256

bdb76e9e729034189d51751bad9eb8ff738503b5038b7a5ef1e00037143c6974
SHA512

49149d86abe490b9f81798346f0cc0751464b9bb46160555e58a1f1778f4815ac56f84ac87fc315830910419dbb0898d96214e7d64aba2d02baeb6e4907ea14e
SSDEEP

6144:/cKgyzKEWQGlXapArwLZi4iylkdL88+2UDy:/FuERaXanL079dLM2j

Score

N/A

Malware Config

Signatures

Files

bdb76e9e729034189d51751bad9eb8ff738503b5038b7a5ef1e00037143c6974
.exe windows x86

a1e786228946100e582a992616a1c7df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
WriteFile
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
RemoveDirectoryA
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
WideCharToMultiByte
GetConsoleCP

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathGetArgsA
PathFileExistsA
PathIsDirectoryA
PathRemoveBlanksA
PathFindFileNameA

gdi32

CreateFontA
SetViewportOrgEx
GetObjectW
SetBrushOrgEx
GetTextAlign
StretchDIBits
SetDCBrushColor
SwapBuffers
LineTo
BitBlt
MaskBlt
ExtCreateRegion
CreateDIBitmap
GetMetaFileW
CreateCompatibleBitmap
BeginPath
SetMetaRgn
DPtoLP
RemoveFontResourceW
SetAbortProc
SetMetaFileBitsEx
CreateICA
GetGlyphIndicesW
GetRegionData
EnumObjects
GetCharWidthFloatW
SetWorldTransform
RoundRect
GetCharWidth32A
GetNearestPaletteIndex
SetArcDirection
Polygon
GetBitmapBits
PolyTextOutW
GetDIBColorTable
GetCurrentPositionEx
Polyline
CheckColorsInGamut
InvertRgn
SetPixelV
CombineRgn
GetTextExtentExPointW
SetICMMode
GetDCPenColor
RealizePalette
ExtEscape
EndPath
FlattenPath
GetMetaFileBitsEx
GetRandomRgn
CreateDCW
AddFontResourceW
GetOutlineTextMetricsA
CreateMetaFileA
DeleteDC
Pie
GetTextExtentPointI
EnumFontsA
GetRgnBox
GetMapMode
CreatePenIndirect
GetMetaRgn
GetColorAdjustment
GetPolyFillMode
EnumICMProfilesW
GdiComment
GetPixelFormat
GdiTransparentBlt

ws2_32

closesocket
__WSAFDIsSet
select
send
ioctlsocket
htons
socket
gethostbyname
connect
recv
WSAStartup

netapi32

Netbios

crypt32

CertEnumSubjectInSortedCTL
PFXExportCertStoreEx
CertDeleteCertificateFromStore
CertCreateCTLContext
CertNameToStrW
CertDuplicateCRLContext
CertRegisterPhysicalStore
CryptUnregisterOIDInfo
CertGetIntendedKeyUsage
CertVerifyValidityNesting
CertSaveStore
CryptRegisterDefaultOIDFunction
CryptEnumOIDFunction
CertGetStoreProperty
CertAddEncodedCRLToStore
CryptVerifyCertificateSignatureEx
CertGetNameStringW
CryptMsgVerifyCountersignatureEncodedEx
CertAddSerializedElementToStore
CertSetCertificateContextProperty
CryptImportPublicKeyInfoEx
CertDuplicateCertificateChain
CertEnumCTLsInStore
CryptMsgDuplicate
CertRemoveEnhancedKeyUsageIdentifier
CryptMsgUpdate
CryptVerifyDetachedMessageHash
CertFindCTLInStore
CertEnumCertificateContextProperties
CryptMemAlloc
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CryptEnumOIDInfo
CertSetCertificateContextPropertiesFromCTLEntry
CryptStringToBinaryW
CryptRegisterOIDInfo
CryptHashCertificate
CertCreateSelfSignCertificate
CertAddCRLContextToStore
CryptVerifyDetachedMessageSignature
PFXImportCertStore
CertUnregisterSystemStore
CertVerifyCertificateChainPolicy
CryptEncodeObjectEx
CertSetStoreProperty
CertGetCTLContextProperty
CryptImportPublicKeyInfo
CertOpenSystemStoreW
CryptInstallOIDFunctionAddress
CertFreeCertificateChainEngine
CryptEncodeObject
CryptSignMessage
CertNameToStrA
CryptUninstallDefaultContext
CryptGetKeyIdentifierProperty
CryptAcquireCertificatePrivateKey
CryptMsgSignCTL

imm32

ImmGetDefaultIMEWnd
ImmConfigureIMEA
ImmNotifyIME
ImmSetCompositionStringW
ImmIsUIMessageW
ImmSetStatusWindowPos
ImmGetCandidateListA
ImmUnregisterWordA
ImmGetCandidateListCountW
ImmGetOpenStatus
ImmGetConversionListW
ImmGetCandidateWindow
ImmSetCandidateWindow
ImmGetGuideLineW
ImmGetStatusWindowPos
ImmCreateContext
ImmInstallIMEW
ImmGetIMEFileNameA
ImmGetConversionListA
ImmGetDescriptionA
ImmGetConversionStatus
ImmConfigureIMEW
ImmSetOpenStatus
ImmSetCompositionStringA
ImmAssociateContextEx
ImmRegisterWordA

msimg32

AlphaBlend

msvfw32

DrawDibProfileDisplay
ICSendMessage
DrawDibClose
ICSeqCompressFrameEnd
DrawDibEnd
ICImageCompress
ICDraw
DrawDibChangePalette
DrawDibBegin
DrawDibGetBuffer
DrawDibStop
ICInstall
DrawDibOpen
DrawDibTime
ICOpenFunction
ICSeqCompressFrameStart
ICInfo
DrawDibDraw
MCIWndCreateA
ICDrawBegin
ICImageDecompress
DrawDibGetPalette
ICSeqCompressFrame
ICCompressorFree

mswsock

WSARecvEx

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e786228946100e582a992616a1c7df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

crypt32

imm32

msimg32

msvfw32

mswsock

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 17KB