bc79249712a11992d06ddf7330cb349c7e238af4927dc909f06d26f241194e5b

Sharing

Copy URL Twitter E-mail

General

Target

bc79249712a11992d06ddf7330cb349c7e238af4927dc909f06d26f241194e5b
Size

728KB
MD5

54fca1bdf0e1df9ac499a3073a7b7664
SHA1

f7bd71717839701502f72ea5ebc613d0b4fa23c4
SHA256

bc79249712a11992d06ddf7330cb349c7e238af4927dc909f06d26f241194e5b
SHA512

4e30df42870084f0e36d30e7a2c02f8f36906f160e4070ed602d7e45e57d28993953da2c72f09b7779f84c4a5d36eb1de49285564201cab425f29c91e3e62eea
SSDEEP

12288:pHiwsrR0ZSADvr3B65tDfIqWADbSJFQ7dzPwwKAFI+nSt/jfhHs:M2ZSevkT7IqWA/S3Q79PwwKAFIB9jpM

Score

N/A

Malware Config

Signatures

Files

bc79249712a11992d06ddf7330cb349c7e238af4927dc909f06d26f241194e5b
.exe windows x86

b222db21110295fdc70c11baa7cd4a10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSid
GetSecurityDescriptorControl
GetSidLengthRequired
AddAce
InitializeAcl
SetNamedSecurityInfoW
GetLengthSid
RegOpenKeyExW
CopySid
IsValidSid
RegQueryValueExW
GetSidSubAuthority
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
ConvertSidToStringSidW
MakeAbsoluteSD
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
CryptReleaseContext
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
EqualSid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
GetAclInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
DuplicateTokenEx
RevertToSelf
ImpersonateSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
RegisterEventSourceW
ReportEventW
DeregisterEventSource

kernel32

GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
Sleep
FreeLibrary
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FileTimeToSystemTime
SystemTimeToFileTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
lstrcmpW
SetFilePointer
WaitForSingleObject
CloseHandle
ReleaseMutex
lstrcmpiW
GetLocalTime
CreateEventW
GetCurrentProcessId
LocalFree
FindFirstFileW
FindNextFileW
DeleteFileW
CopyFileW
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
GetFileSize
FindClose
CompareFileTime
GetFileAttributesExW
GetStringTypeExW
FormatMessageW
WaitForMultipleObjects
InterlockedCompareExchange
CreateMutexW
GetModuleHandleW
TryEnterCriticalSection
SetEvent
GetVersionExW
lstrcpynW
GetLongPathNameW
GetExitCodeProcess
GetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
GetTempFileNameW
DuplicateHandle
LoadLibraryW
VirtualQuery
GetTempPathW
DeviceIoControl
ProcessIdToSessionId
GetSystemPowerStatus
OpenProcess
CreateProcessW
GetThreadLocale
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReadProcessMemory
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileSectionNamesW
QueryDosDeviceW
GetLogicalDriveStringsW
CreateThread
GetComputerNameExW
GetSystemDefaultLangID
GetUserDefaultLangID
LoadLibraryExW
lstrlenA
lstrcmpA
GetStringTypeExA
FormatMessageA
SetFilePointerEx
WriteConsoleW
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetCurrentThread
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
FlushInstructionCache
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
CreateSemaphoreW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
UnregisterWaitEx
QueryPerformanceFrequency
QueueUserWorkItem
GetFileSizeEx
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetSystemInfo
VirtualProtect
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
FindResourceExW
LockResource
lstrlenW
LoadResource
RaiseException
SetLastError
InterlockedDecrement
GetLastError
FindResourceW
SizeofResource
ResetEvent

ole32

CoCreateInstance
IIDFromString
StringFromGUID2
CoTaskMemFree
CoCreateGuid
ReadClassStm
WriteClassStm
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoRegisterPSClsid
OleSaveToStream
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoGetObject

oleaut32

SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SysReAllocStringLen
VarUI4FromStr
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocString
LoadTypeLi
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
SysFreeString

user32

SetForegroundWindow
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MapWindowPoints
SetWindowPos
PostQuitMessage
GetMessageW
DestroyWindow
AllowSetForegroundWindow
wsprintfW
MessageBoxW
DispatchMessageW
TranslateMessage
PeekMessageW
CharUpperW
CharLowerW
UnregisterClassA
wvsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EnumWindows
GetWindowThreadProcessId
CreateWindowExW
IsWindowVisible
CharLowerBuffA
CharNextA
IsWindow
LoadStringW
CharNextW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CallWindowProcW
DefWindowProcW
KillTimer
SetTimer
SetWindowLongW

shell32

SHGetFolderLocation
SHGetDesktopFolder
ord680
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shlwapi

PathIsRelativeW
SHQueryValueExW
UrlEscapeW
PathCreateFromUrlW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathAddBackslashW
StrRetToStrW
PathFindFileNameW
PathAddExtensionW
PathFindExtensionW
UrlIsW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

crypt32

CryptUnprotectData
CryptProtectData
CertDuplicateCertificateContext
CryptQueryObject
CertGetNameStringW
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

imagehlp

ImageGetDigestStream

wintrust

WinVerifyTrust

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 496KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b222db21110295fdc70c11baa7cd4a10

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

shell32

iphlpapi

netapi32

psapi

shlwapi

version

userenv

wtsapi32

crypt32

imagehlp

wintrust

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 21KB - Virtual size: 35KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 37KB - Virtual size: 37KB

.vmp0 Size: 192KB - Virtual size: 496KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 21KB - Virtual size: 35KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 37KB - Virtual size: 37KB

.vmp0
Size: 192KB - Virtual size: 496KB