f7f910441dcc0d4d989b11a4da99ad6964241d4e8cfc155cb988325c8a8d947c

Sharing

Copy URL Twitter E-mail

General

Target

f7f910441dcc0d4d989b11a4da99ad6964241d4e8cfc155cb988325c8a8d947c
Size

476KB
MD5

1d8a63ab6891ef95f0e14ddc8861eabe
SHA1

b303214b23c721a3e8c0c169c2c7adcacf829e7c
SHA256

f7f910441dcc0d4d989b11a4da99ad6964241d4e8cfc155cb988325c8a8d947c
SHA512

b9197a9afd40a5a901153dac99690624b651d73cdd552119697c0d124858d0e4088178b23e27d4c35ba7c3ce95e9a0b051c97980fd9de2b70c081e12cccc15ab
SSDEEP

12288:YW8js7widiT0xMWhc7wnCrCvlevZKxjv57U:EjdT0SWhc7wCmlgQjF

Score

N/A

Malware Config

Signatures

Files

f7f910441dcc0d4d989b11a4da99ad6964241d4e8cfc155cb988325c8a8d947c
.exe windows x86

a2e3a080c41a5c62d4a19d1e1a68bed8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

tolower
isspace
ZwMapViewOfSection
sprintf
RtlImageNtHeader
RtlRandom
_stricmp
memmove
memcpy
memset
_aulldiv
strncpy
memcmp
atoi
strcmp
NtResumeProcess
NtSuspendProcess
sscanf
strstr
wcscmp
strlen

kernel32

GetLastError
GetVersionExA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalMemoryStatusEx
EnumUILanguagesA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleHandleA
WriteFile
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
SetEvent
WaitForSingleObject
TerminateThread
WinExec
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenEventA
DeleteCriticalSection
LeaveCriticalSection
VirtualProtect
EnterCriticalSection
GetSystemInfo
VirtualAlloc
VirtualFree
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
CopyFileA
CreateProcessA
GetModuleFileNameA
GetCurrentDirectoryA
GetCommandLineW
LocalFree
lstrcmpiW
CreateMutexA
SetLastError
Sleep
GetCurrentProcessId
ExitProcess
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
WaitNamedPipeA
GetTickCount
TerminateProcess
OpenProcess
FindResourceA
SizeofResource
LockResource
LoadResource
ResetEvent
WaitForMultipleObjects
FindClose
FindNextFileA
FindFirstFileA
lstrcpynA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetTempFileNameA
GetSystemDirectoryA
QueryPerformanceCounter
DisableThreadLibraryCalls
ResumeThread
QueueUserAPC
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
GetTempPathA

msvcrt

_scprintf
_strdup
_time64
realloc
_purecall
??2@YAPAXI@Z
malloc
free
??3@YAXPAX@Z
_localtime64

user32

ShowWindow
DispatchMessageA
TranslateMessage
GetForegroundWindow
GetMessageA
PostQuitMessage
EnableWindow
GetSystemMetrics
DefWindowProcA
GetDC
GetDesktopWindow
EndPaint
GetWindowRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadIconA
UnregisterClassA
SetWindowLongA
RegisterClassExA
CreateWindowExA
UpdateWindow
SetForegroundWindow
DestroyWindow
GetParent
PostMessageA
CallWindowProcA
GetClientRect
GetWindowLongA
SendMessageA
SetWindowPos
wsprintfA
BeginPaint
MessageBoxA
ReleaseDC

advapi32

GetTokenInformation
InitializeSecurityDescriptor
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
OpenProcessToken
SetSecurityDescriptorDacl

ws2_32

socket
inet_ntoa
gethostname
ioctlsocket
htons
connect
WSAGetLastError
select
closesocket
gethostbyname
WSACleanup
WSAStartup

gdi32

CreateDIBSection
SetPixel
GetObjectA
GdiFlush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

shell32

SHAppBarMessage
CommandLineToArgvW
SHGetFolderPathA
ShellExecuteExA
Shell_NotifyIconA

wininet

HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpQueryInfoA
InternetQueryOptionA
InternetReadFile
InternetQueryDataAvailable

ole32

CoSetProxyBlanket
OleUninitialize
CoInitialize
CoCreateInstance
OleInitialize
CoGetClassObject
OleSetContainedObject

oleaut32

VariantClear
SysStringLen
VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString
SysAllocString

psapi

GetModuleBaseNameA

urlmon

URLDownloadToFileA

shlwapi

SHDeleteKeyA

Exports

Exports

OnCreateWnd

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2e3a080c41a5c62d4a19d1e1a68bed8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msvcrt

user32

advapi32

ws2_32

gdi32

shell32

wininet

ole32

oleaut32

psapi

urlmon

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 76B

.rsrc Size: 334KB - Virtual size: 333KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 334KB - Virtual size: 333KB

.reloc
Size: 5KB - Virtual size: 4KB