f59d73673aabb387b15b75939ebf24756c2faa5e00791572066055f0d1810448

Sharing

Copy URL Twitter E-mail

General

Target

f59d73673aabb387b15b75939ebf24756c2faa5e00791572066055f0d1810448
Size

200KB
MD5

55086312ec8ce7a2f2a21eb2cb944094
SHA1

46666a1c4baab53b3b5ed408221f0b07100beb00
SHA256

f59d73673aabb387b15b75939ebf24756c2faa5e00791572066055f0d1810448
SHA512

ceba32af394d1dbb29a25d796c42cf43ba5a90d31bf4b885c8f59ffd246e0f5f73346d9e08601ff8d4e0b3f9c607d787308df3312f38ee8d3690dc0e7fd8cd62
SSDEEP

6144:OAyiK2dkFkc7dnXPtBk0bu0aly8B+7S8P:gi87dnftBvbr+y8B+7XP

Score

N/A

Malware Config

Signatures

Files

f59d73673aabb387b15b75939ebf24756c2faa5e00791572066055f0d1810448
.exe windows x86

ea0fc4998092e92abb64cd61d39d6112

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetStartupInfoW
lstrcpynA
FindAtomA
lstrcatA
OpenFile
CreateMutexA
IsDebuggerPresent
AddAtomA
SetPriorityClass
WaitForMultipleObjects
SetEvent
GetVolumeInformationW
IsBadReadPtr
CreateThread
LoadLibraryW
FlushFileBuffers
FatalAppExitW
GetModuleFileNameA
QueryPerformanceCounter
GetFileAttributesW
CreateDirectoryA
lstrlenA
QueryPerformanceFrequency
GetPriorityClass
FreeLibrary
lstrlenW
FindResourceW
SearchPathA
GetProcAddress
BeginUpdateResourceA
GetVersionExW
EnumTimeFormatsW
BeginUpdateResourceW
lstrcmpi
GetExitCodeThread
OpenSemaphoreA
GetProcessHeaps
GetComputerNameA
MoveFileW
GetUserDefaultLCID
GetExpandedNameW
OpenWaitableTimerA
GlobalFindAtomW
EndUpdateResourceW
GetAtomNameW
lstrcpyA
SetErrorMode
lstrcmpiA
CreateSemaphoreA
GetLogicalDrives
GetEnvironmentStringsA
ReplaceFileA
IsValidCodePage
GetCurrentThreadId
GetACP
CopyFileA

user32

SetCursor
CharUpperA
CheckMenuItem
LoadIconW
EnableMenuItem
SetWindowPos
SetWindowTextW
CreateDialogParamW
RegisterClassExA
EndDialog
CreateDialogIndirectParamW
CloseWindow
GetSysColor
PeekMessageA
DefDlgProcW
SetWindowLongW
FrameRect
UnregisterClassW
DialogBoxParamW
DestroyMenu
EnumDesktopsA
WinHelpW
GetMenuItemCount
GetCursorPos
CheckMenuRadioItem
GetActiveWindow
CreateWindowExA
wsprintfA
DefFrameProcW
EnumDesktopsW
GetWindowRgn
CreateDesktopA
MessageBoxW
GetDCEx
CharLowerA
DrawTextA
DialogBoxIndirectParamA

gdi32

StartDocW
SetAbortProc
BeginPath
ExtTextOutA
GetBitmapBits
GetEnhMetaFileHeader
CopyEnhMetaFileA
GetNearestColor
GetFontUnicodeRanges
GetTextFaceA
SetWinMetaFileBits
GetTextCharacterExtra
MoveToEx
UpdateColors
GetBitmapDimensionEx

advapi32

RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyW

shell32

ExtractIconEx
SHGetDiskFreeSpaceExW
StrStrIW
ExtractAssociatedIconW
StrRChrA
ExtractAssociatedIconA
StrRChrIA

opengl32

glIndexMask
glVertex4dv
glColorPointer
glMapGrid1d
glTexCoord2d
glGetTexGeniv
glStencilMask
glTexParameterf
glColor4ubv
glEvalCoord1fv
glMatrixMode

urlmon

CoInternetCreateSecurityManager
URLOpenBlockingStreamA
URLDownloadA
RegisterMediaTypes
CoGetClassObjectFromURL
DllRegisterServer
BindAsyncMoniker
FindMediaType
CoInstall
HlinkGoForward
RegisterBindStatusCallback
Extract
SetSoftwareUpdateAdvertisementState

winspool.drv

DeletePrintProvidorW
SetPrinterDataA
DeletePrinterKeyW
EnumPrinterDriversW
DeletePortA
DeviceCapabilitiesA
DocumentPropertySheets
EnumPrintProcessorDatatypesA
DeletePrinterConnectionW
XcvDataW

wsock32

accept
WSAStartup

crypt32

I_CryptGetTls
CertSetCertificateContextProperty
I_CryptAddSmartCardCertToStore
CryptSignHashU
CryptHashCertificate
CertNameToStrA
I_CryptRegisterSmartCardStore
CryptMsgOpenToEncode
CryptRegisterOIDInfo
I_CryptUnregisterSmartCardStore
CryptInstallDefaultContext
CryptRegisterDefaultOIDFunction
CryptMemAlloc
CertVerifyCRLTimeValidity
CertGetCertificateChain
CryptUnprotectData
CryptEncodeObject

Sections

.X%'
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_MEM_READ

..W\
Size: 1KB - Virtual size: 26KB

IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.:9(0h
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

."*6Q#,
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.>4:?92
Size: 1024B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.?8](-e
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8.{/
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ

.j
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 155KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea0fc4998092e92abb64cd61d39d6112

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

urlmon

winspool.drv

wsock32

crypt32

Sections

.X%' Size: 1KB - Virtual size: 27KB

..W\ Size: 1KB - Virtual size: 26KB

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 4KB

.:9(0h Size: 1KB - Virtual size: 11KB

."*6Q#, Size: 1024B - Virtual size: 14KB

.>4:?92 Size: 1024B - Virtual size: 23KB

.?8](-e Size: 14KB - Virtual size: 14KB

.8.{/ Size: 1KB - Virtual size: 8KB

.j Size: 1024B - Virtual size: 35KB

.rsrc Size: 155KB - Virtual size: 188KB

.X%'
Size: 1KB - Virtual size: 27KB

..W\
Size: 1KB - Virtual size: 26KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 4KB

.:9(0h
Size: 1KB - Virtual size: 11KB

."*6Q#,
Size: 1024B - Virtual size: 14KB

.>4:?92
Size: 1024B - Virtual size: 23KB

.?8](-e
Size: 14KB - Virtual size: 14KB

.8.{/
Size: 1KB - Virtual size: 8KB

.j
Size: 1024B - Virtual size: 35KB

.rsrc
Size: 155KB - Virtual size: 188KB