90849ccc59fe58cdfff3bda7af3491fecd93d4f256b82bcef12f256b66beb787

Sharing

Copy URL Twitter E-mail

General

Target

90849ccc59fe58cdfff3bda7af3491fecd93d4f256b82bcef12f256b66beb787
Size

172KB
MD5

7ddf4e6623a6458a6faaa8884baa7d64
SHA1

1c9782dea46f666b7a52e198264ca7ee502e26b6
SHA256

90849ccc59fe58cdfff3bda7af3491fecd93d4f256b82bcef12f256b66beb787
SHA512

524aac2a6a48a7df8335b656055e1f91b13b34d617955bfd3ad5d5dc15a1a75f5240cc7ba8648c3e31f76fb876e0f75b73326888aaa769acf6efe26b2d36a314
SSDEEP

3072:9aKy8w+JdUr4QekqshKHSA1CKsWTVYFLvwnsLE4mau:9aKy81SmUGIWRmInsY4ma

Score

N/A

Malware Config

Signatures

Files

90849ccc59fe58cdfff3bda7af3491fecd93d4f256b82bcef12f256b66beb787
.exe windows x86

b72c844542d55ca558423d32cdd680a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
OpenEventA
CreateMutexA
GetCurrentThreadId
CopyFileA
WideCharToMultiByte
lstrcpyW
LocalReAlloc
LocalSize
MultiByteToWideChar
GetShortPathNameA
WinExec
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
GetModuleHandleA
OpenProcess
Module32Next
Module32First
GetDiskFreeSpaceExA
GetDriveTypeA
HeapFree
ReadFile
LocalAlloc
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
TerminateThread
lstrcpyA
GetWindowsDirectoryA
lstrcatA
GetStartupInfoA
CreateProcessA
GetFileAttributesA
GetLastError
MoveFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetProcAddress
FreeLibrary
CreateThread
ExitThread
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
LocalFree
CreateFileA
GetFileSize
SetFilePointer
WriteFile
lstrlenA
GetSystemDirectoryA
DeleteFileA
GetEnvironmentVariableA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
LoadLibraryA
GlobalMemoryStatusEx

user32

IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetWindowThreadProcessId
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
SendMessageA
LoadIconA
RegisterClassA
GetInputState
PostThreadMessageA
GetMessageA
GetCursorInfo
ReleaseDC
SetRect
GetSystemMetrics
CloseClipboard
OpenClipboard
EmptyClipboard
wsprintfA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
IsWindow
MessageBoxA

gdi32

GetDIBits
BitBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
GetStockObject
DeleteObject

advapi32

RegisterServiceCtrlHandlerA
RegSetValueExA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
OpenServiceA
OpenSCManagerA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyA
SetServiceStatus
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
ControlService
QueryServiceStatus
AbortSystemShutdownA
GetUserNameA
LookupAccountSidA
GetTokenInformation
RegCreateKeyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

_initterm
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_strcmpi
_strrev
_stricmp
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??0exception@@QAE@ABQBD@Z
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
_snprintf
_beginthreadex
_mbscmp
_mbsstr
atol
wcscpy
_errno
strncmp
atoi
realloc
strncat
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memcpy
memmove
ceil
_ftol
strlen
strstr
memcmp
rand
strcpy
sprintf
strncpy
strchr
malloc
strcmp
free
_except_handler3
strrchr
exit
strcat

ws2_32

WSACleanup
WSAStartup
ioctlsocket
__WSAFDIsSet
recvfrom
listen
accept
bind
ntohs
inet_ntoa
getsockname
gethostname
htonl
WSASocketA
sendto
inet_addr
send
closesocket
select
recv
socket
gethostbyname
WSAIoctl
setsockopt
connect
htons
getpeername

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

urlmon

URLDownloadToFileA

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose

netapi32

NetUserAdd
NetApiBufferFree
NetUserEnum
NetUserSetInfo
NetUserGetInfo
NetUserDel
NetLocalGroupAddMembers

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA
WTSDisconnectSession
WTSLogoffSession
WTSQuerySessionInformationW

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b72c844542d55ca558423d32cdd680a7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

wininet

urlmon

avicap32

msvfw32

netapi32

psapi

wtsapi32

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 1KB