d496cdd640595591d05f39cbb906596d46a6dc40cb69481f034809dfb0b34dbf

Sharing

Copy URL Twitter E-mail

General

Target

d496cdd640595591d05f39cbb906596d46a6dc40cb69481f034809dfb0b34dbf
Size

181KB
MD5

b9c486667d80b9986baa53eaf06967c1
SHA1

70cdca4f3f3afd90e05ef1ef43ae3716125f0eda
SHA256

d496cdd640595591d05f39cbb906596d46a6dc40cb69481f034809dfb0b34dbf
SHA512

bd3f2f4db4f74e122d7c29e41a2a0f40a067dd55a7738df549cba149dc4c41aab4a4152476f1a62e6530f35402ab4500a29490dbfe6eec07adc1409ac319b7e9
SSDEEP

3072:TkVWzpKYJ/stih3zdx+XVdj5uuN3WadZSnkqvugJAaF+Q1Glnp+17+3TF5J4iJ20:Gih3f+HkuN3WadZlqJAaF+4GlpVJ2hy9

Score

N/A

Malware Config

Signatures

Files

d496cdd640595591d05f39cbb906596d46a6dc40cb69481f034809dfb0b34dbf
.exe windows x86

25074190d4bdb958e2cc61740a4aee94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventRegister
EventUnregister
EventWrite
EventEnabled
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
InitiateShutdownW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetEntriesInAclW
CreateWellKnownSid
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW

kernel32

WaitForMultipleObjectsEx
CreateThread
WaitForSingleObjectEx
TerminateThread
CreateMutexW
CreateEventW
GetNativeSystemInfo
InterlockedDecrement
HeapFree
GetProcessHeap
GetModuleHandleW
HeapAlloc
GetLocaleInfoEx
GetFileAttributesExW
LocalFree
FormatMessageW
FreeLibrary
ExitProcess
LoadLibraryW
GetTickCount
GetFileMUIPath
GetSystemDirectoryW
WriteFile
CreateFileW
SearchPathW
GetCurrentDirectoryW
InitializeCriticalSection
ReleaseMutex
InterlockedExchange
WaitForSingleObject
GetCurrentProcess
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
LCIDToLocaleName
DecodePointer
EncodePointer
GetProcAddress
NotifyUILanguageChange
GetLocalTime
GetTempPathW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadPriority
CreateProcessW
GetModuleFileNameW
GetExitCodeThread
CreateDirectoryW
GetUILanguageInfo
EnumUILanguagesW
DeleteCriticalSection
CloseHandle
InterlockedCompareExchange
GetFileAttributesW
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetLastError
SetEvent
Sleep
InterlockedIncrement
HeapSetInformation
ExpandEnvironmentStringsW

gdi32

SetBkMode
SetTextColor

user32

GetSystemMetrics
SendMessageW
SetWindowLongW
GetWindowLongW
MessageBoxW
GetParent
LoadStringW
LoadImageW
DestroyIcon
RegisterWindowMessageW
SendNotifyMessageW
FindWindowW
KillTimer
SetTimer
GetWindowLongA
CreateWindowExW
GetDlgItem
LoadIconW
GetFocus
GetDlgCtrlID
EnableWindow
ShowWindow
SetDlgItemTextW
DefWindowProcW
PostMessageW
SetForegroundWindow
SystemParametersInfoW
GetAncestor
GetDlgItemTextW
GetWindowRect
DestroyWindow
LoadCursorW
SetCursor
ExitWindowsEx
SendDlgItemMessageW
SetWindowPos

msvcrt

_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_initterm
_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy_s
memmove_s
_CxxThrowException
__CxxFrameHandler3
??1exception@@UAE@XZ
_wcsicmp
??0exception@@QAE@XZ
_acmdln
exit
_ismbblead
_XcptFilter
_exit
??0exception@@QAE@ABV0@@Z
_wcsicoll
memset
_vsnwprintf
ceil
_ftol2
qsort
_wcslwr
_wsetlocale
_cexit
__getmainargs
_callnewh
?what@exception@@UBEPBDXZ
towlower
_wgetenv
_wfopen
fgetws
fclose
_wcsnicmp
malloc
free
memcpy
wcstol
memmove
wcschr
wcstoul
_lock

ntdll

RtlNtStatusToDosError
RtlGetUILanguageInfo
RtlGetNtProductType
NtGetMUIRegistryInfo
RtlpCleanupRegistryKeys
RtlpSetPreferredUILanguages

shell32

ShellExecuteExW
ord28
SHCreateItemFromIDList
ord155

ole32

CoGetMalloc
CoInitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoWaitForMultipleHandles
CoInitializeSecurity

comctl32

ImageList_Create
ImageList_Destroy
ord345
PropertySheetW
CreatePropertySheetPageW
ord17
ImageList_ReplaceIcon

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

slc

SLGetWindowsInformation

shlwapi

PathFileExistsW
PathCombineW
PathCanonicalizeW
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsDirectoryW
PathFindExtensionW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25074190d4bdb958e2cc61740a4aee94

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shell32

ole32

comctl32

oleaut32

slc

shlwapi

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 27KB - Virtual size: 27KB