ca4e967270120a068f9254605f4b3bebf1deaee248b365916b2728ef485f3b64

Sharing

Copy URL Twitter E-mail

General

Target

ca4e967270120a068f9254605f4b3bebf1deaee248b365916b2728ef485f3b64
Size

132KB
MD5

684c65adb29d931e654f56f276da19f3
SHA1

27f3921423eb608b6b594faf63ba753029c0ff20
SHA256

ca4e967270120a068f9254605f4b3bebf1deaee248b365916b2728ef485f3b64
SHA512

bb716f8a71faf697ed69b353eb06816bbcfccea4546c81a5a512cb58cd87ec11d4c35f40da52fa45b8bf94e6dd3877226830c140e011d456ff4843c48fd1ba66
SSDEEP

3072:uUpUqeDPy0UbSHmKLFpSxelb0W6k0s10lTJ8ifuk4Q8YqfLZ2HK1ZoD/:u9qeDPy0GS1ielb0W6U0lTqifukyv512

Score

N/A

Malware Config

Signatures

Files

ca4e967270120a068f9254605f4b3bebf1deaee248b365916b2728ef485f3b64
.exe windows x86

663736ad89bd1b928cea371033071435

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetTickCount
GetUserDefaultUILanguage
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
ResetEvent
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateRemoteThread
TerminateThread
Process32FirstW
GetProcessId
Process32NextW
lstrcatW
GetWindowsDirectoryW
GetThreadContext
SetThreadContext
GlobalLock
GlobalUnlock
GetNativeSystemInfo
FreeLibrary
CreateDirectoryW
VirtualAlloc
LoadLibraryA
ExpandEnvironmentStringsW
SetThreadPriority
GetCurrentThread
GetPrivateProfileIntW
FlushFileBuffers
WriteFile
GetPrivateProfileStringW
WaitForSingleObject
SetEvent
WriteProcessMemory
GetTempPathW
LocalFree
LoadLibraryW
Sleep
GetFileAttributesW
CreateFileW
lstrcmpiA
GetProcAddress
WTSGetActiveConsoleSessionId
lstrcmpiW
CloseHandle
SetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
VirtualProtect
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetVersionExW
VirtualFreeEx
VirtualFree
GetModuleHandleW
GetComputerNameW
SetErrorMode
GetCommandLineW
CreateThread
GetSystemTime
GetLocalTime
EnterCriticalSection
ExitProcess

user32

CharToOemW
CharLowerW
MsgWaitForMultipleObjects
LoadImageW
CharLowerA
PeekMessageW
CharUpperW
GetClipboardData
ToUnicode
GetKeyboardState
TranslateMessage
ExitWindowsEx
CharLowerBuffA
GetCursorPos
GetIconInfo
DrawIcon
DispatchMessageW

advapi32

InitiateSystemShutdownExW
IsWellKnownSid
GetLengthSid
RegOpenKeyExW
RegEnumKeyExW
ConvertSidToStringSidW
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
RegCloseKey
EqualSid

shlwapi

StrStrIA
StrStrIW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
PathIsURLW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathQuoteSpacesW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathUnquoteSpacesW
PathRemoveBackslashW
PathRenameExtensionW
StrCmpNIW
PathRemoveFileSpecW
SHDeleteValueW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

getpeername
send
closesocket
WSASend
accept
socket
listen
WSASetLastError
WSAEventSelect
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
bind
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo
recvfrom

crypt32

PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663736ad89bd1b928cea371033071435

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB