c3b8fc4a2addf6ead25f816101bdcbc8babf26d978ff9e718e934ccc354467b9

Sharing

Copy URL

Twitter E-mail

General

Target

c3b8fc4a2addf6ead25f816101bdcbc8babf26d978ff9e718e934ccc354467b9
Size

243KB
MD5

5f1dd17d6ed526e5b8894495162f2575
SHA1

4a8416d5268f0c3a989ec5ec9472ac6c668b9f3e
SHA256

c3b8fc4a2addf6ead25f816101bdcbc8babf26d978ff9e718e934ccc354467b9
SHA512

160e196d92ce6256a327737b52994694a7b20f14f623f7f0d18766336d781ff7758943feca19a1efaddf09b01b2ef5d122df7f5d0fb61973445687c26bf150da
SSDEEP

6144:n6WTBJp+rllfU9Oz3o/xz7ytG1Xpj0JOFoU5al:n6WTrcrlpqRl7f4Qj5

Score

N/A

Malware Config

Signatures

Files

c3b8fc4a2addf6ead25f816101bdcbc8babf26d978ff9e718e934ccc354467b9
.exe windows x86

6253b6d40c561577513ebf9eba37376f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
GetModuleHandleW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetEnvironmentVariableW
CreateProcessW
GetCurrentThread
OpenProcess
Thread32First
LoadLibraryW
Thread32Next
CreateToolhelp32Snapshot
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DuplicateHandle
ResumeThread
GetModuleFileNameW
GetUserDefaultUILanguage
SetThreadPriority
SetLastError
ResetEvent
GlobalLock
GlobalUnlock
IsBadReadPtr
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetThreadContext
SetThreadContext
GetProcessId
DeleteFileW
GetCurrentThreadId
TlsAlloc
TlsFree
ExitProcess
SetErrorMode
GetComputerNameW
GetFileAttributesExW
OpenEventW
GetCurrentProcessId
TerminateThread
CreateRemoteThread
Process32FirstW
Process32NextW
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
TlsGetValue
TlsSetValue
TerminateProcess
OpenMutexW
WTSGetActiveConsoleSessionId
GetVolumeNameForVolumeMountPointW
GetExitCodeThread
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
OutputDebugStringA
GetFileTime
RemoveDirectoryW
VirtualAlloc
GetFileSizeEx
SetFileTime
VirtualFree
CreateDirectoryW
SetFilePointerEx
GetVersionExW
GetNativeSystemInfo
lstrcpyW
GetHandleInformation
ReleaseMutex
FindNextFileW
FindClose
FindFirstFileW
SetEndOfFile
GetFileAttributesW
MoveFileExW
GetFileInformationByHandle
FileTimeToLocalFileTime
GetTempPathW
ReadFile
GetTempFileNameW
FileTimeToDosDateTime
ExpandEnvironmentStringsW
lstrcatW
lstrcmpiW
VirtualProtect
HeapCreate
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
CreateThread
GetTickCount
QueryPerformanceCounter
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcmpA
lstrcpyA
LoadLibraryA
GetProcAddress
GetLastError
FlushFileBuffers
CreateFileW
WriteFile
FreeLibrary
lstrcpynA
lstrlenA
CloseHandle
DeleteCriticalSection
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
SetEvent
WaitForSingleObject
TryEnterCriticalSection
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
CreateMutexW

user32

GetWindowThreadProcessId
GetShellWindow
GetTopWindow
LoadImageW
WindowFromPoint
GetWindowLongW
SetWindowLongW
SendMessageTimeoutW
GetWindow
GetKeyboardState
ToUnicode
CharLowerW
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
GetUserObjectInformationW
HiliteMenuItem
PostThreadMessageW
GetMenuItemCount
EndMenu
GetClassNameW
SystemParametersInfoW
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
OpenDesktopW
GetSubMenu
SetKeyboardState
GetMenuItemID
GetThreadDesktop
RegisterWindowMessageW
OpenWindowStationW
MsgWaitForMultipleObjects
DispatchMessageW
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
GetWindowRect
GetParent
GetWindowInfo
GetMenuState
SendMessageW
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
PostMessageW
MapVirtualKeyW
CharLowerA
GetCursorPos
GetIconInfo
DrawIcon
ExitWindowsEx
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
GetDC
GetCapture
TranslateMessage
RegisterClassExW
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
CharToOemW
MapWindowPoints
IsRectEmpty
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
RegisterClassA
DefFrameProcW
GetMessagePos
DefWindowProcW
CallWindowProcW
CallWindowProcA
RegisterClassW
ReleaseCapture
DefMDIChildProcA
GetSystemMetrics

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
IsWellKnownSid
GetLengthSid
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
EqualSid
InitiateSystemShutdownExW

shlwapi

PathAddExtensionW
PathAddBackslashW
StrCmpNIW
SHDeleteKeyW
SHDeleteValueW
StrStrIW
StrStrIA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathCanonicalizeW
PathQuoteSpacesW
StrCmpNW
PathMatchSpecW
PathUnquoteSpacesW
PathSkipRootW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathIsURLW
wvnsprintfA
wvnsprintfW
ord14

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2

gdi32

GdiFlush
GetDeviceCaps
SetRectRgn
CreateDCW
DeleteObject
SaveDC
RestoreDC
CreateDIBSection
GetDIBits
BitBlt
DeleteDC
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

getaddrinfo
recvfrom
getpeername
accept
listen
getsockopt
WSASetLastError
WSACreateEvent
WSACloseEvent
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
shutdown
setsockopt
WSACleanup
bind
select
getsockname
sendto
freeaddrinfo
WSARecv
WSASend
recv
closesocket
send
WSAGetLastError
socket

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData

wininet

HttpAddRequestHeadersW
GetUrlCacheEntryInfoW
InternetSetStatusCallbackW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
InternetSetStatusCallbackA
HttpSendRequestExW
HttpSendRequestExA
InternetCrackUrlA
InternetSetCookieA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

msvcrt

_errno
memcpy
memcmp
memset
_ultow
_purecall
abs
memmove
_ultoa
_wtoi
memchr
strcmp
free
_except_handler3
isleadbyte
_iob
_snprintf
_itoa
wctomb
malloc
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6253b6d40c561577513ebf9eba37376f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

msvcrt

Sections

.text Size: 230KB - Virtual size: 229KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 230KB - Virtual size: 229KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB