251b428db07037e3f4b882093abb56458c061609b371886db5ae710baf772d17

Sharing

Copy URL Twitter E-mail

General

Target

251b428db07037e3f4b882093abb56458c061609b371886db5ae710baf772d17
Size

1.2MB
MD5

6bf2f238ca71626322d38cc14171cc9e
SHA1

8686f37b618ae6bf35c2adb2ebc27dd42358bb4e
SHA256

251b428db07037e3f4b882093abb56458c061609b371886db5ae710baf772d17
SHA512

c19c56235700090360570aab86f0ac9742da8d1fd52eec7c89fbb5e037da8671338e23489153eeb2a42df2d27fb0341b16700e719be27a02324115630b238bcc
SSDEEP

24576:wqqK2Q0PBXzkCBFeVPOvulVR/BvJOM8XvMX7hOHxMtuY:wqqKiPBjkCBIV2mlVR/NEMrhpuY

Score

N/A

Malware Config

Signatures

Files

251b428db07037e3f4b882093abb56458c061609b371886db5ae710baf772d17
.exe windows x86

62f161608da836b0a50d6e3207262b0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathSearchAndQualifyA
StrCmpNA
UrlEscapeW
PathBuildRootW
PathCombineW
SHEnumValueW
PathCanonicalizeA
StrFormatByteSize64A
PathIsDirectoryEmptyA
PathCompactPathExW
StrCSpnIA
StrPBrkA
PathIsUNCServerA
PathMatchSpecA
SHRegQueryUSValueA
SHGetValueW
PathIsLFNFileSpecA
UrlCreateFromPathW
StrFormatKBSizeA
StrToIntA
StrRChrIA
UrlIsW
PathStripToRootW
PathSetDlgItemPathW
PathRenameExtensionA
SHEnumValueA
StrCatW
StrToIntW
UrlIsOpaqueW
PathStripToRootA
SHQueryInfoKeyA
PathIsRootA
SHDeleteEmptyKeyW
SHIsLowMemoryMachine
StrCSpnA
UrlGetLocationA
PathBuildRootA
PathIsSameRootA
StrCatBuffA
UrlCombineA
PathIsContentTypeA
StrFormatKBSizeW
SHQueryValueExA
PathMakeSystemFolderA
PathFindFileNameA
PathIsSystemFolderW
UrlIsA
PathParseIconLocationW
SHRegDeleteUSValueA
SHRegCreateUSKeyA
SHRegDuplicateHKey
PathCanonicalizeW
StrDupW
PathFindSuffixArrayW
SHRegSetUSValueA
StrNCatW
StrCmpW
wnsprintfW
SHRegGetUSValueW
SHStrDupA
PathCreateFromUrlW
PathIsNetworkPathW
PathMakeSystemFolderW
SHRegOpenUSKeyA
ColorRGBToHLS
UrlCanonicalizeA
SHGetThreadRef
SHRegEnumUSKeyW
StrFormatByteSizeA
UrlUnescapeW
PathSetDlgItemPathA
UrlCanonicalizeW
UrlApplySchemeA
StrCmpNIA

kernel32

SetThreadPriority
GetDiskFreeSpaceW
SetFileApisToOEM
UpdateResourceA
BuildCommDCBW
FileTimeToDosDateTime
FillConsoleOutputAttribute
DebugActiveProcess
HeapUnlock
MulDiv
GetStartupInfoA
WaitForDebugEvent
HeapFree
CreateSemaphoreA
VirtualQuery
FindClose
QueryDosDeviceA
lstrcmpiA
BeginUpdateResourceW
GetCPInfoExA
FindAtomW
GetCurrencyFormatA
IsValidLocale
VirtualAlloc
RemoveDirectoryW
GlobalAddAtomW
GetQueuedCompletionStatus
GetThreadLocale
WriteConsoleInputW
GetProcessHeaps
GetPrivateProfileStructA
GetStdHandle
GetComputerNameW
EnumSystemLocalesW
OpenMutexA
CopyFileW
PeekConsoleInputA
WaitNamedPipeW
EnumResourceNamesW
GetVersionExW
SetLocaleInfoW
RaiseException
GetPrivateProfileIntW
WaitForMultipleObjectsEx
SetProcessAffinityMask
Module32First
CreateNamedPipeA
GetDriveTypeA
CreateNamedPipeW
GetCommandLineA
FlushViewOfFile
FindFirstFileExA
FindFirstFileA
UnmapViewOfFile
GetModuleHandleW
FatalExit
GetSystemDefaultLCID
RequestDeviceWakeup
GetShortPathNameW
FindFirstFileW
ConnectNamedPipe
GetCPInfoExW
ExitProcess
SetCalendarInfoA
TlsGetValue
SetSystemPowerState
UpdateResourceW
CopyFileA
SetProcessWorkingSetSize
LocalLock
UnlockFileEx
GetProfileIntA
CreateFileW
GlobalFlags
EscapeCommFunction
WaitForSingleObjectEx
SetConsoleWindowInfo
CopyFileExA
DeleteFileW
DisconnectNamedPipe
GetCurrencyFormatW
FileTimeToLocalFileTime
GlobalAlloc
SetCommBreak
GetDefaultCommConfigW
VirtualProtect
MapViewOfFileEx
GetProcessTimes

advapi32

DeregisterEventSource
SetSecurityDescriptorGroup
RegSetValueExW
QueryServiceObjectSecurity
EqualSid
LookupPrivilegeNameA
OpenSCManagerW
TrusteeAccessToObjectW
DuplicateToken
LookupAccountNameW
GetLengthSid
FindFirstFreeAce
GetSecurityInfo
AccessCheckAndAuditAlarmW
ReportEventW
ChangeServiceConfigA
CryptAcquireContextA
CreateServiceW
CryptGetUserKey
QueryServiceConfigW
GetSecurityDescriptorControl
CryptGenRandom
LogonUserW
StartServiceA
CryptSetProviderExW
GetEffectiveRightsFromAclW
RegEnumKeyW
CryptSignHashW
BuildImpersonateExplicitAccessWithNameA
RegConnectRegistryA
LookupAccountSidA
LookupPrivilegeValueA
GetOverlappedAccessResults
IsValidSecurityDescriptor
QueryServiceLockStatusW
GetKernelObjectSecurity
OpenSCManagerA
ConvertSecurityDescriptorToAccessA
ConvertAccessToSecurityDescriptorA
BuildImpersonateTrusteeW
CryptSignHashA
ConvertSecurityDescriptorToAccessNamedW
RegSaveKeyW
BuildTrusteeWithSidW
CreateProcessAsUserW
RegisterEventSourceA
LookupPrivilegeDisplayNameA
RegDeleteKeyA
CreateProcessAsUserA
GetTrusteeNameW
RegSetValueW
GetAuditedPermissionsFromAclW
AreAllAccessesGranted
GetSidLengthRequired
QueryServiceLockStatusA
SetThreadToken
CryptDeriveKey
CryptGetHashParam
GetNamedSecurityInfoExW
RegSaveKeyA
BuildTrusteeWithNameW
BuildSecurityDescriptorW
SetEntriesInAuditListW
GetNumberOfEventLogRecords
ImpersonateNamedPipeClient
CryptSetKeyParam
RegReplaceKeyW
EnumDependentServicesA
CryptVerifySignatureA
CryptGenKey
RegNotifyChangeKeyValue
QueryServiceConfigA
StartServiceW
SetFileSecurityW
GetFileSecurityW

ole32

CoGetCallContext
OleTranslateAccelerator
StgGetIFillLockBytesOnFile
CreateFileMoniker
CoUnmarshalHresult
OleCreateFromDataEx
OleUninitialize
OleRegGetUserType
CreateObjrefMoniker
CoInitialize
OleIsRunning
UtGetDvtd32Info
CoRevertToSelf
CoBuildVersion
CoLoadLibrary
CoQueryAuthenticationServices
StgOpenStorageEx
StgIsStorageFile
CoGetObject
OleInitialize
ReleaseStgMedium
GetHGlobalFromILockBytes
CoCreateInstance
CoGetInstanceFromIStorage
OleCreateLinkEx
CoUninitialize
OleCreateDefaultHandler
OleCreateLinkFromData
GetConvertStg
CoGetCallerTID
CoGetCurrentProcess
CoMarshalHresult
OleLockRunning
StgOpenAsyncDocfileOnIFillLockBytes
CoFreeUnusedLibraries
CoTaskMemAlloc
CoQueryClientBlanket
CoRevokeClassObject
CoFileTimeNow
CoReleaseMarshalData
UtGetDvtd16Info
SetConvertStg
CreateDataCache
CoGetCurrentLogicalThreadId
WriteClassStg
OleRegGetMiscStatus
WriteOleStg
OleCreateMenuDescriptor
CoInitializeEx
CoFreeAllLibraries
OleConvertIStorageToOLESTREAMEx
OleMetafilePictFromIconAndLabel
CoAddRefServerProcess
CoSwitchCallContext
CoIsOle1Class
ReadClassStm
OleGetClipboard
StgGetIFillLockBytesOnILockBytes
StringFromIID
PropVariantCopy
StringFromCLSID
CoInitializeSecurity
CoLockObjectExternal
CoRegisterClassObject
OleCreateEx
CoCreateGuid
CoGetMalloc
OleIsCurrentClipboard
CoRegisterSurrogate

user32

SetScrollInfo
LoadIconA
GetClassInfoA
MessageBoxIndirectW
VkKeyScanExA
LoadBitmapW
IsMenu
DdeReconnect
GetMenuItemInfoA
WindowFromPoint
CharPrevA
OemToCharBuffA
SubtractRect
GetClassInfoW
EnumDesktopsA
DdeCreateDataHandle
DestroyAcceleratorTable
GetMessageTime
IsCharAlphaNumericA
GetMenuInfo
IsCharAlphaA
DrawTextA
GetClassLongW
DlgDirSelectComboBoxExW
GetSystemMenu
GetDlgCtrlID
SetWinEventHook
UnloadKeyboardLayout
CreateAcceleratorTableA
MapVirtualKeyExA
SetWindowsHookA
EditWndProc
BeginPaint
WaitForInputIdle
DdeAbandonTransaction
SetMessageExtraInfo
GetWindowDC
GetUserObjectInformationA
DdeAddData
ShowOwnedPopups
ArrangeIconicWindows
WindowFromDC
SetSysColors
CharPrevExA
GetDlgItemTextA
GetCapture
FreeDDElParam
EndDialog
ReuseDDElParam
DdeConnect
OpenDesktopW
SetDebugErrorLevel
GetMenuItemCount
SendMessageTimeoutA
GetMenuStringA
CreateIconFromResourceEx
GetFocus
BeginDeferWindowPos
IsRectEmpty
SetClassLongW
LoadStringA
SetLastErrorEx
CallMsgFilter
GetMenuBarInfo
CreateIconIndirect
HiliteMenuItem
LoadImageA
EnumChildWindows
MapVirtualKeyW
SetCursor
SetCaretPos
DialogBoxIndirectParamW
EndPaint
SetMessageQueue
EnumDesktopWindows
InSendMessage
LookupIconIdFromDirectoryEx
PostThreadMessageW
KillTimer

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62f161608da836b0a50d6e3207262b0f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

ole32

user32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 4KB