b6113f1b798ef2061d16d56909de2f304eb1b527cdef9845ba58908fb4e6163d

Sharing

Copy URL Twitter E-mail

General

Target

b6113f1b798ef2061d16d56909de2f304eb1b527cdef9845ba58908fb4e6163d
Size

194KB
MD5

aa9dfcfe320693006aaff246982cb426
SHA1

2dfd13b862b188c4e67762d84f1182d193867b5a
SHA256

b6113f1b798ef2061d16d56909de2f304eb1b527cdef9845ba58908fb4e6163d
SHA512

be2ea84cb38685b044804956410e0be0a7e2828233ecb69c43977012e97c301871b87c2f6f5e2291878682808c8f211b4cf3f67a02aaaaabbba1bff893c02093
SSDEEP

3072:OqVmTxZJMuHMsTPjceV4wjdQTBfRGn8q6kmsFfwtL:tVaX7HceVRjdQTBJGnT6kmYM

Score

N/A

Malware Config

Signatures

Files

b6113f1b798ef2061d16d56909de2f304eb1b527cdef9845ba58908fb4e6163d
.exe windows x86

1dcba43e93ac47a954a71a4358a2b55d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenSystemStoreA
CertEnumCertificatesInStore
CertNameToStrA
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore

ntdll

NtDuplicateObject
sscanf
NtReadVirtualMemory
strtoul
sprintf
RtlAdjustPrivilege
strncmp
NtQueryObject
atoi
NtQueryInformationProcess
NtProtectVirtualMemory
NtWriteVirtualMemory
wcscpy
_itoa
_chkstk
NtQueryInformationThread
NtClose
memcmp
wcslen
_strlwr
_strcmpi
strcmp
RtlCompareUnicodeString
_vsnprintf
_snprintf
strcat
strcpy
memset
isalnum
RtlRandom
strlen
memcpy
strstr
NtQuerySystemInformation
_allmul

wininet

FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetSetStatusCallback
InternetQueryOptionA
FindCloseUrlCache

shlwapi

SHDeleteValueA
StrStrA
PathCombineA
StrStrIA
SHRegSetUSValueA
StrCmpNIA
StrStrW
SHGetValueA

wtsapi32

WTSFreeMemory

kernel32

SystemTimeToFileTime
DuplicateHandle
CloseHandle
HeapFree
HeapValidate
HeapAlloc
GetProcessHeap
GetTickCount
lstrcatA
DeleteFileA
GetLastError
GetLocalTime
TerminateThread
WriteFile
WaitNamedPipeA
CreateFileA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
DisconnectNamedPipe
FlushFileBuffers
ReadFile
IsBadReadPtr
OutputDebugStringA
GetCurrentThreadId
CreateThread
Sleep
GetModuleFileNameA
CreateMutexA
SetLastError
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetModuleHandleA
InitializeCriticalSection
FileTimeToSystemTime
ConnectNamedPipe
CreateNamedPipeA
GetExitCodeThread
WaitForSingleObject
ExitProcess
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExA
HeapReAlloc
FreeLibrary
MultiByteToWideChar
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
FlushInstructionCache
WideCharToMultiByte
OpenProcess
IsBadWritePtr
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetComputerNameA
lstrcmpA
GetWindowsDirectoryA
TerminateProcess
CreateProcessA
GetSystemDirectoryA
OpenMutexA
SetThreadPriority
GetThreadPriority
RemoveDirectoryA
MoveFileExA
GetTempFileNameA
GetTempPathA
ExitThread
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
CreateRemoteThread
SetFilePointer
SetEvent
lstrlenA
CreateEventA
lstrlenW
SetNamedPipeHandleState
WaitNamedPipeW
CreateFileW
lstrcatW
lstrcpyW
SetFileAttributesA
VirtualAlloc
VirtualProtect
VirtualFree
lstrcpyA
LocalFileTimeToFileTime
CreateDirectoryA
CreateDirectoryW
GetCurrentDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileTime
GetCurrentProcessId

user32

DrawIcon
GetKeyboardState
GetIconInfo
wsprintfA
GetDesktopWindow
LoadCursorA
ReleaseDC
GetCursorPos
GetWindowRect
GetWindowDC
EnumWindows
CallWindowProcA
CharLowerA
GetWindowThreadProcessId
SetWindowLongA
ToUnicode
GetWindowLongA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegOpenKeyExA
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExA
GetUserNameA

shell32

SHGetFolderPathA

ole32

CreateStreamOnHGlobal

ws2_32

inet_addr
getpeername
ntohs
WSAGetLastError
inet_ntoa
htons

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dcba43e93ac47a954a71a4358a2b55d

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ntdll

wininet

shlwapi

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 109KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 109KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 7KB - Virtual size: 7KB