f9e94f8748f77e3371d275cc11d82e39118daa262865dd7111374d84af0f9bfb

Sharing

Copy URL Twitter E-mail

General

Target

f9e94f8748f77e3371d275cc11d82e39118daa262865dd7111374d84af0f9bfb
Size

947KB
MD5

e5d369daf0f7bc3f8dd56a9aec9ebb31
SHA1

c3f66e79887a349bb870fb0785b9bf2a63c05e9d
SHA256

f9e94f8748f77e3371d275cc11d82e39118daa262865dd7111374d84af0f9bfb
SHA512

e62cdb6817fd610f0041d3a161ccfc609f71f93317872a67e344e1927d313d60978abd3b29cf3886bc5966ae5ef52e3ab0b6352ca42dd5565b389df0d2e512e9
SSDEEP

12288:A+jncoGfmpVFJyX5nRkfLbbj4YI/XPDGPh656n3xixpU4izfcjdKHUEGvI6FVClf:A+jnR3SLkfLb4YePDGJ73QQyCl2K7

Score

N/A

Malware Config

Signatures

Files

f9e94f8748f77e3371d275cc11d82e39118daa262865dd7111374d84af0f9bfb
.dll windows x86

1bb672ffc4c634f1c852ac192bf09fcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
LockResource
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
CreateProcessW
GetModuleHandleW
FreeLibrary
InterlockedIncrement
lstrcmpiW
LoadLibraryExW
CreateFileW
GetFileSize
GetLastError
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
MultiByteToWideChar
HeapSize
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
HeapFree
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
ReadFile
SizeofResource
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
WideCharToMultiByte
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateThread
ExitThread
FreeLibraryAndExitThread
GetACP
GetStdHandle
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority

user32

MessageBoxW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
GetMessageW
DefWindowProcW
wsprintfW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
PathRemoveFileSpecW
PathAppendW

comctl32

InitCommonControlsEx

Exports

Exports

ISTGetInstallPath
ISTGetInstallPathEx
ISTInstallInit
ISTProcessExisted
ISTSetCustomData
ISTSetFileName
ISTSetInstallDir
ISTSetProcessCheck
ISTSetProgress
ISTSetStatus
ISTShowMessage
ISTShowShell
ISTWaitCompleted
ISTWaitUserAction

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bb672ffc4c634f1c852ac192bf09fcd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 9KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 474KB - Virtual size: 473KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 9KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 474KB - Virtual size: 473KB

.reloc
Size: 18KB - Virtual size: 18KB