10d5b73f0e21129d5826e589966abca42d87057c0a16ae2ba47459ba1155a907

Sharing

Copy URL Twitter E-mail

General

Target

10d5b73f0e21129d5826e589966abca42d87057c0a16ae2ba47459ba1155a907
Size

138KB
MD5

d99cb7fece77d1eaa017922e0f8f9725
SHA1

0d485b2abf34d7e529bf3bb867a446cc3dab68b3
SHA256

10d5b73f0e21129d5826e589966abca42d87057c0a16ae2ba47459ba1155a907
SHA512

35399c076b3d9f64d467f223da2bc3febf8f66709f883e61455b3084f4b9bfd8cf79d84f992815dc6d465752121df231d515c416f0bcff761c388dc3a0cba6cb
SSDEEP

3072:oImTCrvrtq9a7W+XkSmdocS+2d59q/B05+mVlNjDtYt1mTcB499CjrtpVCpL3uap:oImmlq9JSMoR+8u/OQmsHnTV6ujQ7

Score

N/A

Malware Config

Signatures

Files

10d5b73f0e21129d5826e589966abca42d87057c0a16ae2ba47459ba1155a907
.exe windows x86

0e26e8f92406b8a98164e412e8d114ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetTickCount
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetSystemTime
SetLastError
FindFirstFileW
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
WTSGetActiveConsoleSessionId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetCurrentThreadId
TlsAlloc
TlsFree
GlobalLock
GlobalUnlock
GetNativeSystemInfo
MoveFileExW
GetUserDefaultUILanguage
GetLocalTime
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryW
CreateToolhelp32Snapshot
Process32NextW
SetThreadPriority
GetCurrentThread
Process32FirstW
OpenProcess
CreateRemoteThread
lstrcmpiA
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
WriteFile
GetPrivateProfileStringW
ResetEvent
TerminateProcess
TlsSetValue
TlsGetValue
VirtualProtectEx
CreateThread
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetVersionExW
Sleep
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetCommandLineW
ExitProcess
lstrcmpiW
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetLastError
GetThreadContext

user32

SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
CallWindowProcA
EndMenu
CallWindowProcW
DefFrameProcW
GetWindowThreadProcessId
TrackPopupMenuEx
GetShellWindow
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetClipboardData
GetWindowLongW
CharLowerA
PeekMessageW
CharUpperW
MapVirtualKeyW
GetWindowRect
SetCursorPos
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
GetSystemMetrics
CharLowerW
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetKeyboardState
ToUnicode
GetMessageA
SetCapture
PeekMessageA
ReleaseCapture
RegisterClassExW
GetMessagePos
GetCapture
RegisterClassA
RegisterClassExA
GetMenuItemRect
GetThreadDesktop
GetMenuItemID
GetCursorPos
GetIconInfo
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
CharLowerBuffA
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
GetMenu
TranslateMessage
DrawIcon
ExitWindowsEx
IsRectEmpty
DefWindowProcW
SendMessageW
PrintWindow
EqualRect
PostThreadMessageW
ReleaseDC
RegisterWindowMessageW

advapi32

IsWellKnownSid
GetLengthSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
EqualSid
ConvertSidToStringSidW
InitiateSystemShutdownExW

shlwapi

StrStrIA
PathRemoveBackslashW
PathIsURLW
StrCmpNIW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
PathRemoveFileSpecW
PathQuoteSpacesW
PathRenameExtensionW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

CreateCompatibleBitmap
GetDIBits
CreateDIBSection
SetViewportOrgEx
DeleteDC
GdiFlush
DeleteObject
SelectObject
SetRectRgn
CreateCompatibleDC
GetDeviceCaps
RestoreDC
SaveDC

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
getsockname
WSAEventSelect
WSASend
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
closesocket
send
listen
accept
WSAGetLastError

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e26e8f92406b8a98164e412e8d114ef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB