cdeb16114f3a4d45dac59e0f04da7f66f20c6b72da0913edd016dcb3605c75a2

Sharing

Copy URL

Twitter E-mail

General

Target

cdeb16114f3a4d45dac59e0f04da7f66f20c6b72da0913edd016dcb3605c75a2
Size

456KB
MD5

dc62aef74eee052cc0e7cafbc864930b
SHA1

4b4e5aa4a8e2f6eeafcab0dc31221b1266a0d405
SHA256

cdeb16114f3a4d45dac59e0f04da7f66f20c6b72da0913edd016dcb3605c75a2
SHA512

0f190a731fa2145b4d21d8559f130bfe61c5d20a81e5bc9887c1f666d2cb72fd1ee465ffc6348eb34357e806cdabdd35efc28088c442746657c52ea0c71f6dfa
SSDEEP

12288:lhaF1YrW97x6BpKCwX4AAMMWkqTuKQDgZDH7VCZTV6kpWvd70hN2bu3:lhv0tp1yNgZDH7VCtVMd7Bb4

Score

N/A

Malware Config

Signatures

Files

cdeb16114f3a4d45dac59e0f04da7f66f20c6b72da0913edd016dcb3605c75a2
.exe windows x86

e4c9c5d1f702b9bf7f886778ed4a0f8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
WideCharToMultiByte
LocalFree
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcmpiA
FlushInstructionCache
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
CreateFileA
ReadFile
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
DeleteFileA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
FlushFileBuffers
SetFilePointer
WriteFile
SetLastError
TlsAlloc
HeapSize
TerminateProcess
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetVersion
GetCommandLineA
HeapReAlloc
ExitThread
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
HeapFree
RaiseException
RtlUnwind
InterlockedIncrement
MultiByteToWideChar
GetStartupInfoA
FindClose
CreateProcessA
SetErrorMode
GetFileAttributesA
Sleep
ExitProcess
lstrcpyA
CloseHandle
GetCurrentProcessId
GetModuleHandleA
OpenProcess
GetCurrentProcess
LoadLibraryA
GetProcAddress
OutputDebugStringA
WriteProcessMemory
GetLastError
lstrlenA
FindFirstFileA
InterlockedDecrement
InterlockedExchange
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
FindNextFileA
GetEnvironmentStringsW
SetEnvironmentVariableA

user32

SendMessageA
ShowWindow
CreateDialogParamA
CallWindowProcA
GetFocus
DrawFocusRect
CharNextA
CreateWindowExA
DialogBoxParamA
EndPaint
FillRect
BeginPaint
InvalidateRect
PtInRect
SetCursor
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
SetWindowLongA
GetClassNameA
LoadCursorA
GetWindowTextLengthA
GetWindowTextA
IsWindow
GetDC
DrawTextA
OffsetRect
ReleaseDC
DefWindowProcA
SetRectEmpty
SetTimer
EndDialog
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
MessageBoxA
GetSystemMetrics
LoadImageA
GetDlgItem
GetActiveWindow
DestroyWindow
PostQuitMessage
GetDlgItemTextA
IsDialogMessageA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

gdi32

SetBkMode
SetTextColor
DeleteDC
GetObjectA
SelectObject
DeleteObject
CreateFontIndirectA

advapi32

RegCreateKeyExA
LookupPrivilegeValueA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetDesktopFolder
SHGetSpecialFolderPathA
ShellExecuteA
SHGetMalloc

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

StrRetToBufA

comctl32

InitCommonControlsEx

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4c9c5d1f702b9bf7f886778ed4a0f8d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

psapi

Sections

.text Size: 352KB - Virtual size: 349KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 48KB - Virtual size: 52KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 352KB - Virtual size: 349KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 12KB - Virtual size: 8KB