94cfb3448339cd0135acc69038a2b1a946bf8c702c3d16f6baf4cf8a8c2734dd

Sharing

Copy URL

Twitter E-mail

General

Target

94cfb3448339cd0135acc69038a2b1a946bf8c702c3d16f6baf4cf8a8c2734dd
Size

400KB
MD5

a8c527a99a493771848efbfca3f25307
SHA1

e8eaf49bafd9aba3e50baca218e44a61b5b9f1c5
SHA256

94cfb3448339cd0135acc69038a2b1a946bf8c702c3d16f6baf4cf8a8c2734dd
SHA512

a62c77b11104dd154b0ccdfffca8dbc17745f88609ee36ec3d761be2f17aae85a8e2f73fc6d4893309b811ff3aa824b8955eb3107cfaa632ee676fd594a5e3db
SSDEEP

12288:nVcU/JsMaKMIYjXPteh4UHGH1vmlVzDxF:nVcU/JBDMtPUh4dvmlVzDx

Score

N/A

Malware Config

Signatures

Files

94cfb3448339cd0135acc69038a2b1a946bf8c702c3d16f6baf4cf8a8c2734dd
.exe windows x86

42e7350888fcb87a79d9f94791ca9851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
GetSystemDirectoryW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
SetFileAttributesW
GetFileAttributesW
GetVersionExW
TerminateProcess
OpenProcess
GetFileSize
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
SetEvent
GetCurrentProcess
GetProcAddress
GetModuleHandleW
ProcessIdToSessionId
GetCurrentProcessId
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
SetFileTime
CreateMutexW
OpenFileMappingW
lstrlenA
OpenEventW
GetSystemInfo
GetExitCodeProcess
ResetEvent
HeapReAlloc
SetConsoleCtrlHandler
MoveFileW
GetTempFileNameW
CopyFileA
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
ReadDirectoryChangesW
DeleteCriticalSection
CreateThread
InitializeCriticalSection
LoadResource
FileTimeToLocalFileTime
GetFileInformationByHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetWindowsDirectoryW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
LockResource
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
SetEndOfFile
GetCurrentThreadId
QueryPerformanceCounter
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetLocaleInfoA
GetStringTypeW
CopyFileW
GetTickCount
ReleaseMutex
InterlockedDecrement
Sleep
CreateEventW
GetLastError
LoadLibraryW
SetLastError
FindResourceW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
VirtualAlloc
VirtualProtect
SetUnhandledExceptionFilter
WriteConsoleA
HeapSize
VirtualQuery
InterlockedExchange
ExitProcess
GetTimeZoneInformation
FreeLibrary
lstrcmpW
WideCharToMultiByte
lstrcatW
lstrcpyW
GetEnvironmentVariableW
SetFilePointer
GetTempPathW
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
lstrcmpiW
HeapFree
DeleteFileW
WritePrivateProfileStringW
WriteFile
GetProcessHeap
HeapAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
MultiByteToWideChar
CreateFileW
ReadFile
CloseHandle
OutputDebugStringW
lstrlenW
FileTimeToDosDateTime
OutputDebugStringA
LCMapStringW
LCMapStringA
GetVersionExA
GetModuleHandleA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
LoadLibraryA

user32

DdeGetLastError
GetProcessWindowStation
DdeFreeStringHandle
DdeDisconnect
DdeConnect
DdeCreateStringHandleW
GetUserObjectInformationW
DdeCreateDataHandle
DdeClientTransaction
wsprintfW
BringWindowToTop
SetForegroundWindow
EnumWindows
IsWindowVisible
DdeUninitialize
GetDesktopWindow
DdeInitializeW
CharLowerBuffW
MessageBoxW
GetSystemMetrics
GetWindowLongW
GetWindow

gdi32

StartDocW
DeleteDC
StartPage
TextOutW
SetTextColor
Rectangle
EndPage
EndDoc
CreateDCW

winspool.drv

AddFormW
DeleteFormW
OpenPrinterW
EnumFormsW
ClosePrinter
ord203
EnumPrintersW
DeleteMonitorW
EnumPortsW
GetPrinterDriverDirectoryW
DeletePrinterDriverW
AddPrinterW
DeletePrinter
EnumPrinterDriversW
SetPrinterDataW
GetPrinterDriverW
GetJobW
SetPrinterW
DeviceCapabilitiesW
AddPrinterDriverExW
ord204
EnumMonitorsW
GetPrinterW

advapi32

RegDeleteValueW
RegSetValueExW
OpenProcessToken
GetTokenInformation
EqualSid
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameW
OpenThreadToken
ControlService
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetTokenInformation

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CLSIDFromProgID
OleRun
CoInitialize
CoCreateInstance

oleaut32

SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
SysFreeString
SysAllocString
VariantClear
CreateErrorInfo

shlwapi

PathRemoveBlanksW
PathAddExtensionW
PathMatchSpecW
StrStrIW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
PathRemoveBlanksA
PathFindFileNameW
PathRemoveExtensionW
PathUnquoteSpacesW
PathIsFileSpecW
PathAddBackslashW
PathRemoveFileSpecW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDefaultQueueCallbackW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupSetDirectoryIdW
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupOpenAppendInfFileW
SetupOpenInfFileW

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0e3c
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1oqp
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.15as
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a9as
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.klkl
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.psi
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.teta
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ks1
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1231
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1237
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zetaa
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zeta0
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tetaX
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42e7350888fcb87a79d9f94791ca9851

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

version

setupapi

urlmon

wininet

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 1KB

.0e3c Size: 512B - Virtual size: 200B

.1oqp Size: 512B - Virtual size: 200B

.15as Size: 512B - Virtual size: 200B

.a9as Size: 512B - Virtual size: 200B

.klkl Size: 512B - Virtual size: 200B

.psi Size: 512B - Virtual size: 200B

.teta Size: 512B - Virtual size: 200B

.ks1 Size: 512B - Virtual size: 200B

.1231 Size: 512B - Virtual size: 200B

.1237 Size: 512B - Virtual size: 200B

.zetaa Size: 357KB - Virtual size: 356KB

.zeta0 Size: 512B - Virtual size: 212B

.tetaX Size: 512B - Virtual size: 202B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 210B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 1KB

.0e3c
Size: 512B - Virtual size: 200B

.1oqp
Size: 512B - Virtual size: 200B

.15as
Size: 512B - Virtual size: 200B

.a9as
Size: 512B - Virtual size: 200B

.klkl
Size: 512B - Virtual size: 200B

.psi
Size: 512B - Virtual size: 200B

.teta
Size: 512B - Virtual size: 200B

.ks1
Size: 512B - Virtual size: 200B

.1231
Size: 512B - Virtual size: 200B

.1237
Size: 512B - Virtual size: 200B

.zetaa
Size: 357KB - Virtual size: 356KB

.zeta0
Size: 512B - Virtual size: 212B

.tetaX
Size: 512B - Virtual size: 202B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 210B