763225adfc440ff496e5fb3ddfadf95057f1a20b9cd29fbefb2d72b5ab44b3fc

Sharing

Copy URL

Twitter E-mail

General

Target

763225adfc440ff496e5fb3ddfadf95057f1a20b9cd29fbefb2d72b5ab44b3fc
Size

221KB
MD5

0b8e611a5d9820e5709dabac3728afc0
SHA1

af8a4552eb2c1accc38b2c3953b1e9b32f64527a
SHA256

763225adfc440ff496e5fb3ddfadf95057f1a20b9cd29fbefb2d72b5ab44b3fc
SHA512

c4627ffab3314c3d26a5467f197a8762c91305d1abc1fdd89f8153fa57a0f3f4e88d05c6f7b5211152732bb5da08649912fc564e0513d8d363c543b549040459
SSDEEP

6144:w0i0DhlSlqqDLPyO06ODvcDjoG1oPKajg3GqVmnO76kL:w0i0DhlBqnGcDjoGyPKaE3Dd7XL

Score

N/A

Malware Config

Signatures

Files

763225adfc440ff496e5fb3ddfadf95057f1a20b9cd29fbefb2d72b5ab44b3fc
.exe windows x86

cbd5f9d3d5116a19f639b439cc5737cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Process32FirstW
RemoveDirectoryW
QueryDosDeviceW
Process32NextW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
SetThreadPriority
lstrcmpiA
SetHandleInformation
CreatePipe
SetEvent
OpenEventW
GetCurrentThreadId
TlsSetValue
TerminateProcess
ResetEvent
FindClose
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetNativeSystemInfo
GetVersionExW
WTSGetActiveConsoleSessionId
GlobalLock
GlobalUnlock
MoveFileExW
GetCommandLineW
SetErrorMode
GetComputerNameW
DuplicateHandle
GetCurrentProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateRemoteThread
GetModuleHandleA
GetUserDefaultUILanguage
GetFileAttributesW
lstrcpynW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
WideCharToMultiByte
Thread32First
VirtualAllocEx
VirtualProtectEx
SetLastError
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
FlushFileBuffers
lstrlenW
MultiByteToWideChar
CreateFileW
GetTimeZoneInformation
ReadFile
MapViewOfFile
Thread32Next
OpenProcess
WriteFile
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetCurrentThread
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
WaitForSingleObject
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
lstrcmpiW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetThreadContext
ExitProcess
CloseHandle
WaitForMultipleObjects
CreateEventW
GetLocalTime
ExitThread
GetTickCount
TlsGetValue

user32

CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
CharLowerBuffA
GetTopWindow
LoadImageW
WindowFromPoint
IsRectEmpty
CharToOemW
GetWindowLongW
CharLowerA
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
GetMenuState
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
SetCapture
SendMessageW
PrintWindow
EqualRect
PostThreadMessageW
IntersectRect
DrawEdge
GetWindowInfo
PostMessageW
GetSystemMetrics
MessageBoxA
GetKeyboardLayoutList
MapVirtualKeyW
GetKeyboardState
ToUnicode
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
ExitWindowsEx
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenuItemRect
GetMenu
TrackPopupMenuEx
SystemParametersInfoW
CharLowerW
GetClassNameW
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetMenuItemCount
HiliteMenuItem
EndMenu
GetWindowThreadProcessId
GetShellWindow
DrawIcon
BeginPaint
GetUpdateRect
GetDC
GetCapture
TranslateMessage
RegisterClassExW
SetCursorPos
GetClipboardData
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
GetIconInfo
EndPaint
FillRect
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMessagePos
DefFrameProcW
RegisterClassA
MsgWaitForMultipleObjects

advapi32

CreateProcessAsUserA
CreateProcessAsUserW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RegOpenKeyExW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
RegCreateKeyW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityInfo
ConvertSidToStringSidW
InitiateSystemShutdownExW
EqualSid
RegDeleteValueW
RegEnumValueW
IsWellKnownSid
GetLengthSid
RegEnumKeyExW

shlwapi

PathMatchSpecW
StrStrIW
StrStrIA
PathQuoteSpacesW
PathRenameExtensionW
StrCmpNIW
PathIsURLW
wvnsprintfA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
SelectObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap

ws2_32

send
gethostbyname
closesocket
WSASend
getaddrinfo
listen
WSASetLastError
freeaddrinfo
inet_addr
getpeername
recvfrom
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAEventSelect
getsockname
accept
bind
recv
sendto
setsockopt
shutdown
WSAGetLastError
select
socket

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore

wininet

HttpSendRequestW
HttpOpenRequestA
HttpOpenRequestW
InternetSetFilePointer
HttpSendRequestA
InternetSetStatusCallbackA
HttpAddRequestHeadersA
InternetGetCookieA
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetOpenA
HttpAddRequestHeadersW
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpEndRequestW
InternetReadFile
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFileExA
HttpEndRequestA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd5f9d3d5116a19f639b439cc5737cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 208KB - Virtual size: 207KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 208KB - Virtual size: 207KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB