f8d07c10646414fadba8156015b1be2ab1b6c6d40f783fb7de1c53a69d129a99

Sharing

Copy URL Twitter E-mail

General

Target

f8d07c10646414fadba8156015b1be2ab1b6c6d40f783fb7de1c53a69d129a99
Size

107KB
MD5

fb6eeacf29e91016faa1779f5d2b2e3e
SHA1

224f868a3cb7d88e314d97dca197cb87a452ccc6
SHA256

f8d07c10646414fadba8156015b1be2ab1b6c6d40f783fb7de1c53a69d129a99
SHA512

7a17464763e16c2b34ac8c4b8283eaac81b2c5d66df1a6c9b4ae72a88bd2a967404b32fa9ef4f3d1f9b07b1a76955406fcbf3a9b417023f0c451bf5e5fef9aa1
SSDEEP

3072:6irntqn3Yu+WVlhFj/V1dALmgTdRQME6X:brnMYudVlhbomgDQMEe

Score

N/A

Malware Config

Signatures

Files

f8d07c10646414fadba8156015b1be2ab1b6c6d40f783fb7de1c53a69d129a99
.exe windows x86

7fe05f9452804bca9029f95b5502a638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetTickCount
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
LoadLibraryW
ReadProcessMemory
HeapDestroy
HeapCreate
GetFileAttributesW
Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
FreeLibrary
SetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
GlobalLock
GlobalUnlock
ResetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
GetThreadContext
SetThreadContext
GetProcessId
GetNativeSystemInfo
MoveFileExW
GetUserDefaultUILanguage
CreateRemoteThread
OpenProcess
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
WriteProcessMemory
VirtualFreeEx
Process32FirstW
LocalFree
GetLastError
GetCurrentProcessId
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentThread
Sleep
SetThreadPriority
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetSystemTime
CreateThread
DuplicateHandle
OpenEventW
GetFileAttributesExW
lstrcmpiW
GetProcAddress
GetModuleFileNameW
GetVersionExW
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
WaitForMultipleObjects
CreateEventW
WaitForSingleObject

user32

MsgWaitForMultipleObjects
LoadImageW
ExitWindowsEx
DispatchMessageW
GetClipboardData
ToUnicode
GetKeyboardState
GetCursorPos
CharToOemW
TranslateMessage
GetIconInfo
DrawIcon
CharLowerBuffA
CharLowerW
CharUpperW
PeekMessageW
CharLowerA

advapi32

IsWellKnownSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
ConvertSidToStringSidW
InitiateSystemShutdownExW
EqualSid
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
GetLengthSid

shlwapi

PathRemoveBackslashW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
PathRenameExtensionW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
StrStrIW
StrCmpNIA
wvnsprintfA
StrCmpNIW
PathIsURLW
PathMatchSpecW
PathRemoveFileSpecW
StrStrIA
PathQuoteSpacesW
SHDeleteValueW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
shutdown
setsockopt
recvfrom
sendto
getpeername
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
closesocket
listen
WSAEventSelect
getsockname
accept
send

crypt32

CertCloseStore
PFXExportCertStoreEx
PFXImportCertStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fe05f9452804bca9029f95b5502a638

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 100KB - Virtual size: 100KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB