0404a01b68cd70134f67ba6290ac7a6e3e319c9137e43a6a793b3bff966f9b5b

Sharing

Copy URL Twitter E-mail

General

Target

0404a01b68cd70134f67ba6290ac7a6e3e319c9137e43a6a793b3bff966f9b5b
Size

1.8MB
MD5

f9f95d6983ba99d100362db1a8caed75
SHA1

83d8b3e718a1da84fc6f855c498a29ba137b2e91
SHA256

0404a01b68cd70134f67ba6290ac7a6e3e319c9137e43a6a793b3bff966f9b5b
SHA512

ff542ca5603d4b7af249e2684de8e3b9f776105598c9c9b09b1ff2d2fb81bb535db1375141710ca681dfa3c8a818a1428de71d3f172ff4d69988522b12038719
SSDEEP

24576:VLb3ZEa5oU+JLJDbHuMqpJE6EapHKyjVWjKfuIywPCKAGFcl3Vw58mexerZvB37x:VLtE/tb+pJPpKOfu8KKcw5peohun2

Score

N/A

Malware Config

Signatures

Files

0404a01b68cd70134f67ba6290ac7a6e3e319c9137e43a6a793b3bff966f9b5b
.exe windows x86

531905a6b8e46d3964703f311d6b11ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

listen
getsockopt
send
gethostbyname
gethostbyaddr
closesocket
__WSAFDIsSet
socket
bind
recv
WSACleanup
sendto
setsockopt
htons
WSAGetLastError
select
ioctlsocket
recvfrom
WSAStartup
inet_addr
connect
inet_ntoa
accept

kernel32

FindResourceW
FreeLibrary
LoadResource
CreateProcessW
HeapAlloc
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
HeapFree
CreateDirectoryW
GlobalLock
WaitForSingleObject
GetModuleHandleW
GetTickCount
GetProcessHeap
GetPrivateProfileStringW
WriteFile
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
InitializeCriticalSectionAndSpinCount
Sleep
CopyFileW
SizeofResource
LeaveCriticalSection
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
GlobalUnlock
RaiseException
CreateDirectoryA
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
GetPrivateProfileStringA
Process32FirstW
WritePrivateProfileStringA
DeviceIoControl
GetModuleFileNameA
Process32NextW
lstrcmpiW
lstrcatW
CreateToolhelp32Snapshot
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
lstrcpyW
SetFileAttributesW
DeleteFileA
CreateThread
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
IsProcessorFeaturePresent
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetEnvironmentVariableA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapCreate
ExitProcess
CreateFileA
SetFilePointer

user32

SetForegroundWindow
LoadCursorW
GetClientRect
BeginPaint
wsprintfW
GetDC
TranslateMessage
RegisterClassExW
KillTimer
PostMessageW
LoadImageW
LoadIconW
InvalidateRect
GetWindowLongW
AppendMenuW
ReleaseDC
SetWindowLongW
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
FillRect
TrackPopupMenu
CharNextW
PostQuitMessage
GetMessageW
GetWindowRect
SetTimer
UnregisterClassA
DrawTextW
EndPaint
DestroyWindow
FindWindowExW
CreateWindowExW
MessageBoxW
GetSystemMetrics
SendMessageW
UpdateWindow
DestroyMenu
CallWindowProcW
DefWindowProcW
DispatchMessageW
FindWindowW

gdi32

FillRgn
GetStockObject
SetTextColor
SetBkMode
SelectClipRgn
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
Shell_NotifyIconW

ole32

CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathStripPathW
PathFileExistsW
PathRemoveFileSpecW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipFree
GdipLoadImageFromStream

ws2_32

WSASocketW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

msvcrt

__dllonexit

psapi

GetMappedFileNameW

Sections

.text
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

531905a6b8e46d3964703f311d6b11ee

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

wininet

msvcrt

psapi

Sections

.text Size: 740KB - Virtual size: 740KB

.sedata Size: 1.0MB - Virtual size: 1.0MB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 23KB - Virtual size: 24KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 740KB - Virtual size: 740KB

.sedata
Size: 1.0MB - Virtual size: 1.0MB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 23KB - Virtual size: 24KB

.sedata
Size: 4KB - Virtual size: 4KB