c75ea7edf9bd727b0b33c587d89585a28bf633b97455e7670e1dbd0d4cd8837a

Sharing

Copy URL Twitter E-mail

General

Target

c75ea7edf9bd727b0b33c587d89585a28bf633b97455e7670e1dbd0d4cd8837a
Size

133KB
MD5

4308813d221bbe5ca547a52c0d9b88ab
SHA1

6cbe4540939d833298e1f1f6ecfa154f61c53af8
SHA256

c75ea7edf9bd727b0b33c587d89585a28bf633b97455e7670e1dbd0d4cd8837a
SHA512

79fe3fe1a64a91790c5e453b5c7f50eddf32f0ab14492d18f8caf042bb594b32d003b7a888845d716a8f31f99e85b10e946b09557efa85aabe004d0c76087d62
SSDEEP

3072:BsUqeDPqlidKJKJInWGvUAWBfOh02qJVz/iqVR60BO5ZoEHbKk0QQaIY6K:BPqeDPb6LWGvUAWBfKqJVz/iqVR6vZou

Score

N/A

Malware Config

Signatures

Files

c75ea7edf9bd727b0b33c587d89585a28bf633b97455e7670e1dbd0d4cd8837a
.exe windows x86

a2a4e85817449f29a1e78b5f72a8012b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
CreateEventW
WaitForMultipleObjects
MoveFileExW
GetTickCount
GetModuleFileNameW
GetUserDefaultUILanguage
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
Process32NextW
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetThreadContext
SetThreadContext
GlobalLock
GlobalUnlock
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetProcessId
Process32FirstW
TerminateThread
VirtualFreeEx
OpenProcess
CreateRemoteThread
CreateProcessW
SetThreadPriority
GetCurrentThread
GetLocalTime
LocalFree
GetTimeZoneInformation
GetVersionExW
CloseHandle
GetSystemTime
CreateThread
WaitForSingleObject
GetModuleHandleW
GetPrivateProfileStringW
WriteFile
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetPrivateProfileIntW
GetProcAddress
GetNativeSystemInfo
WriteProcessMemory
LoadLibraryA
ResetEvent
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLogicalDrives
GetDriveTypeW
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
Sleep
LoadLibraryW
SetEvent
CreateDirectoryW
FreeLibrary
ExitProcess
GetFileAttributesExW
lstrcmpiW
InitializeCriticalSection

user32

MsgWaitForMultipleObjects
GetClipboardData
TranslateMessage
CharLowerBuffA
GetCursorPos
GetIconInfo
CharLowerA
DrawIcon
ToUnicode
GetKeyboardState
CharLowerW
LoadImageW
CharToOemW
ExitWindowsEx
DispatchMessageW
CharUpperW
PeekMessageW

advapi32

ConvertSidToStringSidW
InitiateSystemShutdownExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsWellKnownSid
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
GetLengthSid
EqualSid

shlwapi

PathRenameExtensionW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
StrStrIW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
StrStrIA
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathRemoveBackslashW
PathQuoteSpacesW
PathIsURLW
StrCmpNIW
PathRemoveFileSpecW
PathSkipRootW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

listen
WSASetLastError
freeaddrinfo
socket
bind
setsockopt
recv
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
getsockname
accept
getpeername
WSASend
closesocket
send
WSAEventSelect

crypt32

CertOpenSystemStoreW
PFXExportCertStoreEx
PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2a4e85817449f29a1e78b5f72a8012b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB