e48ce8636e94e50d0e43557301bfb40699d03852dbb47135044669a0e7ba91f4

Sharing

Copy URL Twitter E-mail

General

Target

e48ce8636e94e50d0e43557301bfb40699d03852dbb47135044669a0e7ba91f4
Size

869KB
MD5

239cb147030b5f353861da3bf36f1adf
SHA1

9b4dc98876d49431d224742114c0cf4fedd0b81b
SHA256

e48ce8636e94e50d0e43557301bfb40699d03852dbb47135044669a0e7ba91f4
SHA512

4fbf0ff3b7e7d6ec14318464fa702c4c495d7b3f44193118459c24b3dc8489a3fce42e4678de9ec872b8d75fcd478d84eb436ecaf3d8c05a13f8a4b9ca077293
SSDEEP

12288:6SDIObq7oDHtJM3Z5MQDfGIkQCgmPHOiik3QohnDAg3y6G4ez1p2WcX3MdxjGMC:PTq7+MVOQCgsHE/KAg3yCez1wMre

Score

N/A

Malware Config

Signatures

Files

e48ce8636e94e50d0e43557301bfb40699d03852dbb47135044669a0e7ba91f4
.exe windows x86

65465c23fc1a92f6fa7f0893a72fa93d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHRegCreateUSKeyW
PathGetCharTypeW
StrRStrIW
StrRetToBufA
AssocQueryStringByKeyA
StrToIntExW
SHCreateShellPalette
PathCompactPathA
PathAddExtensionA
SHRegWriteUSValueW
PathAppendW
SHLoadIndirectString
SHRegEnumUSKeyW
PathUnquoteSpacesA
SHSetValueA
SHRegQueryUSValueW
SHCopyKeyA
PathUnmakeSystemFolderW
SHRegDuplicateHKey
PathRemoveFileSpecW
PathFileExistsA
UrlApplySchemeA
PathIsSystemFolderW
PathQuoteSpacesA
PathIsUNCServerA
StrTrimA
wvnsprintfA
PathMakePrettyA
wnsprintfA
SHDeleteEmptyKeyW
PathQuoteSpacesW
PathBuildRootA

kernel32

GetCommandLineW
VirtualAlloc
FindFirstVolumeA
GetModuleHandleExA
SetTapeParameters
HeapQueryInformation
IsBadWritePtr
GetMailslotInfo
SetCurrentDirectoryW
LoadLibraryExA
FindVolumeClose
GetCurrentThread
GetVersion
CreateSemaphoreW
GetFullPathNameA
GetVolumeInformationA
ReadConsoleOutputCharacterA
GetSystemDirectoryW
DisconnectNamedPipe
MapUserPhysicalPagesScatter
GetThreadSelectorEntry
QueueUserAPC
EnumResourceNamesW
SetMailslotInfo
SetHandleContext
GetDateFormatA
TransmitCommChar
SetUnhandledExceptionFilter
LoadLibraryA
BaseInitAppcompatCacheSupport
GetVolumePathNamesForVolumeNameA
OpenEventA
GlobalFree
LZStart
Module32FirstW
GetTimeFormatW
VerSetConditionMask
SetFilePointer
LoadModule
WriteProcessMemory
GetCommTimeouts
Thread32Next
VerLanguageNameA
LocalAlloc
SetFirmwareEnvironmentVariableA
ConvertThreadToFiber
OpenMutexA
CreateTimerQueueTimer
QueryPerformanceCounter
VerifyVersionInfoA
RegisterWowBaseHandlers
GetTempPathA
CopyFileExA
CloseHandle
SetConsoleDisplayMode
GetShortPathNameA
EnumLanguageGroupLocalesA
GetEnvironmentStringsW
SetFirmwareEnvironmentVariableW
GetFileTime
FindFirstFileW
GetACP
BeginUpdateResourceW
RegisterWaitForSingleObjectEx
GetSystemTimeAdjustment
SetVolumeLabelW
SetThreadLocale
GlobalFlags
SetCommBreak
SetProcessShutdownParameters
GetConsoleCommandHistoryW
GetQueuedCompletionStatus
CreateProcessInternalW
SleepEx
GetSystemPowerStatus
SetFileApisToANSI
TryEnterCriticalSection
GetSystemTime
GlobalDeleteAtom
FreeLibraryAndExitThread

rasman

RasFindPrerequisiteEntry
RasGetConnectionParams
RasRpcGetUserPreferences
RasGetDeviceName
RasGetBuffer
RasGetDevConfigEx
RasRefConnection
RasSecurityDialogSend
RasPortFree
RasSetKey
RasAddConnectionPort
RasRequestNotification
RasGetDeviceConfigInfo
RasGetUnicodeDeviceName
RasPortGetInfo
RasDoIke
RasRpcSetUserPreferences
RasGetHportFromConnection
RasPortSetProtocolCompression
RasDeviceGetInfo
RasDeviceSetInfo
RasPortGetBundle
RasRpcRemoteGetSystemDirectory
RasConnectionGetStatistics
RasCreateConnection
RasPortGetProtocolCompression
RasSetCachedCredentials
RasPortReserve
RasPortCancelReceive

user32

GetComboBoxInfo
LoadBitmapA
IsClipboardFormatAvailable
RegisterRawInputDevices
VkKeyScanA
GetClassWord
CreateIconFromResourceEx
DdeCreateStringHandleA
CharPrevA
EnumDisplaySettingsExA
GetKeyState
GetWindowModuleFileNameA
GetWindowTextW
EnterReaderModeHelper
IsCharLowerW
TranslateAcceleratorA
TileWindows
IsWindow
DdeSetUserHandle
EnumWindowStationsA
GetAltTabInfoA
SetUserObjectSecurity
CallWindowProcA
CliImmSetHotKey
RegisterClassExW
GetMenuStringW
InvertRect
PeekMessageW
GetProcessDefaultLayout
DrawMenuBar
InsertMenuItemA
DrawStateW
CharUpperBuffW
DrawAnimatedRects
GetMessagePos
CharUpperW
wvsprintfW
CharNextA
SendDlgItemMessageA
MessageBoxIndirectA
DefWindowProcA

msoert2

CryptFreeFunc
fGetBrowserUrlEncoding
HrGetCertificateParam
CryptAllocFunc
StrToUintA
HrBSTRToLPSZ
PszDupA
PszMonthFromIndex
HrLPSZToBSTR
HrCopyStream
PszAllocW
PszSkipWhiteA
FBuildTempPathW
HrGetStreamSize
HrCopyStreamToByte
OpenFileStream
UpdateRebarBandColors
HrStreamToByte
HrIndexOfMonth
HrIsStreamUnicode
StrToUintW
HrCopyStreamCB
OpenFileStreamWithFlagsW
FreeTempFileList
HrIStreamToBSTR
StripCRLF
CchFileTimeToDateTimeSz
AppendTempFileList

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65465c23fc1a92f6fa7f0893a72fa93d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

rasman

user32

msoert2

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 293KB - Virtual size: 293KB

.data Size: 512B - Virtual size: 1.8MB

.rsrc Size: 429KB - Virtual size: 429KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 293KB - Virtual size: 293KB

.data
Size: 512B - Virtual size: 1.8MB

.rsrc
Size: 429KB - Virtual size: 429KB

.reloc
Size: 1024B - Virtual size: 1024B