a705a8e271715b38e1e30b5dcf350796a7c8ce07a82bea10fd49b5ab465b3743

Sharing

Copy URL Twitter E-mail

General

Target

a705a8e271715b38e1e30b5dcf350796a7c8ce07a82bea10fd49b5ab465b3743
Size

445KB
MD5

51f390f0b6f9b9700f1eb6fd884bd098
SHA1

d62ed04ca75caaa3ae0b0ba74a4941d0132f81fe
SHA256

a705a8e271715b38e1e30b5dcf350796a7c8ce07a82bea10fd49b5ab465b3743
SHA512

e37545abb85f0c720020bda92b90cef065eed9e52641c89926e1eeef840cc60bd517760d0525fb35b9fe33de08a6ae948c0db23511da3bca923cf921292b3434
SSDEEP

6144:axm+W7Z9S09WenujDs9Rj1Xig73vLWAmawwIzH1xWB/fmEBsyUP7+BiUmdIDa6ng:awFbcWgtzWsElUP7+Bl52+nXEOjJ+D

Score

N/A

Malware Config

Signatures

Files

a705a8e271715b38e1e30b5dcf350796a7c8ce07a82bea10fd49b5ab465b3743
.exe windows x86

4004bfadad8df2c54f8490e192da7db4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

ntdll

RtlAllocateHeap

shell32

ExtractIconW
DragAcceptFiles
CommandLineToArgvW
DragQueryFileW
SHGetSpecialFolderPathW
DragFinish
Shell_NotifyIconW
ExtractIconW
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderLocation
ShellAboutW
DragQueryFileW
SHGetMalloc
ShellAboutW
DragFinish
ExtractIconExW
ShellExecuteExW
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHChangeNotify
SHChangeNotify
DragQueryFileW
ExtractIconExW
ExtractIconW
DragFinish
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellAboutW
SHGetFileInfoW
ExtractIconW
Shell_NotifyIconW
ShellAboutW
Shell_NotifyIconW
Shell_NotifyIconW
CommandLineToArgvW
ExtractIconW
SHGetPathFromIDListW
ShellExecuteExW
DragQueryFileW
SHGetFileInfoW
SHGetDesktopFolder
DragFinish
ShellAboutW
SHChangeNotify
ShellExecuteExW
DragFinish
SHChangeNotify
SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderLocation
ExtractIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
ExtractIconExW
ShellExecuteExW
ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragAcceptFiles
ExtractIconW

user32

GetDC
GetMessageW
GetDlgItem
DestroyWindow
GetMessageW
GetWindowRect
SetTimer
CreateWindowExW
DestroyWindow
DestroyWindow
CreateWindowExW
GetDlgItem
CreateWindowExW
PostMessageW
SendMessageW
DestroyWindow
GetDC
PostMessageW
PostMessageW
LoadIconW
LoadIconW
LoadIconW
DefWindowProcW
GetDlgItem
GetDlgItem
GetDC
GetDC
CreateWindowExW
GetMessageW
SendMessageW
PostMessageW
ReleaseDC
CreateWindowExW
GetWindowRect
GetWindowRect
DestroyWindow
GetSystemMetrics
GetDlgItem
GetSystemMetrics
SendMessageW
LoadIconW
CreateWindowExW
DestroyWindow
GetSystemMetrics
LoadIconW
LoadIconW
GetDlgItem
SendMessageW
GetDlgItem
CreateWindowExW
GetSystemMetrics
ShowWindow
GetDC
PostMessageW
ShowWindow
DestroyWindow
SetTimer
SendMessageW
SetTimer
ShowWindow
LoadIconW
GetDC
GetWindowRect
SendMessageW
GetDC
LoadIconW
DestroyWindow
GetDC
GetDlgItem
SendMessageW
DestroyWindow
GetDC
DefWindowProcW
GetDlgItem
DefWindowProcW
ShowWindow
DestroyWindow
EndPaint
SetTimer
ReleaseDC
LoadIconW
SendMessageW
DestroyWindow
SetTimer
DestroyWindow
DefWindowProcW
GetMessageW
CreateWindowExW
DestroyWindow
ShowWindow
CreateWindowExW
GetMessageW
GetDlgItem
GetSystemMetrics
PostMessageW
GetMessageW
GetMessageW
CreateWindowExW
SetTimer
GetMessageW
ReleaseDC
PostMessageW
DestroyWindow
DestroyWindow
GetDC

kernel32

QueryPerformanceCounter
VirtualFree
SetUnhandledExceptionFilter
LocalFree
GetTickCount
GetACP
GetACP
VirtualFree
GetCurrentProcessId
GetModuleFileNameA
FormatMessageW
GetCurrentProcessId
GetModuleHandleA
GetCommandLineW
GetACP
FormatMessageW
GetACP
GetModuleFileNameA
GetCommandLineA
VirtualFree
GetModuleFileNameA
GetCommandLineW
GetTickCount
GetCommandLineW
GetModuleHandleA
GetCommandLineA
GetCurrentProcess
GetCommandLineW
GetCurrentThreadId
LocalFree
GetCurrentProcessId
GetCommandLineA
GetCurrentProcessId
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetProcessHeap
LocalFree
QueryPerformanceCounter
GetACP
FormatMessageW
LocalAlloc
FormatMessageW
GetACP
GetACP
GetProcessHeap
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameA
WaitForSingleObject
GetModuleFileNameA
GetCurrentThreadId
WaitForSingleObject
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleA
GetProcessHeap
GetCommandLineW
SetEvent
MultiByteToWideChar
GetModuleHandleW
GetCurrentProcessId
FormatMessageW
GetCurrentThreadId
GetModuleHandleW
QueryPerformanceCounter
LocalFree
GetModuleHandleW
GetCommandLineA
LocalFree
SetEvent
SetUnhandledExceptionFilter
GetTickCount
GetProcessHeap
GetTickCount
GetCommandLineA
GetCurrentThreadId
GetModuleHandleW
SetUnhandledExceptionFilter
GetACP
MultiByteToWideChar
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcess
LocalAlloc
GetModuleFileNameA
LocalFree

gdi32

PatBlt
SelectObject
CreateCompatibleDC
MoveToEx
GetTextMetricsW
GetTextMetricsW
SelectObject
CreateCompatibleDC
LineTo
DeleteObject
DeleteDC
DeleteObject
SetBkMode
SetTextColor
BitBlt
SetBkMode
GetTextMetricsW
LineTo
LineTo
GetDeviceCaps
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
PatBlt
GetTextMetricsW
CreateCompatibleDC
PatBlt
GetObjectW
GetStockObject
CreateCompatibleBitmap
SetBkColor
MoveToEx
GetDeviceCaps
GetObjectW
LineTo
GetDeviceCaps
GetStockObject
GetObjectW
GetTextMetricsW
SelectObject
DeleteObject
DeleteObject
PatBlt
GetDeviceCaps
SetBkColor
DeleteDC
GetObjectW
SetTextColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetObjectW
MoveToEx
SelectObject
MoveToEx
SelectObject
GetObjectW
BitBlt
SetTextColor
CreateCompatibleDC
SetBkColor
DeleteDC
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
SetTextColor
GetObjectW
DeleteObject
SetBkColor
LineTo
GetStockObject
SelectObject
MoveToEx
GetDeviceCaps
DeleteObject
SelectObject
SetBkColor
CreateCompatibleDC
GetTextMetricsW
DeleteObject
GetTextMetricsW
MoveToEx
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
BitBlt
MoveToEx
GetTextMetricsW
SelectObject
DeleteDC
BitBlt
PatBlt
SetBkColor
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegEnumKeyExW
RegSetValueExW
FreeSid
RegCloseKey
RegCloseKey
RegDeleteValueW
CloseServiceHandle
RegEnumKeyExW
AddAccessAllowedAce
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
OpenThreadToken
SetSecurityDescriptorDacl
RegDeleteKeyW
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyW
OpenProcessToken
SetSecurityDescriptorDacl
RegCloseKey
OpenThreadToken
AddAccessAllowedAce
OpenProcessToken
InitializeSecurityDescriptor
RegSetValueExA
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
InitializeAcl
CloseServiceHandle
RegCreateKeyExA
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
OpenProcessToken
RegDeleteValueW
InitializeAcl
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyW
RegDeleteKeyW
GetLengthSid
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExW
OpenThreadToken
AllocateAndInitializeSid
RegCreateKeyExW
GetTokenInformation
RegSetValueExW
AllocateAndInitializeSid
AddAccessAllowedAce
RegEnumValueW
CloseServiceHandle
RegDeleteValueW
RegQueryInfoKeyW
CloseServiceHandle
RegSetValueExA
GetTokenInformation

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4004bfadad8df2c54f8490e192da7db4

Headers

File Characteristics

Imports

ntdll

shell32

user32

kernel32

gdi32

advapi32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 11KB - Virtual size: 960KB

.data Size: 411KB - Virtual size: 412KB

.pdata Size: 512B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 11KB - Virtual size: 960KB

.data
Size: 411KB - Virtual size: 412KB

.pdata
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB