11bb377d93e4f08c1138e3f4f3cb4105b7c5520a13e390bb0001b837ead56a10

Sharing

Copy URL

Twitter E-mail

General

Target

11bb377d93e4f08c1138e3f4f3cb4105b7c5520a13e390bb0001b837ead56a10
Size

370KB
MD5

de781493c0e1909d5d285e24f3828a7f
SHA1

e8f8b6e77d7eb8d602475b5a5bfa7dd63886ba74
SHA256

11bb377d93e4f08c1138e3f4f3cb4105b7c5520a13e390bb0001b837ead56a10
SHA512

9794e68ed3341610fe7b9ed9711a9fdaf73b87effd869f4383d24cc2260d826a06703cf65f71fee5add75e6e56d99ab4e80aeca0cc247c158683cadc03274014
SSDEEP

6144:IdU0vgelYf8q1RlvoHLGzoybCaiS1yqCo4IDRaAtmNo9TBTIO:IS2q1RlvoHyfiS1N4IbmNo9Tn

Score

N/A

Malware Config

Signatures

Files

11bb377d93e4f08c1138e3f4f3cb4105b7c5520a13e390bb0001b837ead56a10
.exe windows x86

609d9929b0666b68c797bda4356af415

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
ImpersonateLoggedOnUser
LogonUserA

kernel32

LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleHandleW
InterlockedIncrement
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFlags
SetErrorMode
GetCPInfo
GetOEMCP
GetTickCount
ExitProcess
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
TlsSetValue
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
WritePrivateProfileStringA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleA
GetProcAddress
FindNextFileA
GetComputerNameA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
WinExec
CreateMutexA
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
ReleaseMutex
GetLastError
GetModuleFileNameA
VirtualProtect

user32

RegisterClipboardFormatA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
UnregisterClassA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
DestroyMenu
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
CharUpperA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
SetFocus
IsWindowEnabled
MessageBoxA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
PostMessageA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
PostThreadMessageA
GetSystemMetrics
LoadIconA
EnableWindow
SetTimer
IsWindowVisible
GetClientRect
IsIconic
SendMessageA
DrawIcon
GetDesktopWindow
EnumWindows
GetWindowTextA
FindWindowExA
ShowWindow
BringWindowToTop
SetForegroundWindow
PtInRect

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
SaveDC
RestoreDC
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemFree
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
SysAllocString

ws2_32

shutdown
connect
ntohs
inet_ntoa
WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
inet_addr
bind
WSAGetLastError
WSASetLastError
listen
sendto
recvfrom
WSAAsyncSelect
setsockopt
recv
send

Exports

Exports

GetSyncObject
StartFileTransfer
StopTransfer

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

609d9929b0666b68c797bda4356af415

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 273KB - Virtual size: 272KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 11KB - Virtual size: 31KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 273KB - Virtual size: 272KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 11KB - Virtual size: 31KB

.rsrc
Size: 13KB - Virtual size: 13KB