90f08f99a85f3abe31021c286ce3679b6859e979a1bf0cf844fb80918ba76185

Sharing

Copy URL Twitter E-mail

General

Target

90f08f99a85f3abe31021c286ce3679b6859e979a1bf0cf844fb80918ba76185
Size

454KB
MD5

5b394feef45d624105239417fa1b6f80
SHA1

b740de7e88fb9b5997d5a53d5ca69cb3a4e7914d
SHA256

90f08f99a85f3abe31021c286ce3679b6859e979a1bf0cf844fb80918ba76185
SHA512

6d1b38e203d2186925656d106fd5d4e247f6a0ed6be59059852f754b64667f9b2a6e671568811cee0b97fde122941dfed57b39cb22cc5b8e6dff0a333269c8e9
SSDEEP

12288:D9qTszUdtyRuD+aKq2JKEID7Of/SxPKsZAq:SsQTyRuDfKq2KhPOfaxPKsZ

Score

N/A

Malware Config

Signatures

Files

90f08f99a85f3abe31021c286ce3679b6859e979a1bf0cf844fb80918ba76185
.exe windows x86

c9c70be5c436335e6a4071e2c79e563f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
FreeLibrary
GetProcAddress
GetFileAttributesA
FindFirstFileA
FindClose
GetCurrentProcess
FindFirstFileW
GetConsoleCP
FindNextFileW
CreateDirectoryW
CreateDirectoryA
Sleep
FindNextFileA
CopyFileA
MoveFileA
DeleteFileA
GetTickCount
GetTempPathA
FindResourceA
GetModuleHandleA
CreateFileA
SetFilePointer
WriteFile
LoadLibraryA
OpenProcess
GetExitCodeProcess
TerminateProcess
GlobalLock
CloseHandle
GetConsoleWindow
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InterlockedCompareExchange
GetLocaleInfoA
HeapFree
lstrlenA
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GlobalFree
GlobalUnlock
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ReadFile
GetTimeZoneInformation
ExitProcess
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeW
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
HeapAlloc
GetSystemTimeAsFileTime
InitializeCriticalSection

user32

MessageBoxA
SetFocus
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
ShowWindow
IsWindowVisible
GetWindowTextA
SetCursorPos
mouse_event
GetCursorPos
GetDesktopWindow
GetClientRect
MapVirtualKeyExW
GetKeyboardLayout
keybd_event
EnumWindows
ExitWindowsEx
MapVirtualKeyW
FindWindowA
IsIconic
SetActiveWindow
SendMessageW
SetForegroundWindow
GetDC

gdi32

GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHFileOperationA

ole32

OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString

ws2_32

WSAStartup
WSACleanup
closesocket
socket
htons
getservbyname
inet_addr
gethostbyname
ioctlsocket
connect
WSAGetLastError
select
__WSAFDIsSet
send
gethostname
recv

shlwapi

PathFindExtensionW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpGetFileA
FtpCreateDirectoryA
FtpPutFileA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9c70be5c436335e6a4071e2c79e563f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

gdiplus

psapi

wininet

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 53KB - Virtual size: 52KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 19KB - Virtual size: 18KB