48e2533e97891e7e419b33979c18bf7551eda9d52c18423e14288ad02583fb35

Sharing

Copy URL

Twitter E-mail

General

Target

48e2533e97891e7e419b33979c18bf7551eda9d52c18423e14288ad02583fb35
Size

2.0MB
MD5

ae317b73c8a9f8af7cb34d6fd56ba8ab
SHA1

9b9856c484351d3874fc808a4cf3075b34af0ca1
SHA256

48e2533e97891e7e419b33979c18bf7551eda9d52c18423e14288ad02583fb35
SHA512

dbac66f7cfadaf964b4328b4e0d5e736625252c25f25afbcc7905a65b870cf5ee55632ff7cabd44dff4e1d57b5a6b6671e032412987f9e548edae8af54bdb459
SSDEEP

49152:HN8hNWRJwlJyVVKQPTcdepaKkhL3Us0oRiRu:H6hKJ6kVKQ2epaKkhL3Us0oRiR

Score

N/A

Malware Config

Signatures

Files

48e2533e97891e7e419b33979c18bf7551eda9d52c18423e14288ad02583fb35
.exe windows x86

0f0592181044e50da304f1088b804cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetFileAttributesExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
ExitThread
GetModuleHandleExW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
Process32FirstW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
lstrcmpW
CloseHandle
GetPrivateProfileStringW
RemoveDirectoryW
GetLastError
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetCommandLineW
GetPrivateProfileStringA
InterlockedIncrement
CopyFileW
SetUnhandledExceptionFilter
GetACP
MultiByteToWideChar
GetCurrentDirectoryW
GetVersionExW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateFileA
GetThreadLocale
lstrcmpiW
WideCharToMultiByte
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
SetFileTime
WriteFile
GetFileType
GetCurrentProcess
CreateFileW
ReadFile
GetFileSize
MulDiv
FindResourceW
SizeofResource
LoadResource
ExitProcess
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateEventW
QueryPerformanceCounter
GetCurrentThread
WaitForSingleObjectEx
TryEnterCriticalSection
GetStringTypeW
SetHandleInformation
CreatePipe
ReleaseMutex
CreateMutexW
OutputDebugStringW
GetExitCodeProcess
CreateProcessW
WTSGetActiveConsoleSessionId
GetTempPathW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
LocalFree
ResumeThread
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
WaitForSingleObject
CreateToolhelp32Snapshot
DeleteFileW
InterlockedDecrement
LockResource
GetModuleFileNameW
lstrlenW
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
Sleep
FormatMessageA
GetSystemTimeAsFileTime
InitializeCriticalSection
GetPrivateProfileIntA
WritePrivateProfileStringA
GetNativeSystemInfo
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
GetModuleFileNameA
GetShortPathNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
LoadLibraryW
SetDllDirectoryW
GetProcAddress
GetModuleHandleW
FreeResource
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
SetLastError
RaiseException
RtlUnwind
EncodePointer
WriteConsoleW
SetEndOfFile
SetFilePointer
Process32NextW
GetSystemDirectoryW
GetStartupInfoW
GetTickCount

user32

OffsetRect
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
UnionRect
MonitorFromWindow
LoadImageW
IsWindowVisible
GetParent
SetCursor
wvsprintfW
GetDC
IsWindow
SetFocus
GetWindowRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
MessageBoxW
PostQuitMessage
SetWindowPos
GetClassInfoExW
CreateWindowExW
ShowWindow
IsIconic
EnableWindow
GetSystemMetrics
GetClientRect
DestroyWindow
CharNextW
GetActiveWindow
GetPropW
SetPropW
SetWindowLongW
GetWindowLongW
SendMessageW
PtInRect
IsRectEmpty
GetWindow
GetMonitorInfoW
SetRect
DrawTextW
CharPrevW
GetGUIThreadInfo
FillRect
ClientToScreen
InvalidateRgn
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
IsZoomed
SetWindowRgn
MoveWindow
CreateAcceleratorTableW
GetWindowRgn

gdi32

SaveDC
CreatePatternBrush
PtInRegion
CreateRectRgn
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
GetDeviceCaps
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

shell32

CommandLineToArgvW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

ws2_32

gethostname
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
htonl
ntohl
WSAStartup

advapi32

CheckTokenMembership
RegEnumKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegDeleteKeyW
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExW

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

gdiplus

GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipSetInterpolationMode
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdipAlloc
GdipGetPropertyItem
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont

shlwapi

StrCmpW
PathFileExistsW
PathRemoveFileSpecW
PathFileExistsA

comctl32

ord17
_TrackMouseEvent

imm32

ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f0592181044e50da304f1088b804cd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

ws2_32

advapi32

crypt32

wldap32

gdiplus

shlwapi

comctl32

imm32

wtsapi32

netapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 15KB - Virtual size: 43KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 428KB - Virtual size: 428KB

.reloc Size: 68KB - Virtual size: 68KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 15KB - Virtual size: 43KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 428KB - Virtual size: 428KB

.reloc
Size: 68KB - Virtual size: 68KB