ef5f99832d950f3b018eaf6b2f8ab2f1a17056ca41500ee7b04aa8b20617f40d

Sharing

Copy URL Twitter E-mail

General

Target

ef5f99832d950f3b018eaf6b2f8ab2f1a17056ca41500ee7b04aa8b20617f40d
Size

4.6MB
MD5

7c72b361a8511ca89ae5d63891bd942c
SHA1

987504cbaafffe65483bb567817aab2122d9a49f
SHA256

ef5f99832d950f3b018eaf6b2f8ab2f1a17056ca41500ee7b04aa8b20617f40d
SHA512

797dfac8cef3b51b7be5678723a1cf21b1be63525517db392b25f9bd041a8c8dfb9713f8e2838f6b34870f2169282f97c480c37e2a5774598252311b5dd01f3b
SSDEEP

49152:pOggMOYcAFN71EZRQbG60uIP5qKJYiptpqial4YTmQ+9Uv:RpOM7GZ84rP5nDOY7

Score

N/A

Malware Config

Signatures

Files

ef5f99832d950f3b018eaf6b2f8ab2f1a17056ca41500ee7b04aa8b20617f40d
.exe windows x86

e0ce72bba11667273685bd21b0491892

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetEnvironmentVariableW
lstrcmpW
GetTickCount
CloseHandle
SetUnhandledExceptionFilter
CopyFileW
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FindClose
SetDllDirectoryW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
GetProcAddress
DeleteFileA
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
GetOEMCP
IsValidCodePage
GetFileAttributesExW
MoveFileExW
HeapQueryInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFullPathNameA
GetFullPathNameW
SetConsoleCtrlHandler
OutputDebugStringA
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
ExitThread
WriteConsoleW
GetSystemInfo
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
GetModuleFileNameA
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
VirtualQuery
InitializeSListHead
DeleteFileW
GetLocalTime
Sleep
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
IsBadStringPtrA
IsBadStringPtrW
GetACP
MultiByteToWideChar
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
GetFileSize
ReadFile
FindResourceW
CreateFileW
GetLastError
OutputDebugStringW
ExitProcess
MulDiv
GetCurrentProcess
GetFileType
WriteFile
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
WideCharToMultiByte
lstrcmpiW
GetThreadLocale
CreateFileA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExW
RtlUnwind
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FormatMessageA
InitializeCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObject
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
DecodePointer
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetNativeSystemInfo
GetTempPathW
ResumeThread
OpenProcess
GetExitCodeProcess
CreateProcessW
WTSGetActiveConsoleSessionId
ReleaseMutex
CreateMutexW
GetDiskFreeSpaceExW
lstrlenW
SetHandleInformation
CreatePipe
FormatMessageW
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetStringTypeW
CreateEventW
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
RtlCaptureStackBackTrace

user32

SetWindowLongW
GetDC
SetForegroundWindow
InvalidateRect
PostMessageW
DefWindowProcW
GetWindowLongW
GetWindowThreadProcessId
FindWindowExW
GetDesktopWindow
UnregisterClassW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
MessageBoxW
SetWindowRgn
IsZoomed
GetWindowRgn
MoveWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
GetSystemMetrics
EnableWindow
ShowWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PostQuitMessage
SetRect
wsprintfW
FillRect
DrawTextW
wvsprintfW
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
GetParent
GetWindow
CharPrevW

shell32

CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance

ws2_32

socket
recvfrom
listen
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
ntohl
htonl
gethostname
ioctlsocket
setsockopt
accept
WSAIoctl
getaddrinfo
freeaddrinfo
sendto

advapi32

FreeSid
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
CryptEncrypt
CryptImportKey
CryptDestroyKey
AllocateAndInitializeSid
LookupPrivilegeValueW
CreateProcessAsUserW
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyValueW
CryptDestroyHash

crypt32

CertFreeCertificateContext

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

gdiplus

GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBitmapAreaI
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipAlloc
GdipSetSmoothingMode
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateLineBrushI

shlwapi

wvnsprintfW
PathRelativePathToW
StrCmpW
PathFileExistsA
PathStripPathW
PathRemoveFileSpecW
PathFileExistsW

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

urlmon

URLDownloadToFileW

winmm

timeGetTime

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

netapi32

NetApiBufferFree
NetUserGetInfo

gdi32

SaveDC
GetObjectType
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
RestoreDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
GetTextMetricsW
CreatePatternBrush
GetObjectW
PtInRegion
CreateRectRgn
GetObjectA
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
CreatePenIndirect
CombineRgn
GetClipBox
GetDeviceCaps
GetCharABCWidthsW
CreateSolidBrush
CreateRoundRectRgn
SetWindowOrgEx
GetTextExtentPoint32W
CreateRectRgnIndirect

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.textbss
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0ce72bba11667273685bd21b0491892

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

ws2_32

advapi32

crypt32

wldap32

gdiplus

shlwapi

wininet

urlmon

winmm

comctl32

imm32

wtsapi32

netapi32

gdi32

oleaut32

Sections

.textbss Size: - Virtual size: 1.7MB

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 672KB - Virtual size: 671KB

.data Size: 28KB - Virtual size: 60KB

.idata Size: 16KB - Virtual size: 16KB

.gfids Size: 7KB - Virtual size: 7KB

.00cfg Size: 512B - Virtual size: 260B

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 137KB - Virtual size: 136KB

.textbss
Size: - Virtual size: 1.7MB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 672KB - Virtual size: 671KB

.data
Size: 28KB - Virtual size: 60KB

.idata
Size: 16KB - Virtual size: 16KB

.gfids
Size: 7KB - Virtual size: 7KB

.00cfg
Size: 512B - Virtual size: 260B

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 137KB - Virtual size: 136KB