df58a47219de4f6d95a638e90f3f10949372d19abb3fcbd0fb7c6d8256c184bf

Sharing

Copy URL Twitter E-mail

General

Target

df58a47219de4f6d95a638e90f3f10949372d19abb3fcbd0fb7c6d8256c184bf
Size

1.1MB
MD5

be7bd15f56b722ac1485f81fd737d311
SHA1

aa87d71b1f4aa55f83d4e82b53e66f5e2dbcdc05
SHA256

df58a47219de4f6d95a638e90f3f10949372d19abb3fcbd0fb7c6d8256c184bf
SHA512

e57a7609e87da15a3a44329290154ac80595650f3f14685b726ad63adc7d529c1b893502d1c6ef646d52cb448aab8729060bb2763d319338b9966d54cb64a340
SSDEEP

12288:kESls4zDBO7etniWbE+TaXtRCNPf+B174YOSDXBJtGdojp9MjCX9iGDGCaPMt/oZ:O1CtGOV9S4KCaP624HH0Aq60vvWK0KL

Score

N/A

Malware Config

Signatures

Files

df58a47219de4f6d95a638e90f3f10949372d19abb3fcbd0fb7c6d8256c184bf
.exe windows x86

757e54ce8a9ef08cdcb158aab9be792d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ta

g_wHotkeyShow_ControlPanel_VirtualKeyCode
g_wHotkeyShow_ControlPanel_Modifiers
_ReleaseHook@0
g_chDisabledIMEWindowClassName
_InitHook@8
_GetProgramName@8
g_iTest
g_iCaretWidth
g_iCaretHeight
g_caretPos_y
g_caretPos_x
g_hwndFocusAppPopupWnd
g_iFocusAppPopupWndNum
g_bPopWndBlocked
g_bShowPopupWndPreview
g_iCurNumInListCtrl
g_hklCurInputWnd
g_chCurAppName
g_bBlockMsgInMySpell
g_hFocusWnd
g_chDeadKeyOutput
g_bTypedMatched
g_bCurIMEEnabled
g_bCurAppDisabled
g_iDelayPopupWindow
g_LenTextOutStr
g_iTypedLen
g_chKeyBDEnabled
g_wHotkeyShow_Alternate_VirtualKeyCode
g_wHotkeyShow_Alternate_Modifiers
g_wHotkeyShow_AutoLaunch_VirtualKeyCode
g_wHotkeyShow_AutoLaunch_Modifiers
g_wHotkeyShow_AutoClipboard_VirtualKeyCode
g_wHotkeyShow_AutoClipboard_Modifiers
g_iSpecialWindowType
g_wHotkeyShow_AutoExpand_VirtualKeyCode
g_wHotkeyShow_AutoExpand_Modifiers
g_wHotkeyEnDisApp_VirtualKeyCode
g_wHotkeyEnDisApp_Modifiers
g_bAppEnable
g_bBlockKeyMsgFunction
g_bBlockKeyMsgDigital
g_uHotKeyComplete
g_bHookTextOut
g_bCompatibleWithOtherPopupWnd
g_bSetDisabledApp
g_chDisabledApp
g_bIsTADisabledApp
g_hFocusWndReserved

kernel32

CreateEventW
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
LocalAlloc
LeaveCriticalSection
SuspendThread
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GlobalFlags
SetErrorMode
GetFileAttributesW
GetFileSizeEx
GetTickCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapReAlloc
ExitThread
CreateThread
SetStdHandle
GetFileType
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetModuleHandleA
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
FreeResource
GlobalFree
FormatMessageW
LocalFree
MulDiv
lstrlenA
lstrcmpA
WideCharToMultiByte
LoadLibraryA
ExpandEnvironmentStringsA
GetVersionExW
GetLocalTime
GetSystemDefaultLangID
lstrcmpW
lstrcpyW
lstrlenW
GetCommandLineW
CreateMutexW
GetWindowsDirectoryW
GetFileSize
CreateFileW
Module32FirstW
OpenProcess
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetFileTime
GetCurrentThreadId
Beep
SetFileTime
MultiByteToWideChar
DeleteFileW
CreateDirectoryW
FreeLibrary
GetSystemTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
TlsGetValue
InterlockedCompareExchange

user32

UnregisterClassW
CharNextW
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
CharUpperW
DestroyMenu
WindowFromPoint
GetMessageW
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
MapVirtualKeyW
GetKeyNameTextW
GetMenuCheckMarkDimensions
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
SetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetMenuStringW
MapWindowPoints
SetRect
IsWindow
RegisterHotKey
GetKeyboardLayoutList
DrawTextW
OpenClipboard
EnumClipboardFormats
GetClipboardFormatNameW
GetClipboardData
DrawIcon
IsIconic
SetParent
SetMenuDefaultItem
SetClipboardViewer
RegisterWindowMessageW
ShowWindow
DrawFocusRect
TrackPopupMenuEx
EnableMenuItem
SetCapture
ReleaseCapture
GetMenuState
InsertMenuW
CreatePopupMenu
CreateMenu
AppendMenuW
RemoveMenu
FillRect
CopyRect
DrawStateW
InflateRect
MessageBoxW
DestroyIcon
RedrawWindow
LoadCursorW
SetCursor
CheckMenuItem
ClientToScreen
SetCursorPos
PtInRect
GetWindowTextW
VkKeyScanExW
AttachThreadInput
GetWindowThreadProcessId
MoveWindow
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadKeyboardLayoutW
SetTimer
AnimateWindow
SetActiveWindow
keybd_event
KillTimer
ReleaseDC
GetDC
SetWindowLongW
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
SetClipboardData
EnableWindow
LoadIconW
GetClassNameW
SendMessageW
GetWindowRect
OffsetRect
GetSysColor
PostQuitMessage
SetForegroundWindow
SetFocus
GetClientRect
InvalidateRect
UpdateWindow
GetWindow
GetParent
GetKeyState
GetFocus
IsWindowVisible
LoadBitmapW
DrawIconEx
LoadMenuW
GetSubMenu
GetMenuItemCount
GetMenuItemID
ModifyMenuW
SetMenuItemBitmaps
GetCursorPos
TrackPopupMenu
GetWindowLongW
ChangeClipboardChain
GetPriorityClipboardFormat
UnregisterHotKey
GetDesktopWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
IsWindowEnabled

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
DeleteObject
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateRectRgnIndirect
CreateCompatibleBitmap
PatBlt
CreateFontW
GetStockObject
CreateFontIndirectW
GetObjectW
BitBlt
CreateCompatibleDC
Rectangle
CreatePen
EnumFontFamiliesExW
GetTextMetricsW
GetTextExtentPoint32W
MoveToEx
GetRgnBox
GetTextColor
GetBkColor
StretchDIBits
GetCharWidthW
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateSolidBrush

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
IsTextUnicode
RegSetValueExW
CryptAcquireContextW
CryptDeriveKey
RegCreateKeyExW
CryptReleaseContext
CryptEncrypt
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyW

shell32

ExtractIconW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
VariantCopy

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

Sections

.text
Size: 798KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

757e54ce8a9ef08cdcb158aab9be792d

Headers

DLL Characteristics

File Characteristics

Imports

ta

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

version

psapi

Sections

.text Size: 798KB - Virtual size: 797KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 21KB - Virtual size: 39KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 798KB - Virtual size: 797KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 21KB - Virtual size: 39KB

.rsrc
Size: 102KB - Virtual size: 101KB