a643ec22ec88c50a86ef93304a3878063263a79c8f07ebaa7dd821838920eaab

Sharing

Copy URL Twitter E-mail

General

Target

a643ec22ec88c50a86ef93304a3878063263a79c8f07ebaa7dd821838920eaab
Size

2.9MB
MD5

b16a372cc39614467e6bad38f3dea6de
SHA1

b53fac4fc07f4697b76e240369d163a3de74d365
SHA256

a643ec22ec88c50a86ef93304a3878063263a79c8f07ebaa7dd821838920eaab
SHA512

66bdb323cd877be79ba2f4cc1d66dc5c4c21de52c77c66feade453808a8c55477875e407479ca89d8d10c5294f39a0379131baf9c4cc051ec665971b0a5cd8d1
SSDEEP

49152:JoTJxc/t/JTPyZDsxMCuESS/BIxzVJR4ymJ7gS2m0ph0cwjgye3DU:uTw/t/WshVSzRgJ2mAh0cwji4

Score

N/A

Malware Config

Signatures

Files

a643ec22ec88c50a86ef93304a3878063263a79c8f07ebaa7dd821838920eaab
.exe windows x86

a6a3104b6f2c97f9f73daf2b6f22d0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRootW
SHSetValueW
SHGetValueW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathCanonicalizeW

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup
WSCGetProviderPath
WSCEnumProtocols
WSCDeinstallProvider
WSCWriteProviderOrder
WSCInstallProvider

kernel32

MoveFileExW
DeleteFileW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
InterlockedCompareExchange
CreateMutexW
GetLastError
GetCommandLineW
CreateThread
InitializeCriticalSectionAndSpinCount
Sleep
GetSystemDirectoryA
ExpandEnvironmentStringsA
LoadLibraryA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
ExpandEnvironmentStringsW
CreateEventW
GetNativeSystemInfo
GetCurrentThreadId
GetUserDefaultUILanguage
FreeResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
InterlockedIncrement
InterlockedDecrement
ExitProcess
lstrlenA
lstrlenW
FindClose
GetFileAttributesExW
FlushFileBuffers
OpenMutexW
ReleaseMutex
SetLastError
GetStartupInfoW
LocalFree
GetProcessHeap
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
CompareStringW
GetCPInfo
LCMapStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
RtlUnwind
HeapSetInformation
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
RaiseException
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
GetSystemDirectoryW
GetTickCount
GetDiskFreeSpaceExW
MoveFileW
CopyFileW
GetFileAttributesW
GetTempPathW
WriteFile
CreateFileW
GetModuleFileNameW
GetCurrentProcessId
GetPrivateProfileStringW
GetCurrentProcess
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
lstrcmpW
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForSingleObject
TerminateProcess
Process32NextW
OpenProcess
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
FormatMessageA
OutputDebugStringA

user32

HideCaret
GetFocus
ShowCaret
GetSysColor
CreateCaret
SetCaretPos
SystemParametersInfoW
GetDC
GetSystemMetrics
SetRectEmpty
wsprintfW
FindWindowW
SendMessageW
PostQuitMessage
IsWindow
CreateWindowExW
SetFocus
SetWindowTextW
ShowWindow
SetTimer
KillTimer
DrawTextW
DrawFocusRect
IntersectRect
PostMessageW
ClientToScreen
SetWindowRgn
ScreenToClient
SetActiveWindow
GetMessageW
LoadImageW
SetCapture
MoveWindow
SetCursor
LoadCursorW
EnableWindow
GetClassInfoExW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
InvalidateRect
DestroyWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
BeginPaint
GetClientRect
UpdateLayeredWindow
IsZoomed
GetKeyState
IsWindowEnabled
TranslateMessage
OffsetRect
BringWindowToTop
PeekMessageW
GetDesktopWindow
GetCursorPos
GetActiveWindow
EndPaint
ReleaseDC
GetWindowRect
PtInRect
GetParent
DispatchMessageW
GetWindow
CallWindowProcW
UpdateWindow
MapWindowPoints
ReleaseCapture
PostThreadMessageW

gdi32

GetObjectW
SetTextColor
CreateDIBSection
SelectObject
CreateFontIndirectW
DeleteDC
CreateRectRgn
OffsetRgn
CreateCompatibleBitmap
CombineRgn
SetRectRgn
GetDeviceCaps
DeleteObject
BitBlt
GetTextColor
ExtSelectClipRgn
GetClipBox
ExtTextOutW
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
CreateCompatibleDC
SetBkColor

advapi32

IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
GetSidIdentifierAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ord165
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
OleInitialize
CoInitialize
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysAllocString
SysFreeString
SysStringLen

comctl32

_TrackMouseEvent
ord17

msimg32

GradientFill
AlphaBlend

riched20

ord4

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse

wsock32

htons
htonl

iphlpapi

GetBestRoute
GetIpAddrTable
GetIfTable
GetBestInterface

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6a3104b6f2c97f9f73daf2b6f22d0c1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

riched20

winhttp

wsock32

iphlpapi

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 684KB

.rdata Size: 173KB - Virtual size: 173KB

.data Size: 15KB - Virtual size: 31KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 55KB - Virtual size: 54KB

.text
Size: 684KB - Virtual size: 684KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 15KB - Virtual size: 31KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 55KB - Virtual size: 54KB