0e4364d2a2d7cba5acc65dd442bd7fb731bc95561c60495095056aecc4500a53

Sharing

Copy URL

Twitter E-mail

General

Target

0e4364d2a2d7cba5acc65dd442bd7fb731bc95561c60495095056aecc4500a53
Size

4.3MB
MD5

13534b4d0256f7e642b777f325c7374e
SHA1

113c4c1f3bfc40d1e02cae65e3ca556a107042e9
SHA256

0e4364d2a2d7cba5acc65dd442bd7fb731bc95561c60495095056aecc4500a53
SHA512

15ecb3f59e46037811b5cb521690630e414364d64c7bb12a67dd3f68be9f9137dd89d39a5aad3a3ef2291194ba99ec600c6d05b401b74e0e5c73653ba3c9316f
SSDEEP

49152:fQCjRLGf7sCqlo+GkbqqVWnuN68HM+TL6IEcrHKImuzSLBrXaS2gBKQEzo4Y5q7/:fHdLrlJOIEcrHJ7zSNP2EE1hK

Score

1^/10

Malware Config

Signatures

Files

0e4364d2a2d7cba5acc65dd442bd7fb731bc95561c60495095056aecc4500a53
.exe windows x86

646eec0806ce1cf0a90022fca61edd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConnectNamedPipe
GetCommandLineW
GetModuleFileNameA
GetCurrentThreadId
CreateFileA
GetCurrentProcessId
SetUnhandledExceptionFilter
GetStdHandle
LoadLibraryExW
SearchPathW
lstrlenW
GetShortPathNameW
SetFileTime
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
SetEndOfFile
GetFileInformationByHandle
FindFirstChangeNotificationW
FindCloseChangeNotification
GetStartupInfoW
CreatePipe
OutputDebugStringW
CreateProcessW
SetEvent
CreateEventW
GetFileSize
MoveFileExW
GetSystemInfo
GetFileAttributesExW
GetLogicalDriveStringsW
CreateFileW
SetFilePointer
RemoveDirectoryW
InterlockedCompareExchange
WriteFile
FindNextFileW
CompareFileTime
ReadFile
CreateDirectoryW
OpenProcess
GetProcessId
TerminateProcess
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
RtlCaptureStackBackTrace
CreateThread
OutputDebugStringA
WideCharToMultiByte
Sleep
GetModuleHandleA
LoadLibraryA
GetVersionExA
GetExitCodeProcess
GetVersionExW
GetTickCount
IsBadReadPtr
WriteConsoleW
FlushFileBuffers
HeapSize
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
FindFirstFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
HeapReAlloc
DisconnectNamedPipe
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetFullPathNameW
FindResourceW
FindClose
SizeofResource
LoadResource
LockResource
FreeResource
MulDiv
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcess
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
GetFileAttributesW
MultiByteToWideChar
CreateMutexW
SetLastError
WritePrivateProfileStringW
GetLocalTime
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetModuleHandleW
GetLastError
RaiseException
FreeLibrary
LoadLibraryW
GetTempPathW
DeleteFileW
GetModuleFileNameW
GetProcAddress
GlobalUnlock
TlsGetValue
TlsAlloc
GetStringTypeW
FormatMessageW
TryEnterCriticalSection
GlobalLock
QueryPerformanceFrequency
QueryPerformanceCounter
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
CreateNamedPipeW
GetSystemDirectoryW
GetCurrentDirectoryW
GetTempFileNameW
GetModuleHandleExW
GetDriveTypeW
GlobalAlloc
InterlockedIncrement
SetCurrentDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
IsValidCodePage
WaitForMultipleObjects
InterlockedDecrement

user32

TrackPopupMenu
PostMessageW
UnregisterClassW
SetPropW
MoveWindow
SendMessageW
IsWindowVisible
SetForegroundWindow
GetWindowThreadProcessId
IsWindow
FindWindowW
GetActiveWindow
ShowWindow
GetSystemMetrics
GetWindowRect
SetWindowPos
GetWindow
GetDesktopWindow
GetPropW
RegisterWindowMessageW
SystemParametersInfoW
GetCursorPos
SetTimer
KillTimer
DestroyIcon
DestroyWindow
LoadCursorW
DestroyCursor
SetCursor
SetRect
CopyRect
InflateRect
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
DrawIconEx
GetDlgItem
GetClientRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
PostQuitMessage
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
GetClassNameW
GetKeyState
EnableMenuItem
CharToOemW
CreateIconIndirect
SetActiveWindow
EnableWindow
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
ClientToScreen
DrawTextW
GetWindowPlacement
LoadIconW
MessageBoxW
GetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
SystemParametersInfoA
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
LoadImageW
CreateIconFromResource
LoadBitmapW
GetIconInfo
CharNextW
GetFocus
OffsetRect
GetSysColor

gdi32

SelectClipRgn
GetTextFaceW
ExtTextOutW
SetWorldTransform
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
CreateRoundRectRgn
EnumFontsW
DeleteObject
SetGraphicsMode
GetDeviceCaps
BitBlt
GetTextMetricsW
ExtCreateRegion
GetRegionData
IntersectClipRect
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GdiFlush

comdlg32

GetOpenFileNameW

advapi32

AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
CheckTokenMembership
FreeSid
RegCloseKey

shell32

ord43
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
Shell_NotifyIconW
SHBrowseForFolderW
ord727
CommandLineToArgvW
SHGetFileInfoW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoInitialize
CreateBindCtx
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

VariantCopy
SysAllocStringByteLen
SysAllocString
VariantInit
VariantClear
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo
SysFreeString

shlwapi

PathRemoveFileSpecA
ord158
SHDeleteKeyW
StrToIntExW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathQuoteSpacesW
PathIsDirectoryW
PathStripPathW
StrStrW
StrToIntW
PathRenameExtensionW

gdiplus

GdipSaveImageToFile
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGraphicsClear
GdiplusStartup
GdipFree
GdipGetImageEncoders
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipGetImageEncodersSize

everything32

Everything_GetResultSize
Everything_GetResultDateModified
Everything_SetSearchW
Everything_IsFolderResult
Everything_GetResultPathW
Everything_GetResultFileNameW
Everything_GetNumResults
Everything_SaveDB
Everything_QueryW
Everything_SetRequestFlags

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpOpen

netapi32

Netbios

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

dbghelp

MiniDumpWriteDump

iphlpapi

IcmpSendEcho
IcmpCreateFile
GetAdaptersAddresses
GetAdaptersInfo
IcmpCloseHandle

ws2_32

inet_addr
WSACleanup
WSAStartup
gethostbyname
inet_ntoa

snmpapi

SnmpUtilOidNCmp
SnmpUtilOidCpy
SnmpUtilVarBindFree

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

opengl32

wglGetProcAddress
wglGetCurrentContext

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646eec0806ce1cf0a90022fca61edd3b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

everything32

imm32

psapi

version

winhttp

netapi32

wininet

dbghelp

iphlpapi

ws2_32

snmpapi

usp10

opengl32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 698KB - Virtual size: 698KB

.data Size: 76KB - Virtual size: 168KB

.gfids Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 478KB - Virtual size: 478KB

.reloc Size: 169KB - Virtual size: 169KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 698KB - Virtual size: 698KB

.data
Size: 76KB - Virtual size: 168KB

.gfids
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 478KB - Virtual size: 478KB

.reloc
Size: 169KB - Virtual size: 169KB