de95eb9a3d64f10ffb45d1873c452c29017ba0fd058bc13fe55dfbcc8b93848f

Sharing

Copy URL Twitter E-mail

General

Target

de95eb9a3d64f10ffb45d1873c452c29017ba0fd058bc13fe55dfbcc8b93848f
Size

3.6MB
MD5

641c3480d7110476cc574845c7cf022f
SHA1

d6d521c2027c6d3398c72e10c248402343d4379a
SHA256

de95eb9a3d64f10ffb45d1873c452c29017ba0fd058bc13fe55dfbcc8b93848f
SHA512

636d69e61073c0c7de7a146c45241a4d2720f32b6020db46902fdfc1123e2101bf628c401e322682d7a970b4cdd2e7be9545ffd46469f5a0abdf35ea965fcb69
SSDEEP

98304:zFtUIkxold4ezK/2jkp14rv+90Hkq7NIoJaMpxZd/G:nzkulhjvvfbpxZd/G

Score

1^/10

Malware Config

Signatures

Files

de95eb9a3d64f10ffb45d1873c452c29017ba0fd058bc13fe55dfbcc8b93848f
.exe windows x86

a5cdf4c5576b1c2930020f1ed6b8a5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
GetProcAddress
LockResource
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameW
CreateFileW
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeleteFileW
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
GetSystemDirectoryW
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcessId
GetLogicalDriveStringsW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
lstrcpyW
LoadLibraryW
GetDiskFreeSpaceExW
SetEndOfFile
GlobalUnlock
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
LoadResource
SizeofResource
GetModuleHandleW
FindResourceW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WinExec
GetTempPathW
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedDecrement
InterlockedIncrement
QueryPerformanceFrequency
QueryPerformanceCounter
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetDriveTypeW
SetFilePointerEx
FreeLibraryAndExitThread
GetFileAttributesExW
CreateThread
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ExitThread
FindFirstFileExW
GetFullPathNameW
WriteConsoleW
GetModuleHandleExW
RtlUnwind
GetTempFileNameW
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
FormatMessageA
PeekNamedPipe
GetStdHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
SleepEx
InitializeCriticalSection
GetFileAttributesExA
OutputDebugStringW
VirtualQuery
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
EncodePointer
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
lstrlenW
CreateDirectoryW
GetVolumeInformationW
WaitForSingleObject
GetCurrentProcess
FreeResource
AreFileApisANSI
GetVersionExW
WideCharToMultiByte
FindFirstFileW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetEnvironmentVariableW
GetLongPathNameW
VerSetConditionMask
GlobalFree
GetExitCodeProcess
GetCurrentThreadId
SetErrorMode
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount
CreateProcessW
GetWindowsDirectoryW
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
CopyFileW
MoveFileExW
MulDiv
GetVersion
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
lstrcpynW
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetLocalTime
VirtualProtect
LoadLibraryA
IsBadReadPtr
GetACP
GetCurrentDirectoryW
ExitProcess
GetFileType
SetFilePointer
SetFileTime

user32

SetTimer
InvalidateRect
LoadIconW
PostQuitMessage
IsWindow
SetForegroundWindow
FindWindowW
CharNextW
GetForegroundWindow
PostMessageW
SendMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
GetWindowRect
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SetWindowRgn
IsZoomed
IsIconic
MonitorFromWindow
IntersectRect
GetPropW
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
HideCaret
ShowCaret
LoadStringW
EndPaint
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
SetWindowTextW
GetDoubleClickTime
GetSysColor
ClientToScreen
GetCaretPos
wsprintfW
GetFocus
GetSystemMetrics
GetWindowTextW
GetDesktopWindow
GetParent
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
GetDC
ReleaseDC
PtInRect
SystemParametersInfoW
GetMonitorInfoW
GetCursorPos
OffsetRect
GetShellWindow
SetCursor
InflateRect
GetMessageW
TranslateMessage
DispatchMessageW
UpdateLayeredWindow
SetFocus
GetKeyState
SetCapture
ReleaseCapture
KillTimer
BeginPaint
SetPropW
GetUpdateRect
GetClientRect
ScreenToClient
MapWindowPoints
IsRectEmpty
GetWindow
CallWindowProcW
RegisterClassW
GetClassInfoExW
EnableWindow
SetCaretPos

gdi32

SelectClipRgn
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetTextColor
MoveToEx
TextOutW
GetObjectA

advapi32

RegDeleteValueW
CryptSignHashA
CryptDestroyHash
RegQueryValueExW
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
CryptCreateHash
RegDeleteKeyW
RegOpenKeyExW
RegEnumValueA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RegEnumKeyW
RegOpenKeyW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptEnumProvidersA

shell32

ord155
SHGetFolderPathW
SHGetDataFromIDListW
SHGetFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
SHAppBarMessage
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysAllocString
VariantClear
SysFreeString
VariantInit

gdiplus

GdipDeleteBrush
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipCloneBrush
GdipDeleteStringFormat
GdipCreateLineBrushI
GdipSetTextRenderingHint
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetPropertyItem

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

shlwapi

PathAppendW
PathFileExistsW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CryptQueryObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

msimg32

AlphaBlend

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ord17

netapi32

NetApiBufferFree
NetWkstaGetInfo

ws2_32

getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
WSAGetLastError
socket
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
__WSAFDIsSet
select
WSASetLastError
recv

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143

wininet

InternetOpenW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lffol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tvccv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sgahr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jdfkr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

recvol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lwhdop
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ugmniu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5cdf4c5576b1c2930020f1ed6b8a5b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

imm32

shlwapi

psapi

crypt32

msimg32

version

urlmon

iphlpapi

comctl32

netapi32

ws2_32

wldap32

wininet

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 490KB - Virtual size: 489KB

.data Size: 51KB - Virtual size: 97KB

.gfids Size: 512B - Virtual size: 412B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024KB - Virtual size: 39.2MB

.reloc Size: 97KB - Virtual size: 97KB

lffol Size: 4KB - Virtual size: 4KB

tvccv Size: 4KB - Virtual size: 4KB

sgahr Size: 4KB - Virtual size: 4KB

jdfkr Size: 4KB - Virtual size: 4KB

recvol Size: 4KB - Virtual size: 4KB

lwhdop Size: 4KB - Virtual size: 4KB

ugmniu Size: 4KB - Virtual size: 4KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 490KB - Virtual size: 489KB

.data
Size: 51KB - Virtual size: 97KB

.gfids
Size: 512B - Virtual size: 412B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024KB - Virtual size: 39.2MB

.reloc
Size: 97KB - Virtual size: 97KB

lffol
Size: 4KB - Virtual size: 4KB

tvccv
Size: 4KB - Virtual size: 4KB

sgahr
Size: 4KB - Virtual size: 4KB

jdfkr
Size: 4KB - Virtual size: 4KB

recvol
Size: 4KB - Virtual size: 4KB

lwhdop
Size: 4KB - Virtual size: 4KB

ugmniu
Size: 4KB - Virtual size: 4KB