1fdf233a3333ad724ddd598ead62675623850b4a7722c398a21ecf1f667e3bb1

Sharing

Copy URL Twitter E-mail

General

Target

1fdf233a3333ad724ddd598ead62675623850b4a7722c398a21ecf1f667e3bb1
Size

2.1MB
MD5

a3139a7bca9a5bc2a243a15e47f4191c
SHA1

e616979ec5b2b066a1d9b0e28c943f14f56d151b
SHA256

1fdf233a3333ad724ddd598ead62675623850b4a7722c398a21ecf1f667e3bb1
SHA512

cbc4245b7a1473aa0f1ed1f125a6bdb4445496a48047deee89d9b2546da972fbbd0288e6d2143047f524ca15a422dfd6cc8396a58ce75e7317bd78e1992f5897
SSDEEP

49152:JaqKYiApCjI8uDmJTHnOXm0+3PHswmr3Xu2EOQRRRhMd:JfiAp4ruDmJjN0+fHopEOQLRW

Score

1^/10

Malware Config

Signatures

Files

1fdf233a3333ad724ddd598ead62675623850b4a7722c398a21ecf1f667e3bb1
.exe windows x86

356138d43be2cf798fae533c19229d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
GlobalFree
GetModuleHandleA
GetCurrentProcessId
ResumeThread
WaitForMultipleObjects
ExitThread
CreateSemaphoreW
ReleaseSemaphore
SetEvent
DeleteCriticalSection
lstrcmpiW
lstrcmpW
MulDiv
InitializeCriticalSection
LoadLibraryExW
GetShortPathNameW
FileTimeToSystemTime
UnmapViewOfFile
GetFileSize
GetThreadLocale
LCMapStringA
LocalAlloc
FreeResource
WriteProcessMemory
IsWow64Process
VirtualAllocEx
GlobalUnlock
TerminateProcess
GetVersionExW
ReadProcessMemory
VirtualFreeEx
GlobalAlloc
GlobalLock
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
ResetEvent
lstrlenW
GetModuleHandleW
CreateThread
InterlockedCompareExchange
IsProcessorFeaturePresent
SetFileAttributesW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetFileAttributesW
OpenProcess
WaitForSingleObject
FindFirstFileW
GetProcAddress
GetTickCount
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
GetCurrentThreadId
EnterCriticalSection
SetLastError
RaiseException
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
WideCharToMultiByte
DeleteFileW
CloseHandle
GetLastError
WritePrivateProfileStringW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
CopyFileW
Sleep
LoadLibraryW
WriteFile
GetPrivateProfileStringW
CreateDirectoryW
SetUnhandledExceptionFilter
FreeLibrary
CreateMutexW
GetCommandLineW
ExitProcess
LockResource
SizeofResource
LoadResource
FreeEnvironmentStringsW
FindResourceW

user32

IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
GetMenu
OffsetRect
SystemParametersInfoA
MapVirtualKeyW
GetKeyNameTextW
GetMenuItemID
GetMenuItemCount
IntersectRect
GetActiveWindow
MapDialogRect
CreateDialogIndirectParamW
WindowFromPoint
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
EndPaint
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
UnregisterClassW
GetFocus
GetParent
InvalidateRgn
CreateAcceleratorTableW
SetFocus
BeginPaint
InflateRect
GetWindowTextW
GetDlgItem
RedrawWindow
GetSysColor
GetWindowPlacement
SetWindowTextW
GetDesktopWindow
FindWindowExW
GetWindowThreadProcessId
wsprintfW
ScreenToClient
GetClientRect
SystemParametersInfoW
CopyRect
SetWindowRgn
SetRectEmpty
TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
UpdateLayeredWindow
SetWindowContextHelpId
IsIconic
LoadImageW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
CopyAcceleratorTableW
SetActiveWindow
GetSysColorBrush
KillTimer
GetSubMenu
SetForegroundWindow
GetDC
LoadIconW
CharUpperW
RegisterClipboardFormatW
GetMessageW
GetNextDlgTabItem
ValidateRect
SetRect
LoadMenuW
ReleaseDC
MessageBoxW
GetSystemMetrics
IsWindowVisible
CheckMenuItem
MoveWindow
PostMessageW
SetParent
SetTimer
GetWindowRect
MonitorFromPoint
TrackPopupMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
AppendMenuW
GetClassNameW
SetWindowPos
GetCursorPos
CreatePopupMenu
CreateWindowExW
EqualRect
ReleaseCapture
DestroyMenu
GetMonitorInfoW
GetWindow
DestroyWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
ShowWindow
IsWindow
UpdateWindow
CallWindowProcW
DefWindowProcW
PtInRect
InvalidateRect
SendMessageW
EnableWindow
UnregisterHotKey
RegisterHotKey
GetLastActivePopup
UnregisterClassA

gdi32

RectVisible
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
DPtoLP
CreateCompatibleBitmap
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectW
GetStockObject
CreateSolidBrush
CreateRoundRectRgn
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
TextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
AdjustTokenPrivileges
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW
PathRenameExtensionW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
CoTaskMemRealloc
OleLockRunning
CoTaskMemFree
CoFreeUnusedLibraries
CLSIDFromProgID
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
VariantChangeType
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarUI4FromStr
LoadRegTypeLi
VariantCopy

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetQueryDataAvailable

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDrawImageRectRectI
GdipSetTextRenderingHint
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipCreateFont
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDeletePen
GdipFillRectangle
GdipDrawLineI
GdipDrawImageRectI
GdipDrawImageRectRect
GdipCreatePen1

psapi

EmptyWorkingSet
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilOidNCmp

sensapi

IsNetworkAlive

ws2_32

WSAGetLastError
htons
recv
socket
__WSAFDIsSet
select
gethostbyname
send
connect
WSAStartup
closesocket

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

356138d43be2cf798fae533c19229d83

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

snmpapi

sensapi

ws2_32

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 60KB - Virtual size: 60KB