403423519a6a286df2d919dbedc275a70d70a4e925547124efc9fa725fd85817

Sharing

Copy URL

Twitter E-mail

General

Target

403423519a6a286df2d919dbedc275a70d70a4e925547124efc9fa725fd85817
Size

2.2MB
MD5

18caf71c3fc4d3762bc6042ca4cc97cc
SHA1

de56a6f23b5f26fd777ad71cdb2eade2d07af071
SHA256

403423519a6a286df2d919dbedc275a70d70a4e925547124efc9fa725fd85817
SHA512

6fb4e4c55826825a3d83b88849a34256d4e3e5db3ac4dbf04ec5edec48bc9bf2ad35f7e0a99c81d38720a41dd920371f0c5a4ec25ed1f8b7c355dc5c4d638055
SSDEEP

49152:YzOWDxV0jh24agjk+l7DmUwKz/ZoUj8Rs/ECCO3PT3Q858O:sDv0NsakCDmUwg/iUjf/353PL

Score

1^/10

Malware Config

Signatures

Files

403423519a6a286df2d919dbedc275a70d70a4e925547124efc9fa725fd85817
.exe windows x86

f2913a2871694eb0bb1e84bb5df1c103

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrPBrkW
StrCmpIW
PathMatchSpecW
StrStrIW
wnsprintfW
StrToIntExW
StrCpyNW
StrCmpNW
StrStrW
StrRChrW
StrChrW
StrCmpNIA
StrCmpNIW

kernel32

WriteFile
LoadLibraryExW
CreateEventW
SetNamedPipeHandleState
CreateNamedPipeA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer
DuplicateHandle
CreatePipe
ReadProcessMemory
GetVersion
GetCommandLineW
lstrcmpA
LocalFree
GetVersionExW
CreateMutexA
ReleaseMutex
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
GetModuleHandleW
WriteConsoleW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
SetCurrentDirectoryW
GetCurrentDirectoryW
WinExec
WriteProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
FormatMessageA
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
CopyFileW
RemoveDirectoryW
MoveFileW
GetProcessTimes
SetSystemPowerState
SetEndOfFile
GetLogicalDrives
FormatMessageW
GetCurrentThreadId
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
SetFilePointerEx
GetSystemTimeAsFileTime
DefineDosDeviceW
CreateMutexW
VirtualAlloc
SleepEx
QueryDosDeviceW
OpenThread
WaitNamedPipeW
GlobalMemoryStatus
InterlockedExchange
GetACP
GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameW
SystemTimeToFileTime
ResetEvent
SetEvent
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetDiskFreeSpaceW
lstrcmpiA
lstrcpyA
lstrcpynA
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
GetTempPathW
LCMapStringA
SetVolumeMountPointW
GetFileSize
EnumResourceNamesW
OpenEventW
OpenFileMappingW
LCMapStringW
SetVolumeLabelW
CreateHardLinkW
FindFirstFileW
GetLongPathNameW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
GetTimeZoneInformation
SetThreadPriority
TryEnterCriticalSection
TerminateThread
WaitForMultipleObjects
GlobalDeleteAtom
Beep
VirtualQueryEx
GetThreadContext
SetThreadContext
VirtualProtectEx
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
MultiByteToWideChar
GetSystemInfo
VirtualQuery
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetVersionExA
RtlUnwind
GetProcessId
ConnectNamedPipe
GetOverlappedResult
LoadLibraryW
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetExitCodeProcess
TerminateJobObject
ExitProcess
lstrcatA
CreateDirectoryW
FindNextFileW
FlushFileBuffers
FindFirstVolumeW
CreateFileW
DeviceIoControl
IsBadCodePtr
FindNextVolumeW
CompareStringA
CompareStringW
FindVolumeClose
OpenProcess
GetProcessAffinityMask
GetModuleHandleA
GetProcessHeap
HeapFree
GetModuleFileNameW
SearchPathW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateProcessW
WaitForSingleObject
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
CreateThread
Sleep
GetLastError
GetEnvironmentVariableW
GetCurrentProcessId
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindClose
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
FileTimeToSystemTime
IsBadReadPtr

user32

DrawIconEx
DrawEdge
GetFocus
GetActiveWindow
CreateDialogParamW
FindWindowExW
EnumWindows
UpdateWindow
IsChild
SetCapture
ReleaseCapture
ShowCursor
DrawIcon
SetScrollInfo
ScrollWindow
SetMenu
CreateMenu
LoadBitmapW
SetWindowRgn
CreateIconFromResource
FindWindowW
WindowFromPoint
ChildWindowFromPointEx
CopyImage
DestroyCursor
LoadStringA
GetClipboardData
CharUpperA
IsWindowVisible
GetWindowInfo
IsWindowEnabled
CreateIconFromResourceEx
PtInRect
LoadImageW
GetClassNameW
MessageBoxW
IsRectEmpty
EnumChildWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
FindWindowExA
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
IsDialogMessageW
GetSysColor
DestroyIcon
LoadCursorW
SetCursor
RegisterWindowMessageW
SetFocus
SetScrollPos
GetScrollInfo
GetWindowDC
IsIconic
GetMessageW
RegisterClassExW
DialogBoxParamW
DefWindowProcW
LoadMenuW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
SetLayeredWindowAttributes
GetDlgItemTextW
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
GetMenu
GetMenuItemCount
EndDialog
GetSubMenu
GetMenuItemID
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
LockWorkStation
mouse_event
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
InvalidateRect
CharToOemA
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
ExitWindowsEx
SendMessageTimeoutW
MsgWaitForMultipleObjects
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
OpenDesktopW
SetThreadDesktop
SwitchDesktop
CloseDesktop
LoadStringW
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
wsprintfA
WaitForInputIdle
AppendMenuW
MessageBoxA
FindWindowA
GetLastInputInfo
PeekMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
GetSystemMenu
EnableMenuItem
GetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
KillTimer
SetTimer
SendMessageW
PostMessageW
CharUpperW

gdi32

CreateDCA
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
BitBlt
CreateSolidBrush
AddFontResourceW
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetDIBits
Polyline
GetTextMetricsW
Rectangle
CreateBitmap
CreatePen
Ellipse
CreateEllipticRgn
SetBkColor
ExtTextOutW
GetBkColor
CreateFontW
CreateRectRgn
GetPixel
CombineRgn
GetObjectW
SelectPalette
RealizePalette
DeleteObject

advapi32

OpenProcessToken
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
SetServiceStatus
FreeSid
CreateRestrictedToken
AllocateAndInitializeSid
GetTokenInformation
CreateProcessWithLogonW
CreateProcessAsUserW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetNamedSecurityInfoW
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CheckTokenMembership
AbortSystemShutdownW

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
DragAcceptFiles
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiClassNameFromGuidA
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiGetDeviceInstanceIdW
SetupDiClassNameFromGuidW
SetupDiChangeState

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.text
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

flag_dat
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2913a2871694eb0bb1e84bb5df1c103

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.text Size: 596KB - Virtual size: 596KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 7KB - Virtual size: 17KB

flag_dat Size: 512B - Virtual size: 19B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 596KB - Virtual size: 596KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 7KB - Virtual size: 17KB

flag_dat
Size: 512B - Virtual size: 19B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB