171894e63acff63cfb999967ff1511724934610e00f0e3f64835b68ae3207b6f

Sharing

Copy URL

Twitter E-mail

General

Target

171894e63acff63cfb999967ff1511724934610e00f0e3f64835b68ae3207b6f
Size

3.7MB
MD5

5364f31703782a967c6b07750947f760
SHA1

2d6cd8a669f573d8115051c202d1cc6e1740cade
SHA256

171894e63acff63cfb999967ff1511724934610e00f0e3f64835b68ae3207b6f
SHA512

48573d781f0adad740fececc82b4a8eccab0a8ee33052e7729d84eaf54d0c38fa0389267b6b8dc599307f1832e6ca83cf136664c3481510dc7ce25749c9b0292
SSDEEP

98304:llGCyQENE1mu660KDCrfbwCpZEQ3ph6UHIcJ/xc0C:TGCyQEWntCrfsWp0HcJp3C

Score

1^/10

Malware Config

Signatures

Files

171894e63acff63cfb999967ff1511724934610e00f0e3f64835b68ae3207b6f
.exe windows x86

2a75c86b22654ec4547a7b204f1d40bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wldap32

ord33
ord200
ord79
ord35
ord301
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord27
ord41
ord46
ord32

kernel32

InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
InterlockedIncrement
GetThreadLocale
InterlockedDecrement
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileTime
GlobalFlags
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringW
lstrlenA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
FindFirstFileA
ExitProcess
GetSystemTimeAsFileTime
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeW
CreateDirectoryA
RemoveDirectoryW
HeapReAlloc
ExitThread
GetDriveTypeA
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
GetFullPathNameA
GetLocaleInfoA
CreateFileA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalAlloc
MulDiv
lstrlenW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
FormatMessageA
ExpandEnvironmentStringsA
GetTickCount
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
SetLastError
SleepEx
GetExitCodeThread
TerminateThread
CreateThread
GetCurrentThreadId
GetModuleFileNameA
VirtualFree
VirtualProtectEx
WriteProcessMemory
SetThreadContext
ResumeThread
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
LoadLibraryA
FreeLibrary
VirtualAlloc
GetModuleHandleA
LoadLibraryW
FindNextFileW
GetFileInformationByHandle
GetFileSize
FileTimeToSystemTime
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
ReadFile
CreateFileW
DuplicateHandle
GetFileType
SetFilePointer
OutputDebugStringW
MoveFileExW
GetSystemTime
FindFirstFileW
FindClose
Sleep
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetLastError
FormatMessageW
LocalFree
GetVersionExW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetThreadLocale
GetCommandLineW
CopyFileW
GetStartupInfoW
CreateProcessW
GetLocalTime
GetCurrentDirectoryA
WideCharToMultiByte
GetCurrentProcessId
OpenProcess
WaitForSingleObject
TerminateProcess
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetFullPathNameW

user32

ReleaseCapture
CharUpperW
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
CharNextW
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageW
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UnregisterClassA
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetCapture
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EnumDisplaySettingsW
SystemParametersInfoW
GetWindowTextW
DrawTextW
OffsetRect
CopyRect
GetUpdateRect
FrameRect
IsRectEmpty
IsWindow
SetWindowRgn
GetWindowLongW
SetWindowLongW
RedrawWindow
InflateRect
LoadImageW
GetParent
wsprintfW
GetActiveWindow
PeekMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
DestroyMenu
GetSysColorBrush
MessageBoxW
LoadIconW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
SetFocus
GetDC
SendMessageW
KillTimer
InvalidateRect
GetClientRect
GetWindowRect
IsIconic
DrawIcon
LoadBitmapW
LoadCursorW
FindWindowW
GetWindowThreadProcessId
EnableWindow
PostMessageW
RegisterWindowMessageW

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
ExtTextOutW
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetBkColor
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleBitmap
GetPixel
CombineRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
GetObjectW
StretchBlt
SelectObject
CreateBitmap
DeleteObject
BitBlt
CreateCompatibleDC
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoTaskMemFree

oleaut32

SysFreeString
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

iphlpapi

GetAdaptersInfo

ws2_32

ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
gethostname
getservbyname
htonl
inet_ntoa
gethostbyname
WSACleanup
WSAStartup
inet_addr
WSASetLastError
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a75c86b22654ec4547a7b204f1d40bd

Headers

File Characteristics

Imports

version

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

ws2_32

Sections

.text Size: 547KB - Virtual size: 547KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 13KB - Virtual size: 42KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.text
Size: 547KB - Virtual size: 547KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 13KB - Virtual size: 42KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.0MB - Virtual size: 3.0MB