2c41f943338e180561280cc544d5462de702db0816bc26c83ce64cf40523ecdb[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2c41f943338e180561280cc544d5462de702db0816bc26c83ce64cf40523ecdb.exe
Size

430KB
MD5

900f2e1afb94aacc1c442d9014bea32e
SHA1

4939ffe3f3da3f1b3ac80032603002e801a6abec
SHA256

2c41f943338e180561280cc544d5462de702db0816bc26c83ce64cf40523ecdb
SHA512

be856154ddb9674bce1ff4462f529b2812d09a2ef2df9529458ea01f9ee7c03cf9b91154c9681fb0f4786dc426b7213fef2672e860ae480e5bfc5ca87c088ad6
SSDEEP

6144:kOmT9+the8+a+aNLWmgKa9o1aeI/YW1czhiJ:w90+aNPVaG1BI/YW1QiJ

Score

1^/10

Malware Config

Signatures

Files

2c41f943338e180561280cc544d5462de702db0816bc26c83ce64cf40523ecdb.exe
.exe windows x86

ae913bb19a4c98bab8f1fc3d92714e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
FlushViewOfFile
OpenFileMappingW
GetModuleHandleW
LoadLibraryA
FreeLibrary
GetFileAttributesW
DeleteFileW
OpenProcess
VirtualProtect
GetCommandLineW
CreateProcessW
VirtualFree
ExitProcess
InitializeCriticalSectionAndSpinCount
TerminateProcess
RaiseException
DecodePointer
SetFileAttributesW
IsBadReadPtr
WideCharToMultiByte
LocalFree
CreateMutexW
ReleaseMutex
MultiByteToWideChar
GetComputerNameW
GetVersionExW
GetModuleHandleA
GetVolumeInformationW
CreateThread
GetNativeSystemInfo
SetLastError
VirtualAlloc
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetDriveTypeW
GetLogicalDriveStringsW
GetTickCount
ProcessIdToSessionId
GetStdHandle
DisableThreadLibraryCalls
CreateEventW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LeaveCriticalSection
Sleep
GetSystemTimeAsFileTime
WaitForSingleObject
OutputDebugStringW
lstrcatA
GetTempPathW
lstrlenW
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetTempFileNameW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileMappingW
GetFileSizeEx
CreateFileW
UnmapViewOfFile
MapViewOfFile
lstrcpynW
CloseHandle
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
GetSystemInfo
Process32FirstW
SetErrorMode
CheckRemoteDebuggerPresent
GetProcAddress
LoadLibraryW
GetCurrentThread
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
GetTimeZoneInformation
LoadLibraryExW
GetDiskFreeSpaceExW
GetCurrentProcess
GetThreadContext
GlobalMemoryStatusEx
HeapReAlloc
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW

user32

FindWindowW
GetSystemMetrics
wsprintfW

advapi32

CryptDeriveKey
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
CryptGetHashParam
RegOpenKeyW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptAcquireContextW

shell32

ord680
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

iphlpapi

GetAdaptersAddresses

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpSendRequest

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
SHSetValueW
wvnsprintfW
SHGetValueW

urlmon

URLDownloadToCacheFileW

pdh

PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllMain
Reg
dllstart

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae913bb19a4c98bab8f1fc3d92714e7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

psapi

winhttp

shlwapi

urlmon

pdh

setupapi

version

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 127KB - Virtual size: 137KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 127KB - Virtual size: 137KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 10KB - Virtual size: 10KB