6fad6184e4c29ed8deb9e7d065489af4057571d2d08353d18440e16abc5391b5

Sharing

Copy URL Twitter E-mail

General

Target

6fad6184e4c29ed8deb9e7d065489af4057571d2d08353d18440e16abc5391b5
Size

895KB
MD5

0937403ed078c5cddec679857705c1f0
SHA1

48348a6aa3dd5c48b6e0e5b4b436cd650ca5c058
SHA256

6fad6184e4c29ed8deb9e7d065489af4057571d2d08353d18440e16abc5391b5
SHA512

de90926910137022af61d092740ceccd7b0283599ef67ccae08af91f769d8392ad37b0bcaf9495702c4831c054aa693594a33d97ef0f707e88c771d5405b1b00
SSDEEP

12288:W3l7C58ESJQ+y53METPGhnE4UfNYNcNvNTN0TNToTIDpjqYrjrkn4Z+2PtQi0Ub:W3lY+y5+/Fj5cn4Z+2Pt0RGhZq/YYtf

Score

1^/10

Malware Config

Signatures

Files

6fad6184e4c29ed8deb9e7d065489af4057571d2d08353d18440e16abc5391b5
.exe windows x86

cfa319da0a181fc92392eb2191af80dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetIntendedKeyUsage
CryptProtectData
CertOpenStore
CertNameToStrA
CertCompareIntegerBlob
CryptSignMessage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_slist_append
curl_easy_init

kernel32

GetTempFileNameW
GetTempPathW
CreateProcessW
lstrcpyA
WaitForSingleObject
GetDriveTypeW
GetVolumeInformationW
GetModuleFileNameA
lstrlenW
GetVersionExA
GlobalMemoryStatus
GetVersion
PostQueuedCompletionStatus
CreateSemaphoreA
CreateIoCompletionPort
GetQueuedCompletionStatus
ReleaseSemaphore
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
GetSystemInfo
MapViewOfFile
CreateThread
CreateFileMappingA
FormatMessageA
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetExitCodeProcess
LoadLibraryW
LocalAlloc
LocalFree
CopyFileA
GetTempPathA
CreateFileA
WriteFile
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
lstrlenA
CreateProcessA
MultiByteToWideChar
DeleteFileW
Sleep
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcess
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetTickCount
GlobalAlloc
GlobalFree
MulDiv
GetLastError
GlobalLock
GlobalUnlock
UnmapViewOfFile
WideCharToMultiByte
HeapReAlloc
GetLocaleInfoW
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
SetStdHandle
GetModuleFileNameW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetFileAttributesA
HeapCreate
ExitProcess
ResumeThread
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcAddress
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
ExitThread

user32

SendMessageA
FindWindowA
RegisterClassA
CreateWindowExA
MessageBoxA
GetWindowTextW
GetClassNameW
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
SetWindowTextW
EnumDesktopWindows
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfA
GetSystemMetrics
wsprintfW
DispatchMessageA
MessageBoxW
DefWindowProcA
TrackPopupMenu
EnableMenuItem
SetForegroundWindow
GetCursorPos
AppendMenuA
CreatePopupMenu
LoadIconA
PostQuitMessage
RegisterWindowMessageA

gdi32

GetStockObject
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
TextOutA
EndDoc
DeleteDC
EndPage
StartPage
StartDocA
GetDeviceCaps
ResetDCA
CreateDCA

winspool.drv

DeviceCapabilitiesA
EnumPrintersA

comdlg32

PrintDlgA
GetOpenFileNameA

advapi32

RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
CryptGenRandom
CryptAcquireContextA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

Shell_NotifyIconA

ws2_32

WSAStartup
WSACleanup
send
recv
shutdown
getnameinfo
WSASetLastError
WSAGetLastError
bind
setsockopt
getsockopt
listen
ioctlsocket
WSASend
WSARecv
select
closesocket
connect
socket
ntohs
getservbyname
getprotobynumber
freeaddrinfo
getaddrinfo
htons
accept
getsockname
htonl
WSAIoctl
getpeername
WSAGetOverlappedResult
ntohl

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

libfpdev_zz

FPIDetectFinger
FPIGetFeature

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfa319da0a181fc92392eb2191af80dd

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

libcurl

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

version

libfpdev_zz

Sections

.text Size: 587KB - Virtual size: 587KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 106KB - Virtual size: 118KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 587KB - Virtual size: 587KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 106KB - Virtual size: 118KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 44KB - Virtual size: 44KB