da1b7c5c0b1656b48944a5e3f85c9f993e1a7025f78a05d8a16a0ce5daf52e45

Sharing

Copy URL Twitter E-mail

General

Target

da1b7c5c0b1656b48944a5e3f85c9f993e1a7025f78a05d8a16a0ce5daf52e45
Size

754KB
MD5

b9ef9cf1b1f9d21669ce94d38cb74d61
SHA1

ad26c388dadd824668be7357cc5b3c8f8f42614d
SHA256

da1b7c5c0b1656b48944a5e3f85c9f993e1a7025f78a05d8a16a0ce5daf52e45
SHA512

ac7b3da0673e8ad2b63d82fbf1f060a8d0e88bbc130529f34faf1e5a8449fa05dc2508e3a9c87f99a705becdee6f588d803787f2a498e87ab05b37365ab39c70
SSDEEP

12288:evRpX5KVI9rdpnSSq/az2IswYMrpFY+S4fU:aRpaI9dFx2lwprpFW

Score

1^/10

Malware Config

Signatures

Files

da1b7c5c0b1656b48944a5e3f85c9f993e1a7025f78a05d8a16a0ce5daf52e45
.exe windows x86

870d9c2a9695f206731b3e19392049a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
CloseHandle
DeviceIoControl
CreateFileW
GetCurrentProcessId
CreateProcessW
CreateDirectoryW
GetProcAddress
ReadFile
GetFileSize
WideCharToMultiByte
GetVersionExW
LoadLibraryW
WriteFile
GetLocalTime
DeleteFileW
CopyFileW
SetFilePointer
FlushFileBuffers
GetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetTickCount
SetFileAttributesW
lstrlenA
InterlockedCompareExchange
MapViewOfFile
CreateFileMappingW
CreateMutexW
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
Sleep
SetLastError
FlushInstructionCache
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
DeleteCriticalSection
GetCurrentThreadId
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
GetStartupInfoW
RtlUnwind
RaiseException
SetUnhandledExceptionFilter
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
GetCurrentProcess
TerminateProcess
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
TlsAlloc
FindAtomW
DeleteAtom

user32

DestroyWindow
UnregisterClassA
CharNextW
wsprintfW
SendMessageTimeoutW
FindWindowW
DefWindowProcW
SetForegroundWindow
LoadCursorW
RegisterClassExW
PostQuitMessage
GetClassInfoExW
SetWindowPos
KillTimer
SetTimer
MoveWindow
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
CreateWindowExW
SendMessageW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
SHGetValueW
PathAppendW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

sjkiw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uqiwh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vqnpn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sveru
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kknkd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pbjdj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vjwvq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pluox
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mnghf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

erecm
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

riuxt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xqirb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

psvlik
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ifogpl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fkrbvl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eknuem
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hmwqln
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jugkrn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vsjiao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

msvehp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

knwxop
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fajruq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xonndr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ffmikr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tqghrs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kfwobt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ehfwju
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sjaqqu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rxjmwv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mppifw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xctemw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewvctx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

txquca
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sehfkb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rxxjrb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

riifac
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tjpbhd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jpnwod
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jpnwve
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qniref
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ehrqlf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

imnnsg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wxqqbh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lueoii
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bewqqi
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vefkbj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rucol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

870d9c2a9695f206731b3e19392049a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wintrust

crypt32

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 10KB - Virtual size: 28KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 16KB - Virtual size: 15KB

sjkiw Size: 4KB - Virtual size: 4KB

uqiwh Size: 4KB - Virtual size: 4KB

vqnpn Size: 4KB - Virtual size: 4KB

sveru Size: 4KB - Virtual size: 4KB

kknkd Size: 4KB - Virtual size: 4KB

pbjdj Size: 4KB - Virtual size: 4KB

vjwvq Size: 4KB - Virtual size: 4KB

pluox Size: 4KB - Virtual size: 4KB

mnghf Size: 4KB - Virtual size: 4KB

erecm Size: 4KB - Virtual size: 4KB

riuxt Size: 4KB - Virtual size: 4KB

xqirb Size: 4KB - Virtual size: 4KB

psvlik Size: 4KB - Virtual size: 4KB

ifogpl Size: 4KB - Virtual size: 4KB

fkrbvl Size: 4KB - Virtual size: 4KB

eknuem Size: 4KB - Virtual size: 4KB

hmwqln Size: 4KB - Virtual size: 4KB

jugkrn Size: 4KB - Virtual size: 4KB

vsjiao Size: 4KB - Virtual size: 4KB

msvehp Size: 4KB - Virtual size: 4KB

knwxop Size: 4KB - Virtual size: 4KB

fajruq Size: 4KB - Virtual size: 4KB

xonndr Size: 4KB - Virtual size: 4KB

ffmikr Size: 4KB - Virtual size: 4KB

tqghrs Size: 4KB - Virtual size: 4KB

kfwobt Size: 4KB - Virtual size: 4KB

ehfwju Size: 4KB - Virtual size: 4KB

sjaqqu Size: 4KB - Virtual size: 4KB

rxjmwv Size: 4KB - Virtual size: 4KB

mppifw Size: 4KB - Virtual size: 4KB

xctemw Size: 4KB - Virtual size: 4KB

ewvctx Size: 4KB - Virtual size: 4KB

txquca Size: 4KB - Virtual size: 4KB

sehfkb Size: 4KB - Virtual size: 4KB

rxxjrb Size: 4KB - Virtual size: 4KB

riifac Size: 4KB - Virtual size: 4KB

tjpbhd Size: 4KB - Virtual size: 4KB

jpnwod Size: 4KB - Virtual size: 4KB

jpnwve Size: 4KB - Virtual size: 4KB

qniref Size: 4KB - Virtual size: 4KB

ehrqlf Size: 4KB - Virtual size: 4KB

imnnsg Size: 4KB - Virtual size: 4KB

wxqqbh Size: 4KB - Virtual size: 4KB

lueoii Size: 4KB - Virtual size: 4KB

bewqqi Size: 4KB - Virtual size: 4KB

vefkbj Size: 4KB - Virtual size: 4KB

rucol Size: 4KB - Virtual size: 4KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 10KB - Virtual size: 28KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 16KB - Virtual size: 15KB

sjkiw
Size: 4KB - Virtual size: 4KB

uqiwh
Size: 4KB - Virtual size: 4KB

vqnpn
Size: 4KB - Virtual size: 4KB

sveru
Size: 4KB - Virtual size: 4KB

kknkd
Size: 4KB - Virtual size: 4KB

pbjdj
Size: 4KB - Virtual size: 4KB

vjwvq
Size: 4KB - Virtual size: 4KB

pluox
Size: 4KB - Virtual size: 4KB

mnghf
Size: 4KB - Virtual size: 4KB

erecm
Size: 4KB - Virtual size: 4KB

riuxt
Size: 4KB - Virtual size: 4KB

xqirb
Size: 4KB - Virtual size: 4KB

psvlik
Size: 4KB - Virtual size: 4KB

ifogpl
Size: 4KB - Virtual size: 4KB

fkrbvl
Size: 4KB - Virtual size: 4KB

eknuem
Size: 4KB - Virtual size: 4KB

hmwqln
Size: 4KB - Virtual size: 4KB

jugkrn
Size: 4KB - Virtual size: 4KB

vsjiao
Size: 4KB - Virtual size: 4KB

msvehp
Size: 4KB - Virtual size: 4KB

knwxop
Size: 4KB - Virtual size: 4KB

fajruq
Size: 4KB - Virtual size: 4KB

xonndr
Size: 4KB - Virtual size: 4KB

ffmikr
Size: 4KB - Virtual size: 4KB

tqghrs
Size: 4KB - Virtual size: 4KB

kfwobt
Size: 4KB - Virtual size: 4KB

ehfwju
Size: 4KB - Virtual size: 4KB

sjaqqu
Size: 4KB - Virtual size: 4KB

rxjmwv
Size: 4KB - Virtual size: 4KB

mppifw
Size: 4KB - Virtual size: 4KB

xctemw
Size: 4KB - Virtual size: 4KB

ewvctx
Size: 4KB - Virtual size: 4KB

txquca
Size: 4KB - Virtual size: 4KB

sehfkb
Size: 4KB - Virtual size: 4KB

rxxjrb
Size: 4KB - Virtual size: 4KB

riifac
Size: 4KB - Virtual size: 4KB

tjpbhd
Size: 4KB - Virtual size: 4KB

jpnwod
Size: 4KB - Virtual size: 4KB

jpnwve
Size: 4KB - Virtual size: 4KB

qniref
Size: 4KB - Virtual size: 4KB

ehrqlf
Size: 4KB - Virtual size: 4KB

imnnsg
Size: 4KB - Virtual size: 4KB

wxqqbh
Size: 4KB - Virtual size: 4KB

lueoii
Size: 4KB - Virtual size: 4KB

bewqqi
Size: 4KB - Virtual size: 4KB

vefkbj
Size: 4KB - Virtual size: 4KB

rucol
Size: 4KB - Virtual size: 4KB