18fbac5e7f4f04ad336112d890660b46447c27ef70d149c6ebd205adf5517967

Sharing

Copy URL Twitter E-mail

General

Target

18fbac5e7f4f04ad336112d890660b46447c27ef70d149c6ebd205adf5517967
Size

4.0MB
MD5

ee2b001b0c122bbb7c9fb88a4f493ebc
SHA1

168ad74e695d8d4eb347663c9943d71e66a275ef
SHA256

18fbac5e7f4f04ad336112d890660b46447c27ef70d149c6ebd205adf5517967
SHA512

000f9100fa1f6bbc2102ecca4e3ad8773e4b7d781a558dff1b2270c57130ad2bde646fa9402e73c3b776a234085cf32f111f6d7c6a466547afca67fa2cecbb4b
SSDEEP

49152:oroyzN4pCnElbTNxDkRxY3zCmiQr3AeNEJq+HdF2KP/hRspbjkj0jkb:QzCT3DkyzCmiG3A4+q+Haghaq6+

Score

1^/10

Malware Config

Signatures

Files

18fbac5e7f4f04ad336112d890660b46447c27ef70d149c6ebd205adf5517967
.exe windows x86

1dea672b4f96b47b4ee3ea00ded57af4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
GetSystemDirectoryW
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
CreateEventA
CreateSemaphoreA
ReadConsoleA
SetConsoleMode
SwitchToFiber
DeleteFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GetEnvironmentVariableW
GetVersionExW
GetFullPathNameW
Sleep
ReleaseMutex
GlobalDeleteAtom
GlobalAddAtomW
GetCommandLineW
LocalFree
LocalAlloc
DecodePointer
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
CreateMutexW
SetUnhandledExceptionFilter
FreeResource
ExitProcess
GetCurrentProcess
GetModuleFileNameA
CreateThread
GetNativeSystemInfo
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MultiByteToWideChar
GetCurrentProcessId
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualProtect
GetModuleHandleA
ResetEvent
TerminateThread
GetExitCodeThread
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetWindowsDirectoryW
FreeLibrary
CloseHandle
GetProcAddress
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
LoadLibraryW
OpenProcess
lstrlenW
QueryDosDeviceW
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetFileAttributesExW
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
lstrcmpiW
GetLogicalDriveStringsW
IsValidCodePage
FindFirstFileExW
SwitchToThread
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
FormatMessageW
GetStringTypeW
DuplicateHandle
GetCurrentThread
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetACP
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
GlobalAlloc
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GetLocalTime
lstrcpynW
lstrcpyW
GlobalFree
CreateProcessW
GetDriveTypeW
GetTempPathW
VirtualQuery
MoveFileW
InitializeCriticalSection
CreateFileA
MoveFileExW
DeviceIoControl
GetSystemDirectoryA
RtlUnwind
InterlockedFlushSList
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

SetCapture
ReleaseCapture
GetUpdateRect
GetSysColor
CharPrevW
DrawTextW
FillRect
wsprintfW
UpdateWindow
PrivateExtractIconsW
DrawIconEx
UpdateLayeredWindow
GetWindowRgn
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
RegisterClassW
SetPropW
GetPropW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetKeyState
GetFocus
GetActiveWindow
GetMessageW
SetFocus
IsWindowVisible
GetWindowRect
GetWindowThreadProcessId
PostMessageW
TranslateMessage
DispatchMessageW
InflateRect
GetParent
PostQuitMessage
ReleaseDC
GetDC
PrintWindow
EndPaint
BeginPaint
SystemParametersInfoW
GetAsyncKeyState
EnumWindows
UnregisterHotKey
RegisterHotKey
DestroyIcon
LoadImageW
UnregisterClassW
KillTimer
InvalidateRect
BringWindowToTop
RegisterWindowMessageW
SendMessageW
SetForegroundWindow
FindWindowW
GetDesktopWindow
GetClassNameW
PtInRect
EqualRect
IsRectEmpty
MoveWindow
DestroyWindow
ClientToScreen
SetTimer
SetWindowRgn
IsIconic
ScreenToClient
OffsetRect
CopyRect
IsZoomed
CallWindowProcW
SetWindowLongW
DefWindowProcW
IsChild
SetCursor
LoadCursorW
MessageBoxA
IntersectRect
CharNextW
GetSystemMetrics
RegisterClassExW
ShowWindow
GetWindow
GetWindowLongW
GetClientRect
MapWindowPoints
SetWindowPos
GetClassInfoExW
CreateWindowExW
UnionRect
SetRectEmpty
MonitorFromWindow
MonitorFromPoint
MonitorFromRect
EnumDisplayMonitors
EnumDisplaySettingsW
PeekMessageW
IsWindow
EnableWindow
SetRect
GetMonitorInfoW
GetCursorPos

gdi32

TextOutW
GdiFlush
CreateRectRgn
PtInRegion
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
MoveToEx
GetObjectA
SetTextColor
GetTextExtentPoint32W
GetClipBox
SetStretchBltMode
CreateSolidBrush
CreateDIBSection
CreatePenIndirect
CombineRgn
SetWindowOrgEx
SetBkColor
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
SetBitmapBits
RemoveFontMemResourceEx
CreateCompatibleBitmap
StretchBlt
SetBkMode
GetObjectW
ExtSelectClipRgn
SelectClipRgn
LineTo
DeleteDC
DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
GetCharABCWidthsW
CreateRoundRectRgn
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateRectRgnIndirect
GetTextMetricsW

advapi32

ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
DoDragDrop
OleDuplicateData
CreateStreamOnHGlobal
ReleaseStgMedium
CLSIDFromString
CoTaskMemAlloc
CoCreateInstance
CLSIDFromProgID
OleLockRunning

oleaut32

SysAllocString
VariantClear
VariantInit
VarUI4FromStr
SysFreeString

shlwapi

PathCombineW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
PathIsSameRootW
SHDeleteKeyW
PathFileExistsW

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertGetNameStringA
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CertDuplicateCertificateContext
CertOpenStore
CertGetCertificateContextProperty

gdiplus

GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipGetPropertyItemSize
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipImageSelectActiveFrame
GdipDrawRectangleI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCloneBitmapAreaI
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipGetPropertyItem
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

msi

ord70

dbghelp

MiniDumpWriteDump

psapi

EnumProcesses
GetProcessImageFileNameW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

urlmon

ObtainUserAgentString
URLDownloadToFileW

ws2_32

WSAIoctl
WSASetLastError
accept
setsockopt
ntohs
htons
getsockopt
htonl
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAStartup
WSAEnumNetworkEvents
WSACleanup
gethostname
gethostbyname
WSAEventSelect
recvfrom
sendto
shutdown
getsockname
getnameinfo
socket

wldap32

ord46
ord219
ord145
ord41
ord117
ord26
ord301
ord208
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord14
ord216

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dea672b4f96b47b4ee3ea00ded57af4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

crypt32

gdiplus

imm32

msi

dbghelp

psapi

version

urlmon

ws2_32

wldap32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 642KB - Virtual size: 641KB

.data Size: 59KB - Virtual size: 95KB

.rsrc Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 136KB - Virtual size: 136KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 642KB - Virtual size: 641KB

.data
Size: 59KB - Virtual size: 95KB

.rsrc
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 136KB - Virtual size: 136KB