e925cab9bf1314c034491f84c9442f9e1e0395265ab75600d246904784fdabfe

Sharing

Copy URL

Twitter E-mail

General

Target

e925cab9bf1314c034491f84c9442f9e1e0395265ab75600d246904784fdabfe
Size

1.3MB
MD5

a5163289a659cba3d454652793778f90
SHA1

4e0b51c531291593aa3c9063841bfc8e35d1d934
SHA256

e925cab9bf1314c034491f84c9442f9e1e0395265ab75600d246904784fdabfe
SHA512

65eec48a958c62594f9f2752614307ed74ef1e136d51827d0b013584e1407dcc72a1315f04bf4f3f37aacf78735ac12b645210536968687a4e4e04b67e2b96f2
SSDEEP

24576:fcQ+eqrgpo7yyhQB2P/l3zrsSOwAbyg/s4/kdU1ZVSsyF1iVRsOL:SroSOw3g/fkdEZ4syF1iVGOL

Score

1^/10

Malware Config

Signatures

Files

e925cab9bf1314c034491f84c9442f9e1e0395265ab75600d246904784fdabfe
.exe windows x86

2d910ceda8cfcd538dbe9d0878b6a930

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
recv
send
socket
getsockname
getpeername
inet_ntoa
ntohs
WSAIoctl
ioctlsocket
WSASend
WSARecv
WSASocketW
htons
inet_addr
setsockopt
bind
closesocket
WSACleanup
connect
select
WSAGetLastError
WSAStartup
__WSAFDIsSet

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW

kernel32

lstrcatW
GetSystemDefaultLangID
GetDriveTypeW
OutputDebugStringW
GetDiskFreeSpaceExW
SetEnvironmentVariableW
GetVersionExW
GetFileAttributesW
CreateFileW
GetCommandLineW
GetModuleHandleA
GlobalFree
GlobalHandle
GetEnvironmentVariableW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetUserDefaultLangID
GetCurrentProcessId
OpenProcess
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
CreateThread
CreateEventW
SetEvent
LoadLibraryExW
CreateMutexW
InterlockedCompareExchange
GetTickCount
LoadLibraryW
OutputDebugStringA
GetModuleFileNameA
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
TlsAlloc
CreateDirectoryW
TlsGetValue
GlobalSize
GlobalReAlloc
LoadLibraryA
FreeResource
SetFileAttributesW
CreateFileA
ReadFile
WriteFile
SetFilePointer
CreateProcessW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WinExec
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetLocalTime
ExitThread
MoveFileA
CreateDirectoryA
GetStartupInfoW
VirtualProtect
GetSystemInfo
VirtualQuery
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
HeapCreate
GetStdHandle
TlsFree
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
TerminateProcess
GetExitCodeProcess
CopyFileW
GetTempPathW
GetTempFileNameW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
Sleep
SetLastError
GetCurrentThreadId
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrlenA
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateMutexA
InterlockedExchange
lstrlenW
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CloseHandle
GetLastError
FreeLibrary
IsDebuggerPresent
lstrcpyW
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsSetValue
GetFileAttributesA

user32

EnableMenuItem
DrawIconEx
GetClassLongW
SetWindowRgn
GetWindowDC
UpdateLayeredWindow
GetMenuItemID
GetMenuItemCount
GetMessageTime
GetSystemMenu
IsWindowVisible
GetAsyncKeyState
SetCaretPos
HideCaret
ShowCaret
CreateCaret
UpdateWindow
IsIconic
GetKeyState
LoadCursorFromFileW
PtInRect
SetCursor
DrawTextW
GetCursorPos
OffsetRect
IntersectRect
SetRect
SystemParametersInfoW
PostThreadMessageW
CharUpperW
GetMessageW
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
wsprintfW
LoadImageW
GetSystemMetrics
SetForegroundWindow
CreateDialogIndirectParamW
MessageBoxExW
DestroyIcon
MonitorFromWindow
GetMonitorInfoW
SetMenuDefaultItem
GetWindowRect
PostQuitMessage
MessageBoxW
EmptyClipboard
KillTimer
SetTimer
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
TrackPopupMenu
GetDoubleClickTime
CallMsgFilterW
LoadIconW
MonitorFromPoint
EqualRect
LoadCursorW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
SetCapture
OpenClipboard
DestroyMenu
TrackPopupMenuEx
SetClipboardData
MapWindowPoints
CloseClipboard
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
CharNextW
GetSysColor
DefWindowProcW
SetWindowPos
GetDlgItem
SendDlgItemMessageW
EnableWindow
ShowWindow
MoveWindow
GetWindowLongW
SetWindowLongW
EndDialog
SendMessageW
PostMessageW
AppendMenuW
SetRectEmpty
CreatePopupMenu
UnregisterClassA
IsRectEmpty

gdi32

SetBrushOrgEx
SetStretchBltMode
DeleteDC
SetDIBColorTable
GetDIBColorTable
StretchBlt
CombineRgn
ExtCreateRegion
ExcludeClipRect
GetClipBox
CreateFontIndirectW
GetTextExtentPointW
ExtTextOutW
LineTo
MoveToEx
RoundRect
CreatePen
SetBkColor
SetBkMode
CreateDIBSection
SetTextColor
SetMapMode
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceStatus
DeleteService
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
RegQueryValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorDacl
CopySid
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
AddAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
MakeSelfRelativeSD

shell32

SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW
ord680
CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoLoadLibrary
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
GetHGlobalFromStream
CoCreateGuid

oleaut32

UnRegisterTypeLi
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCloneImage
GdipAlloc
GdipFree
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDisposeImage

msimg32

TransparentBlt
AlphaBlend

riched20

ord4

imm32

ImmReleaseContext

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d910ceda8cfcd538dbe9d0878b6a930

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

msimg32

riched20

imm32

comctl32

Sections

.text Size: 824KB - Virtual size: 824KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 20KB - Virtual size: 39KB

.rsrc Size: 238KB - Virtual size: 237KB

.reloc Size: 128KB - Virtual size: 128KB

.text
Size: 824KB - Virtual size: 824KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 20KB - Virtual size: 39KB

.rsrc
Size: 238KB - Virtual size: 237KB

.reloc
Size: 128KB - Virtual size: 128KB