23438cc36494c5d886215215e2f4a5fea2d28d046ba273d8d07e42719529b735

Sharing

Copy URL Twitter E-mail

General

Target

23438cc36494c5d886215215e2f4a5fea2d28d046ba273d8d07e42719529b735
Size

336KB
MD5

691ecb8332049fb0233b990921bcc9dd
SHA1

8eec0ff9e95da4877d7c88d86f4400ea97d69680
SHA256

23438cc36494c5d886215215e2f4a5fea2d28d046ba273d8d07e42719529b735
SHA512

a1035424c38cc7dd915bcac28c0a36399b8e6439931b303367af47a34e037ee176e5aa280759b7aacbd3194948ce80089dd86415f2aa35d590e14a82f38a4df0
SSDEEP

6144:luuncUO+KgEguWqGX8XnRZ0SYqAZbfL9RJfb3UUC3E4mMUI7U:bnfFMguWj8XdnAfdDUUC3Exz

Score

1^/10

Malware Config

Signatures

Files

23438cc36494c5d886215215e2f4a5fea2d28d046ba273d8d07e42719529b735
.exe windows x86

76def149962ef72d9dd4d6a97c4667f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeLibrary
CreateMutexW
OpenProcess
GetCommandLineW
CloseHandle
SetConsoleCtrlHandler
GetLastError
WriteConsoleW
GetVersionExW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetTickCount
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
InterlockedIncrement
ReadProcessMemory
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindFirstFileW
FindClose
GetSystemDirectoryW
CreateDirectoryW
FindNextFileW
DeleteFileW
GetTempPathW
GetFileSize
ReadFile
WriteFile
Sleep
GetModuleFileNameW
GetModuleHandleExW
CreateProcessW
GetProcessId
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ProcessIdToSessionId
GetCurrentProcessId
LocalFree
SetEvent
GetLocalTime
GetProcessTimes
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetNativeSystemInfo
GlobalMemoryStatusEx
VirtualQuery
CreateEventW
GetCurrentThreadId
SetUnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
EncodePointer
LoadLibraryExW
ExitProcess
GetStdHandle
GetCommandLineA
GetACP
GetFileType
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfW

advapi32

OpenProcessToken
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
StartServiceW
ControlService
DeleteService
AllocateAndInitializeSid
GetUserNameW
ConvertSidToStringSidW
GetTokenInformation

shlwapi

PathFileExistsW
PathFindFileNameW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

dbghelp

MiniDumpWriteDump

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleInformation
EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExW

shell32

SHGetFolderPathW

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertCloseStore

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

VERISIGN
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76def149962ef72d9dd4d6a97c4667f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wtsapi32

dbghelp

winhttp

version

psapi

shell32

crypt32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 7KB - Virtual size: 7KB

VERISIGN Size: 76KB - Virtual size: 76KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 7KB - Virtual size: 7KB

VERISIGN
Size: 76KB - Virtual size: 76KB