837b1adbe66dc444adbeb5cf1937092336bc1809682420cbb0fe8b0641b738d5

Sharing

Copy URL Twitter E-mail

General

Target

837b1adbe66dc444adbeb5cf1937092336bc1809682420cbb0fe8b0641b738d5
Size

3.0MB
MD5

06201910fecbdf7bbad6a863a728a189
SHA1

9d8003283531e8a419a328bfa365a212f4cbf78e
SHA256

837b1adbe66dc444adbeb5cf1937092336bc1809682420cbb0fe8b0641b738d5
SHA512

9fa0f4b43cf8c12221f0336ffe535b91b706557a45733f144cea61af3a4f657e31df7cc3ba91ae7ffeeacf949046c3643afaac5eed94056b16fadb06268f56e9
SSDEEP

49152:x+svIZBd4v8Ixz2QFMD1iDZNHn5IZJ4lPjf6aRYSqa:xHWCv8Gz2QmD12H5jBf6na

Score

1^/10

Malware Config

Signatures

Files

837b1adbe66dc444adbeb5cf1937092336bc1809682420cbb0fe8b0641b738d5
.exe windows x86

0b7187c1999467f376c44e85dc8135d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserW
DuplicateTokenEx
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegGetValueW
RegCreateKeyW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RevertToSelf
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
SetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ImpersonateLoggedOnUser

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

user32

wsprintfA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
LoadStringW

wtsapi32

WTSQueryUserToken

ntdll

VerSetConditionMask
RtlUnwind

kernel32

FreeEnvironmentStringsW
OpenProcess
SetEvent
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateMutexW
OpenMutexW
CreateEventW
CreateFileMappingW
OpenFileMappingW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
FlushViewOfFile
CreateThread
TerminateThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
DeleteFileW
GetLogicalDriveStringsW
SetStdHandle
CopyFileW
MoveFileExW
GetLocalTime
GetModuleFileNameW
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
SetEnvironmentVariableA
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
GetLongPathNameW
GetExitCodeProcess
WriteFile
GetTempPathW
GetFileAttributesW
GetPrivateProfileIntW
GetEnvironmentVariableW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GlobalAlloc
GlobalFree
ReadProcessMemory
lstrcpyW
CreateProcessW
QueryDosDeviceW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
GetFileSize
ReadFile
MultiByteToWideChar
GetSystemInfo
GetVolumeInformationW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetVersionExW
GetConsoleCP
FlushFileBuffers
SetEndOfFile
FormatMessageA
SleepEx
PeekNamedPipe
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
GetSystemTime
SystemTimeToFileTime
GetDriveTypeW
GetCurrentDirectoryW
GetFullPathNameW
OutputDebugStringW
IsValidCodePage
FindFirstFileExW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread

oleaut32

SysStringLen
SysFreeString
SysAllocString

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

wininet

InternetQueryOptionW
InternetSetOptionW
InternetReadFile
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle

wldap32

ord41
ord50
ord211
ord46
ord143
ord22
ord26
ord60
ord27
ord32
ord35
ord79
ord30
ord33
ord200
ord301

ws2_32

WSAStartup
WSACleanup
recv
send
__WSAFDIsSet
select
WSASetLastError
getpeername
bind
closesocket
connect
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
WSAGetLastError

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 579KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 538KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b7187c1999467f376c44e85dc8135d5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shell32

shlwapi

userenv

user32

wtsapi32

ntdll

kernel32

oleaut32

crypt32

psapi

wininet

wldap32

ws2_32

version

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 579KB - Virtual size: 578KB

.data Size: 25KB - Virtual size: 50KB

.rsrc Size: 538KB - Virtual size: 537KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 579KB - Virtual size: 578KB

.data
Size: 25KB - Virtual size: 50KB

.rsrc
Size: 538KB - Virtual size: 537KB