61c7c55f687cd06a6c6c5a80dbd12f3d32353ac5de42bebbebf665112d796970

Sharing

Copy URL Twitter E-mail

General

Target

61c7c55f687cd06a6c6c5a80dbd12f3d32353ac5de42bebbebf665112d796970
Size

2.0MB
MD5

df28a7b3d922ae325922e80542b8f11e
SHA1

ba3b3b352f850c0d573c730d59dfcb7886a88cd2
SHA256

61c7c55f687cd06a6c6c5a80dbd12f3d32353ac5de42bebbebf665112d796970
SHA512

7d682a2ecf93c239d60de5c6f61e9444e2e955733a0ca8f9c9c623e7669af0cb5188e076e5487c24a3f919771118be1e317300a4f0ba5e86a7ed0891f0da87dc
SSDEEP

49152:MzjVxS8HTkRaLqfhuMFFE9ImkOZYe+GFT56pK:J8ARaGTFE9I7OZYQJn

Score

1^/10

Malware Config

Signatures

Files

61c7c55f687cd06a6c6c5a80dbd12f3d32353ac5de42bebbebf665112d796970
.exe windows x86

60ba47fa2b5f4d9a2997d7d9a922bb85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW
GetProcessImageFileNameA

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDisposeImage
GdiplusShutdown
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSetSmoothingMode
GdipCloneImage
GdipLoadImageFromStream
GdipFillRectangle
GdipDrawRectangle
GdipDrawLinesI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipFillPieI
GdiplusStartup

msimg32

AlphaBlend
GradientFill

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathAddBackslashW
StrStrIW
PathFileExistsW
PathAppendW
PathAddBackslashA

iphlpapi

GetAdaptersInfo

wldap32

ord79
ord35
ord33
ord30
ord200
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord301

ws2_32

listen
accept
getpeername
getsockname
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
recvfrom
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
ioctlsocket
ntohl
htonl
gethostname
sendto

crypt32

CertFreeCertificateContext

kernel32

SwitchToThread
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TlsGetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
TlsFree
GetLocaleInfoW
GetCPInfo
RtlUnwind
RaiseException
LoadLibraryExW
GetLocalTime
TlsAlloc
SetUnhandledExceptionFilter
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
TlsSetValue
LCMapStringW
FileTimeToSystemTime
ExitProcess
GetLastError
WaitForSingleObject
CloseHandle
GetTickCount
CreateProcessW
GetTempPathW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
GetProcAddress
OpenProcess
GetCurrentProcessId
FindClose
CreateMutexW
GetModuleFileNameW
GetWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
FreeResource
LoadResource
SizeofResource
FindResourceW
WriteFile
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiW
lstrlenW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetFileSize
lstrcatW
OutputDebugStringW
lstrcpyW
LocalAlloc
LocalReAlloc
LocalLock
LocalUnlock
LocalSize
LocalFree
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
Sleep
CreateThread
SetEvent
ResetEvent
CreateEventW
SetProcessWorkingSetSize
GetCurrentProcess
GetTempFileNameW
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryA
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
Process32First
TerminateProcess
QueryDosDeviceA
CreateToolhelp32Snapshot
Process32NextW
Process32Next
Process32FirstW
GetLogicalDriveStringsA
ResumeThread
GetExitCodeThread
SetLastError
SleepEx
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetFullPathNameW
CompareStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
GetTimeZoneInformation
HeapSize
LoadLibraryW

user32

OffsetRect
IsRectEmpty
EqualRect
DrawTextW
GetPropW
FillRect
IsZoomed
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CharUpperBuffW
CharLowerBuffW
GetKeyState
GetSystemMetrics
GetSysColor
PtInRect
RedrawWindow
GetFocus
EnableWindow
IsMenu
GetMenuStringW
GetSubMenu
GetMenuItemCount
EndMenu
GetIconInfo
DestroyCursor
LoadImageW
GetClassLongW
CreateCaret
RemovePropW
SetPropW
InvalidateRect
EndPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetCapture
SetFocus
UpdateLayeredWindow
DestroyWindow
LoadCursorW
IntersectRect
CopyRect
SetRectEmpty
SetCursor
GetClientRect
IsWindow
UpdateWindow
LoadIconW
MessageBoxW
ShowWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
GetCursorPos
GetWindowRect
SetForegroundWindow
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
EndDialog
DialogBoxParamW
SetWindowPos
SendMessageW
wsprintfW
MapWindowPoints
ClientToScreen
GetActiveWindow
GetClassNameW
GetParent
GetDesktopWindow
ScreenToClient
SetClassLongW
SetCaretPos
GetCaretBlinkTime
ShowCaret
HideCaret
DestroyCaret
BeginPaint
CallWindowProcW

gdi32

GetTextColor
GetBkMode
GetBkColor
CombineRgn
PatBlt
CreateFontW
CreateBitmap
TextOutW
ExtCreateRegion
SetBkMode
SetTextColor
SetRectRgn
CreatePatternBrush
GetTextExtentPointW
CreateCompatibleBitmap
SelectObject
CreateDIBSection
BitBlt
GetTextExtentPoint32W
DeleteObject
CreateRoundRectRgn
GetTextMetricsW
GetRegionData
DeleteDC
CreateCompatibleDC
SetBkColor
GetViewportOrgEx
GetStockObject
GetCurrentObject
GetClipBox
EnumFontsW
SetViewportOrgEx
GetObjectW
SelectClipRgn
CreateRectRgn

advapi32

RegOpenKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
DispGetIDsOfNames
VariantInit
LoadTypeLi
VariantChangeType
GetErrorInfo
SysFreeString
VariantClear

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpOpenRequest

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 982KB - Virtual size: 981KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60ba47fa2b5f4d9a2997d7d9a922bb85

Headers

DLL Characteristics

File Characteristics

Imports

psapi

comctl32

gdiplus

msimg32

shlwapi

iphlpapi

wldap32

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 982KB - Virtual size: 981KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 982KB - Virtual size: 981KB

.reloc
Size: 44KB - Virtual size: 44KB