422bf2dae966dde8c35a2c08c23446b13c57c9c39a6e35f7c3244b5a4e705611

Sharing

Copy URL Twitter E-mail

General

Target

422bf2dae966dde8c35a2c08c23446b13c57c9c39a6e35f7c3244b5a4e705611
Size

15.4MB
MD5

c111f48e6129dd0b07811803c8710276
SHA1

4c2e984ff256c446771171a5de6c397b515f76ec
SHA256

422bf2dae966dde8c35a2c08c23446b13c57c9c39a6e35f7c3244b5a4e705611
SHA512

3e1588d6e5924231c72da217e695b8df78e38e2b7997c881e0642337fe15244ac733468a358f36df2de025b3f3a07597c4b465a59637a6f54117a061ca776bb7
SSDEEP

393216:rA6uL3ASJHbj9qh6fjrwScLHy5Oj5qBLcmf+a9mh:4L3B1qhGrGScj5wcmf6h

Score

1^/10

Malware Config

Signatures

Files

422bf2dae966dde8c35a2c08c23446b13c57c9c39a6e35f7c3244b5a4e705611
.exe windows x86

24b4abf7850af3faa739c45df8125b41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
TerminateProcess
RemoveDirectoryW
SystemTimeToFileTime
CopyFileW
ExitThread
RtlCaptureStackBackTrace
GetExitCodeThread
WritePrivateProfileStringW
FreeResource
SetUnhandledExceptionFilter
GetCommandLineW
GetCurrentDirectoryW
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
CreateRemoteThread
VirtualAllocEx
VirtualProtect
WriteProcessMemory
GetProcessHeap
GetCurrentProcessId
GetFileSize
HeapAlloc
CreateFileA
GetLastError
WaitForSingleObject
HeapFree
ReadFile
GetPrivateProfileIntA
OutputDebugStringW
GlobalUnlock
BeginUpdateResourceW
UpdateResourceW
FindResourceW
LoadResource
DeleteFileW
LockResource
EndUpdateResourceW
SizeofResource
lstrlenA
GetDriveTypeW
GetTempFileNameW
lstrcpyW
lstrcpyA
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
lstrcatA
GetSystemDirectoryW
FindClose
GetTempPathW
FindNextFileA
GetModuleFileNameW
GetLongPathNameW
FindFirstFileA
GetLogicalDrives
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
OutputDebugStringA
InterlockedDecrement
lstrlenW
Sleep
lstrcmpW
WriteConsoleW
GetFullPathNameA
GetFullPathNameW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetModuleFileNameA
GetModuleHandleExW
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
FormatMessageW
TryEnterCriticalSection
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetStdHandle
GetFileInformationByHandle
LoadLibraryW
FreeLibrary
LoadLibraryExW
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
SetCurrentDirectoryW
MoveFileW
FindFirstFileW
FindNextFileW
GetModuleHandleA
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
UnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
LocalFree
InterlockedExchange
InterlockedCompareExchange
DeviceIoControl
GetVersionExW
LoadLibraryA
GlobalLock
GetACP
ExitProcess
MulDiv
RaiseException
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
InterlockedIncrement
Process32First
Process32Next
GetFileSizeEx
CreateMutexW
ReleaseMutex
HeapSize
HeapReAlloc
HeapDestroy
SetFilePointerEx
AllocConsole
GetVersion
GetNativeSystemInfo
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
ResumeThread

user32

SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
IsZoomed
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
GetMenu
SetPropW
GetPropW
AdjustWindowRectEx
LoadCursorW
SetCursor
InflateRect
SetWindowRgn
UpdateLayeredWindow
MoveWindow
IsWindowEnabled
GetWindowRgn
UnregisterClassW
MonitorFromPoint
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
SendMessageW
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
CharNextW
SetTimer
KillTimer
PostQuitMessage
MessageBoxW
GetMonitorInfoW

advapi32

RegOpenKeyExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

CommandLineToArgvW
DragQueryFileW
ord165
SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteA
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoUninitialize
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
OleUninitialize
OleInitialize
CoCreateGuid
RegisterDragDrop
CoCreateInstance

oleaut32

VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocStringLen
VariantCopy
GetErrorInfo
CreateErrorInfo
SetErrorInfo
VariantChangeType
SysAllocString

shlwapi

PathFileExistsA
SHDeleteValueW
SHSetValueW
SHGetValueW
PathFileExistsW
PathCombineW
StrStrIA
PathCombineA
SHGetValueA
PathRemoveExtensionW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW

psapi

GetModuleFileNameExW

msimg32

GradientFill
AlphaBlend

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

wininet

HttpQueryInfoW
HttpQueryInfoA
HttpSendRequestW
HttpSendRequestA
InternetReadFile
HttpAddRequestHeadersA
HttpOpenRequestW
HttpOpenRequestA
InternetConnectW
InternetConnectA
InternetCloseHandle
InternetOpenW

ws2_32

socket
setsockopt
send
WSAStartup
closesocket
connect
htons
inet_addr
recv
gethostname
WSACleanup
gethostbyname

winhttp

WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpen
WinHttpQueryHeaders

netapi32

NetWkstaGetInfo
NetWkstaTransportEnum
NetApiBufferFree
Netbios

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdi32

Rectangle
RemoveFontMemResourceEx
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
AddFontMemResourceEx
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetDeviceCaps
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreatePenIndirect
BitBlt
CreateCompatibleBitmap

gdiplus

GdipSetPenStartCap
GdipRotateWorldTransform
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawLine
GdipDrawImageI
GdipCreatePen2
GdipTranslateWorldTransform
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageRectI
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateSolidFill

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Exports

Exports

?GetStatisticInstance@@YGPAVIStatistic@statistic@@XZ

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24b4abf7850af3faa739c45df8125b41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

msimg32

comctl32

wininet

ws2_32

winhttp

netapi32

version

gdi32

gdiplus

imm32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 328KB - Virtual size: 328KB

.data Size: 24KB - Virtual size: 35KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 79KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 328KB - Virtual size: 328KB

.data
Size: 24KB - Virtual size: 35KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 79KB - Virtual size: 78KB