fb82219228da11af480ba64703ee1157b2dee345af34377ef0d5b6d301d97b1f

Sharing

Copy URL Twitter E-mail

General

Target

fb82219228da11af480ba64703ee1157b2dee345af34377ef0d5b6d301d97b1f
Size

2.7MB
MD5

747d3ef79888904914e0147c3d368e45
SHA1

70404bda25608ee34d06240250ee2fd012e0a469
SHA256

fb82219228da11af480ba64703ee1157b2dee345af34377ef0d5b6d301d97b1f
SHA512

e25958ce64f3676181bf618869c28aff8d596e302e9b924181dcbf9bc5acdd5ff2cfb2f20afe2552c0327686ae32166da858bea53bfc9db9824230ae9c203754
SSDEEP

49152:jdrflAoFXXm1AXwISCb0/Z+B52CY5AWGhe2yiM1PvNOMekO5o23o:jdLlF21AgIdgBwrYa/RMX23o

Score

1^/10

Malware Config

Signatures

Files

fb82219228da11af480ba64703ee1157b2dee345af34377ef0d5b6d301d97b1f
.exe windows x64

b103d7335dc725b96e24978f473937d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalLock
GetModuleHandleA
GlobalUnlock
ExitProcess
GetFileSize
GetProcAddress
LoadLibraryA
ReadProcessMemory
lstrcatA
lstrlenA
lstrcpynA
GetSystemTime
MultiByteToWideChar
MulDiv
GetACP
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalAlloc
IsDBCSLeadByte
GetLocalTime
lstrcpyA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
WideCharToMultiByte
CreateEventA
OpenEventA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
ResumeThread
CreateProcessA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
MoveFileA
DeleteFileA
GetTickCount64
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
SetFileTime
WriteFile
CreateDirectoryA
LocalFileTimeToFileTime
GetCurrentDirectoryA
ReadFile
CreateFileA
GetFileAttributesA
SystemTimeToFileTime
SetFilePointer
LocalFree
FormatMessageA
Sleep
GetLastError
OpenProcess
GetCurrentProcessId
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetTickCount
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
RtlUnwindEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ClientToScreen
SetTimer
PostQuitMessage
MessageBoxA
FindWindowA
OffsetRect
InflateRect
UnionRect
SetCursor
LoadCursorA
UpdateWindow
GetCaretPos
SetCaretPos
ShowCaret
TranslateMessage
DispatchMessageA
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
PeekMessageA
DrawTextA
AppendMenuA
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevA
GetWindowRgn
IsWindowEnabled
MoveWindow
UpdateLayeredWindow
SetWindowLongPtrA
GetWindowLongPtrA
AdjustWindowRectEx
GetPropA
SetPropA
GetMenu
EnableWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoExA
RegisterClassExW
RegisterClassExA
RegisterClassA
CallWindowProcA
DefWindowProcA
wsprintfA
SetWindowRgn
GetMonitorInfoA
MonitorFromWindow
LoadImageA
GetWindow
GetParent
SetWindowLongA
GetWindowLongA
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextA
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
MapVirtualKeyExA
GetKeyNameTextA
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
IsWindow
CreateAcceleratorTableA
CreateWindowExA
GetWindowTextLengthA
PostMessageA
SendMessageA
GetMessageA
GetWindowTextA
SetWindowTextA
EqualRect
MessageBoxW
CharUpperBuffW

comdlg32

GetOpenFileNameA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptHashData

oleaut32

SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
VariantInit
VariantClear
SysAllocString

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_BADOFF@std@@3_JB

ws2_32

WSAStartup
getpeername
ntohs
inet_ntoa
WSACleanup
recv
getsockname
gethostname
socket
ioctlsocket
select
gethostbyname
inet_addr
send
closesocket
connect
htons

wininet

InternetOpenA
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

vcruntime140

__vcrt_InitializeCriticalSectionEx
__C_specific_handler
memcpy
memset
__std_terminate
memmove
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__RTDynamicCast
_CxxThrowException
__CxxFrameHandler3
memchr
memcmp
strrchr
_purecall
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

fseek
fread
__p__commode
feof
__stdio_common_vsprintf_s
fclose
_set_fmode
_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strcat
strcpy_s
strcmp
strncmp
strcpy
toupper
isdigit
strlen
tolower

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free
realloc
calloc

api-ms-win-crt-convert-l1-1-0

strtol
_itoa
strtoul
atol
strtod
atoi

api-ms-win-crt-math-l1-1-0

powf
fabs
sqrt
cos
sin
__setusermatherr
ldexp

api-ms-win-crt-utility-l1-1-0

srand
_lrotl
abs
labs
rand

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_initterm
_invalid_parameter_noinfo
_errno
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_get_wide_winmain_command_line
_initialize_onexit_table
terminate
_crt_atexit
_register_onexit_function

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcmp
_ismbcspace
_mbsnbcat
_mbsrchr
_ismbcalnum
_mbschr
_mbslwr
_mbscmp
_mbsicmp
_mbsstr
_mbsnbcpy

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

gdi32

CreateSolidBrush
GetCharABCWidthsA
GetClipBox
GetTextExtentPoint32A
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
TextOutA
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
CombineRgn
SelectObject
CreateRectRgnIndirect
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateEnhMetaFileA
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectA
GetTextMetricsA
SaveDC
CreatePenIndirect
PlayEnhMetaFile
GetEnhMetaFileHeader
SetBitmapBits
CloseEnhMetaFile

shell32

DragQueryFileA

ole32

OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
DoDragDrop
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipDrawImageI
GdipDrawLine
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenStartCap
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b103d7335dc725b96e24978f473937d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

oleaut32

msvcp140

ws2_32

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

gdi32

shell32

ole32

comctl32

gdiplus

imm32

Sections

.text Size: - Virtual size: 516KB

.rdata Size: - Virtual size: 164KB

.data Size: - Virtual size: 13KB

.pdata Size: - Virtual size: 26KB

.tls Size: 512B - Virtual size: 29B

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 512B - Virtual size: 44B

.rsrc Size: 4KB - Virtual size: 33KB

.text
Size: - Virtual size: 516KB

.rdata
Size: - Virtual size: 164KB

.data
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 29B

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 512B - Virtual size: 44B

.rsrc
Size: 4KB - Virtual size: 33KB