5264849df1fe55ed41231e22b147aeb3ac0ee19ee70ff4ca997758eeef2f26fd

Sharing

Copy URL Twitter E-mail

General

Target

5264849df1fe55ed41231e22b147aeb3ac0ee19ee70ff4ca997758eeef2f26fd
Size

518KB
MD5

5caf8d292aa1e939264cd6ebbf43ab99
SHA1

4213c3bacdf41d659623157a1ab88a704cf13ed6
SHA256

5264849df1fe55ed41231e22b147aeb3ac0ee19ee70ff4ca997758eeef2f26fd
SHA512

5780d87cb8128197987b36e647afc393a254f597015933cf72afedbff9f94f3a000b41a754e3d7deb9d12e9ed81a7b2f54d61f966ec4af74eecca4188e2e76aa
SSDEEP

12288:wBQ/i1Cp40OHCapTq+5yFI4Td2C7XcIFvN05zPiT0lmTFr:Wjn5MIshb7mz6T0lmpr

Score

1^/10

Malware Config

Signatures

Files

5264849df1fe55ed41231e22b147aeb3ac0ee19ee70ff4ca997758eeef2f26fd
.exe windows x86

c88821d693e8d0f5c54ffed1a261e7a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
Sleep
ReadProcessMemory
CreateProcessA
IsBadWritePtr
TerminateProcess
lstrcatA
MultiByteToWideChar
FlushFileBuffers
FindFirstFileA
GetLogicalDriveStringsA
GetLastError
lstrcmpiA
GetProcAddress
FindClose
LoadLibraryA
Process32Next
WritePrivateProfileStringA
GetModuleFileNameA
QueryFullProcessImageNameA
FindNextFileA
GetModuleHandleA
CreateToolhelp32Snapshot
OutputDebugStringA
DuplicateHandle
CloseHandle
DeleteFileA
lstrcpyA
GetCommandLineW
VirtualQuery
SetUnhandledExceptionFilter
SetEvent
CreateEventA
OpenMutexA
lstrcmpiW
QueueUserWorkItem
CreateMutexA
LocalFree
ExitProcess
OutputDebugStringW
OpenProcess
CreateThread
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEndOfFile
LoadLibraryW
CreateFileW
WriteConsoleW
SetStdHandle
ReadConsoleW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
WriteFile
ExpandEnvironmentStringsA
IsBadReadPtr
WaitForSingleObject
Process32First
QueryDosDeviceA
GetCurrentProcess
FreeLibrary
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentDirectoryW
LoadLibraryExW
GetModuleFileNameW
GetCurrentThread
GetOEMCP
lstrlenA
CreateFileA
GetFileAttributesExW
GetACP
IsValidCodePage
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointerEx
ReadFile
GetProcessHeap
GetFileType
GetCurrentThreadId
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
AreFileApisANSI
HeapAlloc
GetDriveTypeW
GetFullPathNameA
RtlUnwind
GetCPInfo
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
UnhandledExceptionFilter
SetLastError
CreateEventW
GetStartupInfoW
GetTickCount
CreateSemaphoreW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle

user32

GetWindowRect
SystemParametersInfoA
IsWindow
SetWindowPos
GetWindowTextA
EnumWindows
FindWindowA
GetWindowThreadProcessId
GetClassNameA

advapi32

ControlTraceA
EnableTraceEx
StartTraceA
OpenTraceA
ProcessTrace
StopTraceA

shell32

CommandLineToArgvW
ShellExecuteExA

ole32

CoCreateGuid

wininet

HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetQueryOptionA
InternetOpenA

ws2_32

inet_ntoa
WSAStartup
gethostname

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c88821d693e8d0f5c54ffed1a261e7a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

ws2_32

iphlpapi

version

shlwapi

Sections

.text Size: 398KB - Virtual size: 397KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB