5299382473c8ddd4c0f19a119618fe06f56c4ed5ff86403632ac66a453be2174

Sharing

Copy URL

Twitter E-mail

General

Target

5299382473c8ddd4c0f19a119618fe06f56c4ed5ff86403632ac66a453be2174
Size

516KB
MD5

32935e9fe05fb8848f04882d070ba897
SHA1

cc859a8673668a7ab8358c040248fb7c8b8c245e
SHA256

5299382473c8ddd4c0f19a119618fe06f56c4ed5ff86403632ac66a453be2174
SHA512

dc026f66ce177995bde17d744ddd65125d83a303dcc17e8c129bc238c47d6cda140d5698f5f78be0cf00ba6311277275529387c85848d9c7dd3fd3194b103e22
SSDEEP

6144:scCV51Bg0+FedOdR1hCCmLefnPG0m0SbLKzaM4G/+ZsC0YHU:vCV51lkXHCCaeP+0m0YpM4G2pHU

Score

1^/10

Malware Config

Signatures

Files

5299382473c8ddd4c0f19a119618fe06f56c4ed5ff86403632ac66a453be2174
.exe windows x86

042b1ce9b43584a97de3ed00b34077c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
LoadLibraryW
GetSystemDirectoryW
DeviceIoControl
CreateFileW
GetCurrentProcessId
DeleteFileW
RemoveDirectoryW
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
WaitForSingleObject
SetEvent
CreateThread
WaitForMultipleObjects
OpenProcess
lstrcmpiW
GetWindowsDirectoryW
GetTempPathW
DeleteCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetCurrentThreadId
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GlobalUnlock
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
ReadFile
WriteFile
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpW
InitializeCriticalSection
lstrlenW
SetLastError
SetCurrentDirectoryW
InterlockedCompareExchange
Sleep
GetVersionExW
MulDiv
LoadLibraryExW
FreeResource
FreeLibrary
GetSystemWindowsDirectoryW
GetModuleHandleW
CreateEventW
GetLastError
CloseHandle
RaiseException
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetProcAddress
GetCurrentProcess
GetModuleHandleA
FlushInstructionCache
EnterCriticalSection
GetFileType

user32

PostMessageW
SendMessageW
SetWindowPos
IsWindowVisible
SetTimer
KillTimer
SetFocus
GetParent
IsWindow
SetWindowLongW
GetFocus
SetActiveWindow
GetActiveWindow
EnumChildWindows
ShowWindow
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
UnregisterClassA
GetWindowLongW
MoveWindow
GetWindowDC
UpdateLayeredWindow
GetWindowThreadProcessId
SendMessageTimeoutW
GetSystemMetrics
LoadImageW
DisableProcessWindowsGhosting
SetLayeredWindowAttributes
PrintWindow
SystemParametersInfoW
GetClassInfoW
RegisterClassW
UpdateWindow
GetWindowRect
SetRectEmpty
PtInRect
PostQuitMessage
IsIconic
BringWindowToTop
SetForegroundWindow
FindWindowW
CopyRect
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
CharNextW
GetSysColor
CreateDialogParamW
DestroyWindow
DefWindowProcW
PeekMessageW
GetMessageW

gdi32

GetStockObject
CreateDIBSection
SetDIBColorTable
SetBkMode
SetStretchBltMode
GetDIBits
SetDIBits
GetDeviceCaps
GetObjectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoGetClassObject
StringFromGUID2
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

SafeArrayGetUBound
SafeArrayCreate
SafeArrayAccessData
VarUI4FromStr
SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound

shlwapi

PathRemoveExtensionW
SHGetValueW
PathFindFileNameW
PathCombineW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

comctl32

InitCommonControlsEx

version

VerQueryValueW

gdiplus

GdiplusShutdown
GdiplusStartup

imm32

ImmDisableIME

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

nbobv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gacrg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iahkn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oxvlu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jiahd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iahwj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hrqqq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kpgkw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ghdcf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vjwvl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qipss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewvob
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ahpghk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hdaaol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uectvl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sslpdm
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gpdmkn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lfaern
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tewcao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qsnwhp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rlrsnp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xtgmuq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dacjdr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xctekr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wtnbqs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ruoiat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cavqiu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

npslpu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xobhwv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fhkdfw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

obhamw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ffmusx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lplpba
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lbtxja
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mgrerb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mweaac
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pslugd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cternd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fajrue
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

weamdf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mbmkkf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewjirg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nulkbh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

drxjii
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qqgmpi
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jdveaj
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

htlik
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

042b1ce9b43584a97de3ed00b34077c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

gdiplus

imm32

wintrust

crypt32

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 14KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 19KB - Virtual size: 18KB

nbobv Size: 4KB - Virtual size: 4KB

gacrg Size: 4KB - Virtual size: 4KB

iahkn Size: 4KB - Virtual size: 4KB

oxvlu Size: 4KB - Virtual size: 4KB

jiahd Size: 4KB - Virtual size: 4KB

iahwj Size: 4KB - Virtual size: 4KB

hrqqq Size: 4KB - Virtual size: 4KB

kpgkw Size: 4KB - Virtual size: 4KB

ghdcf Size: 4KB - Virtual size: 4KB

vjwvl Size: 4KB - Virtual size: 4KB

qipss Size: 4KB - Virtual size: 4KB

ewvob Size: 4KB - Virtual size: 4KB

ahpghk Size: 4KB - Virtual size: 4KB

hdaaol Size: 4KB - Virtual size: 4KB

uectvl Size: 4KB - Virtual size: 4KB

sslpdm Size: 4KB - Virtual size: 4KB

gpdmkn Size: 4KB - Virtual size: 4KB

lfaern Size: 4KB - Virtual size: 4KB

tewcao Size: 4KB - Virtual size: 4KB

qsnwhp Size: 4KB - Virtual size: 4KB

rlrsnp Size: 4KB - Virtual size: 4KB

xtgmuq Size: 4KB - Virtual size: 4KB

dacjdr Size: 4KB - Virtual size: 4KB

xctekr Size: 4KB - Virtual size: 4KB

wtnbqs Size: 4KB - Virtual size: 4KB

ruoiat Size: 4KB - Virtual size: 4KB

cavqiu Size: 4KB - Virtual size: 4KB

npslpu Size: 4KB - Virtual size: 4KB

xobhwv Size: 4KB - Virtual size: 4KB

fhkdfw Size: 4KB - Virtual size: 4KB

obhamw Size: 4KB - Virtual size: 4KB

ffmusx Size: 4KB - Virtual size: 4KB

lplpba Size: 4KB - Virtual size: 4KB

lbtxja Size: 4KB - Virtual size: 4KB

mgrerb Size: 4KB - Virtual size: 4KB

mweaac Size: 4KB - Virtual size: 4KB

pslugd Size: 4KB - Virtual size: 4KB

cternd Size: 4KB - Virtual size: 4KB

fajrue Size: 4KB - Virtual size: 4KB

weamdf Size: 4KB - Virtual size: 4KB

mbmkkf Size: 4KB - Virtual size: 4KB

ewjirg Size: 4KB - Virtual size: 4KB

nulkbh Size: 4KB - Virtual size: 4KB

drxjii Size: 4KB - Virtual size: 4KB

qqgmpi Size: 4KB - Virtual size: 4KB

jdveaj Size: 4KB - Virtual size: 4KB

htlik Size: 4KB - Virtual size: 4KB

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 14KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 19KB - Virtual size: 18KB

nbobv
Size: 4KB - Virtual size: 4KB

gacrg
Size: 4KB - Virtual size: 4KB

iahkn
Size: 4KB - Virtual size: 4KB

oxvlu
Size: 4KB - Virtual size: 4KB

jiahd
Size: 4KB - Virtual size: 4KB

iahwj
Size: 4KB - Virtual size: 4KB

hrqqq
Size: 4KB - Virtual size: 4KB

kpgkw
Size: 4KB - Virtual size: 4KB

ghdcf
Size: 4KB - Virtual size: 4KB

vjwvl
Size: 4KB - Virtual size: 4KB

qipss
Size: 4KB - Virtual size: 4KB

ewvob
Size: 4KB - Virtual size: 4KB

ahpghk
Size: 4KB - Virtual size: 4KB

hdaaol
Size: 4KB - Virtual size: 4KB

uectvl
Size: 4KB - Virtual size: 4KB

sslpdm
Size: 4KB - Virtual size: 4KB

gpdmkn
Size: 4KB - Virtual size: 4KB

lfaern
Size: 4KB - Virtual size: 4KB

tewcao
Size: 4KB - Virtual size: 4KB

qsnwhp
Size: 4KB - Virtual size: 4KB

rlrsnp
Size: 4KB - Virtual size: 4KB

xtgmuq
Size: 4KB - Virtual size: 4KB

dacjdr
Size: 4KB - Virtual size: 4KB

xctekr
Size: 4KB - Virtual size: 4KB

wtnbqs
Size: 4KB - Virtual size: 4KB

ruoiat
Size: 4KB - Virtual size: 4KB

cavqiu
Size: 4KB - Virtual size: 4KB

npslpu
Size: 4KB - Virtual size: 4KB

xobhwv
Size: 4KB - Virtual size: 4KB

fhkdfw
Size: 4KB - Virtual size: 4KB

obhamw
Size: 4KB - Virtual size: 4KB

ffmusx
Size: 4KB - Virtual size: 4KB

lplpba
Size: 4KB - Virtual size: 4KB

lbtxja
Size: 4KB - Virtual size: 4KB

mgrerb
Size: 4KB - Virtual size: 4KB

mweaac
Size: 4KB - Virtual size: 4KB

pslugd
Size: 4KB - Virtual size: 4KB

cternd
Size: 4KB - Virtual size: 4KB

fajrue
Size: 4KB - Virtual size: 4KB

weamdf
Size: 4KB - Virtual size: 4KB

mbmkkf
Size: 4KB - Virtual size: 4KB

ewjirg
Size: 4KB - Virtual size: 4KB

nulkbh
Size: 4KB - Virtual size: 4KB

drxjii
Size: 4KB - Virtual size: 4KB

qqgmpi
Size: 4KB - Virtual size: 4KB

jdveaj
Size: 4KB - Virtual size: 4KB

htlik
Size: 4KB - Virtual size: 4KB