556e43096c2f290fe70131d0c6ef16d633ae6643d18e5b826a05ac2a5b8859bb

Sharing

Copy URL

Twitter E-mail

General

Target

556e43096c2f290fe70131d0c6ef16d633ae6643d18e5b826a05ac2a5b8859bb
Size

2.0MB
MD5

3bc70025b70d8443b95d17d3be669f14
SHA1

b3136d8633ff2ad357fcf9bf305a69571368fef5
SHA256

556e43096c2f290fe70131d0c6ef16d633ae6643d18e5b826a05ac2a5b8859bb
SHA512

42b96af7782fee07b060cd0ce9bdec101fc696b72d22182a4dccec8aab2280af21e09d0c91ea2b79971bfe2c720a79ee86ed62bb0f5cf5e1f9f213aea17937d1
SSDEEP

49152:Q4cr/RS5LDP1LSRl5/7ZN4YSE+HOPF7Nrx70Gwgqx:Q4crJWD9LM/7D4YU47NrJA

Score

1^/10

Malware Config

Signatures

Files

556e43096c2f290fe70131d0c6ef16d633ae6643d18e5b826a05ac2a5b8859bb
.exe windows x86

f498cd6cc3a0ea820c5c551c4d1edf11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

CreateProcessW
GetSystemDirectoryW
DeleteFileW
CopyFileW
MoveFileExW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationW
GetTickCount
GetSystemInfo
GetVersionExW
FindClose
GetTempPathW
CreateDirectoryW
FindFirstFileW
FindNextFileW
VerSetConditionMask
SetErrorMode
WriteFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesW
ReleaseMutex
CreateMutexW
GetFileAttributesExW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetLongPathNameW
VirtualAlloc
VirtualFree
VirtualProtect
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
GetCurrentThreadId
GetTempFileNameW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetDriveTypeW
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
GetCurrentDirectoryW
ReadConsoleW
SetEndOfFile
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
FreeLibrary
CreateFileW
SleepEx
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GlobalMemoryStatus
ExitThread
FreeLibraryAndExitThread
ReadConsoleInputA
SetConsoleMode
GetModuleFileNameW
LoadLibraryW
ReadFile
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
GetFileSize
GetProcAddress
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetFileAttributesExA
QueueUserWorkItem
GetLastError
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
OpenProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
DeleteCriticalSection
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW

advapi32

CryptEnumProvidersA
CryptSignHashA
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
CreateProcessAsUserW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SetTokenInformation
GetTokenInformation
CryptDestroyHash
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
CryptDecrypt

shlwapi

PathFileExistsW
PathRemoveFileSpecW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
wsprintfW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

urlmon

URLDownloadToFileW

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext

ws2_32

WSAIoctl
select
WSAGetLastError
socket
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
__WSAFDIsSet
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f498cd6cc3a0ea820c5c551c4d1edf11

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

advapi32

shlwapi

user32

shell32

iphlpapi

wininet

wldap32

urlmon

crypt32

ws2_32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 46KB - Virtual size: 86KB

.gfids Size: 512B - Virtual size: 448B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 46KB - Virtual size: 86KB

.gfids
Size: 512B - Virtual size: 448B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 72KB - Virtual size: 71KB