f0b06d361ebe15cb3724cb505b23f0afda7863543d64fca02cd7358759b136be

Sharing

Copy URL Twitter E-mail

General

Target

f0b06d361ebe15cb3724cb505b23f0afda7863543d64fca02cd7358759b136be
Size

1.7MB
MD5

945d9d3f6d1d88ba30023b68f0430514
SHA1

0bebd4ddb0e92d5199b1aad44129eb3e2e4a311a
SHA256

f0b06d361ebe15cb3724cb505b23f0afda7863543d64fca02cd7358759b136be
SHA512

918d678f91e6d0430f1cb5620ef04855c6b258a3cb2cacd53ed0d6eb0ea8cdd1bcd85a716fc5f634f0148f483a9d12c2cfd1cd64c175d501957f28d548dbc484
SSDEEP

24576:DcM8WajpLcJE7yQPfrJ6vLB7DvF1wmSm7fEXqhnNoIKF/sTh:DH7ojgRDF1ffEXkNP0s

Score

1^/10

Malware Config

Signatures

Files

f0b06d361ebe15cb3724cb505b23f0afda7863543d64fca02cd7358759b136be
.exe windows x86

ed90484765afa91de536840e6b74b827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
WideCharToMultiByte
GetFileInformationByHandleEx
GetLastError
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
VerifyVersionInfoW
GlobalFree
VerSetConditionMask
FormatMessageW
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
ExitProcess
TerminateProcess
CreateProcessW
OpenProcess
GetModuleFileNameW
GetCurrentProcess
InitializeSListHead
CloseHandle
WriteFile
CreateFileW

advapi32

RegSetValueExA
RegCloseKey
GetUserNameW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExA
RegQueryValueExW

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?classic@locale@std@@SAABV12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??0task_continuation_context@Concurrency@@AAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z

concrt140

?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpWriteData
WinHttpSetCredentials

crypt32

CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

vcruntime140

__std_terminate
_except_handler4_common
__current_exception_context
__current_exception
memset
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_set_app_type
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_get_narrow_winmain_command_line
_initterm
terminate
_initterm_e
_c_exit
exit
_exit
_cexit
_invalid_parameter_noinfo_noreturn
abort
_register_thread_local_exe_atexit_callback
_errno
_controlfp_s
_seh_filter_exe
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-string-l1-1-0

isalpha
isdigit

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf_s
_set_fmode

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed90484765afa91de536840e6b74b827

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

concrt140

bcrypt

winhttp

crypt32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 49KB - Virtual size: 52KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 49KB - Virtual size: 52KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 23KB - Virtual size: 22KB