3d90a080033ce66d4aad5afcc8baa2a05c8d77526bcb9c77e8d542bbb041145d

Sharing

Copy URL

Twitter E-mail

General

Target

3d90a080033ce66d4aad5afcc8baa2a05c8d77526bcb9c77e8d542bbb041145d
Size

661KB
MD5

066ecda69991b7a4fc4aa5a564dfb93e
SHA1

1cc1bb9f0289445f8f9fb29cb9e2bfb68e1cf9e4
SHA256

3d90a080033ce66d4aad5afcc8baa2a05c8d77526bcb9c77e8d542bbb041145d
SHA512

91162df32bdd598f6bc8e13a68fb861910c41027cd1118a7ea947f3447a3d524a04a39f9fb056a8a1854067e57f5708f99c892fc131e7aa277e7a21750222794
SSDEEP

12288:wFgdYYhiRosidTz1d05C3Au4tzjEF6dX7Oz8nzaAzQQehm6ZAR2M73115u5c/bC:X5t6h04dXTzaAzQQehw11M5i

Score

N/A

Malware Config

Signatures

Files

3d90a080033ce66d4aad5afcc8baa2a05c8d77526bcb9c77e8d542bbb041145d
.exe windows x86

37845c5d2c48a321ad7232feacdaf713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord45
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord60
ord22

kernel32

MultiByteToWideChar
GetComputerNameA
Process32First
GetProcessTimes
OpenProcess
FileTimeToSystemTime
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
FileTimeToLocalFileTime
OutputDebugStringW
FormatMessageA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GlobalAlloc
SetLastError
GlobalFree
FreeLibrary
GetModuleHandleW
LoadLibraryW
CreateFileW
SetFilePointer
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
CreateDirectoryA
GetCurrentDirectoryA
LocalFileTimeToFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateProcess
OpenMutexA
CreateMutexA
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
WideCharToMultiByte
ExpandEnvironmentStringsA
WaitForSingleObject
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
GetFileSizeEx
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetCurrentProcess
GetProcAddress
LoadLibraryA
InterlockedExchange
InterlockedCompareExchange
GetTempPathA
SetEnvironmentVariableA
CloseHandle
GetModuleHandleA
VirtualAlloc
GetLastError
ReadFile
WriteFile
GetSystemTimeAsFileTime
VirtualFree
GetTickCount
GetFileSize
CreateFileA
Sleep
FindClose
CreateThread
ExitThread
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetDriveTypeA
FindFirstFileExA
GetFileInformationByHandle
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
GetACP
GetOEMCP
GetStdHandle
DecodePointer
EncodePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsValidCodePage

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey

ws2_32

ntohl
htonl
ioctlsocket
getaddrinfo
freeaddrinfo
listen
accept
getpeername
getsockopt
ntohs
WSAIoctl
select
__WSAFDIsSet
WSASetLastError
send
recv
WSACleanup
connect
inet_addr
getsockname
gethostbyname
gethostname
inet_ntoa
WSAStartup
recvfrom
WSAGetLastError
htons
setsockopt
sendto
bind
socket
closesocket

shlwapi

PathFileExistsA
PathAddBackslashA

crypt32

CertCloseStore
CertFindCertificateInStore
CryptStringToBinaryA
CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringA
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateContext

iphlpapi

SendARP
GetIpForwardTable
GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37845c5d2c48a321ad7232feacdaf713

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

user32

advapi32

ws2_32

shlwapi

crypt32

iphlpapi

version

Sections

.text Size: 465KB - Virtual size: 464KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 465KB - Virtual size: 464KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB

.rmnet
Size: 56KB - Virtual size: 60KB