b02d57f1c4f7f233044a56fdc57c89b6cc3661479dccc3b4cfa1f6f9d20cd893

Sharing

Copy URL

Twitter E-mail

General

Target

b02d57f1c4f7f233044a56fdc57c89b6cc3661479dccc3b4cfa1f6f9d20cd893
Size

81KB
MD5

3ee21dbaa37d0048e2e174cb41a664d6
SHA1

f7799dc7530c3234dd2d5c11b74361b7ec1daefb
SHA256

b02d57f1c4f7f233044a56fdc57c89b6cc3661479dccc3b4cfa1f6f9d20cd893
SHA512

7cfcc286522cc1d70f4f0d83e8a6e9ed27a7b94ead3f272a271ce1bf6708c91b0f19ddbf7cdebe44239c903142bd8f9b1949d17cbce0dd39e9491acb9744e947
SSDEEP

1536:+uBQrT1eLBBdU/1GJj4UgvpedwwtVNUmrTF3MqqU+hV2xQie:+uBUwX0C4Vvs2wT+mr5MqqD/Fi

Score

N/A

Malware Config

Signatures

Files

b02d57f1c4f7f233044a56fdc57c89b6cc3661479dccc3b4cfa1f6f9d20cd893
.exe windows x86

22284c41787c1306a594dae320db9ab5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

iphlpapi

GetAdaptersAddresses

ws2_32

socket
select
WSACleanup
htons
ioctlsocket
WSAGetLastError
WSAStartup
connect
__WSAFDIsSet
closesocket
inet_ntop
inet_addr

crypt32

CryptBinaryToStringA

ntdll

RtlAcquirePebLock
RtlReleasePebLock
RtlInitUnicodeString
LdrEnumerateLoadedModules
RtlInterlockedPushEntrySList
NtAllocateVirtualMemory

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveFileSpecW
PathRemoveExtensionA

bcrypt

BCryptGenRandom

msvcrt

malloc
free
calloc

mpr

WNetGetConnectionW

kernel32

GetModuleFileNameW
lstrcmpiA
lstrcmpW
GetWindowsDirectoryW
lstrcatW
lstrcpyW
MoveFileExW
MoveFileW
CreateFileW
SystemTimeToFileTime
SetFileTime
ReadFile
WriteFile
GetFileSizeEx
GetQueuedCompletionStatus
CreateIoCompletionPort
SetThreadAffinityMask
WaitForMultipleObjectsEx
lstrcmpA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedFlushSList
InterlockedPopEntrySList
InitializeSListHead
ExitThread
SetPriorityClass
WaitForSingleObject
TerminateProcess
OpenMutexA
CreateMutexA
SetErrorMode
SetUnhandledExceptionFilter
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
CreateProcessW
CreateThread
GetLastError
WaitForMultipleObjects
Sleep
GetLogicalDrives
FindClose
CloseHandle
lstrcmpiW
lstrlenW
GetDriveTypeW
GetDiskFreeSpaceW
SetFileAttributesW
FindFirstFileW
FindNextFileW
GetTempPathW
GetTempFileNameW
GetTickCount
LoadLibraryA
GetSystemInfo
lstrcpyA
ExitProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcAddress
OpenProcess
GetModuleHandleA

user32

wsprintfA
wsprintfW

advapi32

GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
OpenSCManagerA
CloseServiceHandle
CheckTokenMembership
LookupPrivilegeValueA
CreateWellKnownSid
AdjustTokenPrivileges
RegCreateKeyExW
OpenProcessToken
RegQueryValueExW
RegDeleteValueW
RegSetValueExW

shell32

SHEmptyRecycleBinW
ShellExecuteExW

ole32

CoUninitialize
CoGetObject
CoInitializeEx

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22284c41787c1306a594dae320db9ab5

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

ntdll

shlwapi

bcrypt

msvcrt

mpr

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 7KB