4ee6da383c805d970350a951cd9c1fc27e1b0e9eabe955ff0997bf36d9694955

Sharing

Copy URL Twitter E-mail

General

Target

4ee6da383c805d970350a951cd9c1fc27e1b0e9eabe955ff0997bf36d9694955
Size

1.6MB
MD5

079cc31da1ac62084bf451dcdf3ae288
SHA1

bd11b407bf2a7d8d780f5000d204173cb452b51f
SHA256

4ee6da383c805d970350a951cd9c1fc27e1b0e9eabe955ff0997bf36d9694955
SHA512

b42dee184d741cc9c632dce991490470e59f8c8b4944c3ccdeaa5125fc8ea9698e4a4f7ec5c1efde301611fd35a497699eb6fea550ea53eff11c5a51a20c9915
SSDEEP

49152:UbJPAGhDs1PsZ6f3Uhp/dl63q1g6W7uP:UlPAh5swvUr63

Score

N/A

Malware Config

Signatures

Files

4ee6da383c805d970350a951cd9c1fc27e1b0e9eabe955ff0997bf36d9694955
.exe windows x86

dd7e479959c318f60b226902240710bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
CreateMutexW
CreateMutexA
ReleaseMutex
OpenProcess
TerminateProcess
GetProcessId
CreateProcessA
GetLastError
SetUnhandledExceptionFilter
GetTickCount
CreateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
CloseHandle
MoveFileExA
DeleteFileW
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
CreateFileW
GetFileType
GetCurrentProcessId
GlobalMemoryStatus
SetConsoleMode
ReadConsoleInputA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
SwitchToThread
HeapDestroy
HeapFree
HeapCreate
GetProcessHeap
HeapAlloc
GetModuleHandleW
InterlockedCompareExchange
InterlockedExchange
InterlockedExchangeAdd
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
SetCurrentDirectoryW
GetCurrentDirectoryW
Sleep
GetCurrentThreadId
VirtualQuery
DeleteFileA
GetModuleFileNameA
GetSystemTime
FlushConsoleInputBuffer
GetVersion
GetModuleHandleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
HeapSize
CreateSemaphoreW
WaitForMultipleObjects
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetSystemTimeAsFileTime
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
ExitProcess
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoA
GetTimeZoneInformation
VirtualFree
VirtualAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetFullPathNameA
GetCurrentDirectoryA
FlushFileBuffers
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ControlService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
DeregisterEventSource
ReportEventA
CreateProcessAsUserW
ChangeServiceConfig2W
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceConfigA
RegisterEventSourceA
StartServiceA
QueryServiceStatus
DeleteService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
SetSecurityDescriptorDacl

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleFileNameExA
EnumProcessModules

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

bind
htons
setsockopt
freeaddrinfo
WSAIoctl
listen
connect
select
__WSAFDIsSet
closesocket
WSAGetLastError
getaddrinfo
ioctlsocket
recv
send
WSAStartup
WSACleanup
getsockname
ntohs
shutdown
WSASetLastError
gethostbyname
inet_addr
socket
accept

Sections

.text
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd7e479959c318f60b226902240710bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

psapi

userenv

ws2_32

Sections

.text Size: 1018KB - Virtual size: 1017KB

.rdata Size: 548KB - Virtual size: 548KB

.data Size: 43KB - Virtual size: 75KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 1018KB - Virtual size: 1017KB

.rdata
Size: 548KB - Virtual size: 548KB

.data
Size: 43KB - Virtual size: 75KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 58KB - Virtual size: 57KB