fc3f478e8f43b1127089ce5fce5c4ec8e26bbd25d3a1f79129192efee4bff191[.]bin[.]sample[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

fc3f478e8f43b1127089ce5fce5c4ec8e26bbd25d3a1f79129192efee4bff191.bin.sample.gz
Size

80KB
MD5

0eb4f0c342d284914e682c98fb3edf49
SHA1

1ca6f614648c4dadf2df05ccf990366325aaedb6
SHA256

f479e2a492fb93a27b99577473363cc029186d261434b0c28be160e868e0d64e
SHA512

0737675366b4123587cc2f65e4f3ca66fee71919856ffe1b5035ba63211bbb9996d343e7b02de9e7122e10506879aa3b422016a2e493ee0e9da70e7ebb2b5447
SSDEEP

1536:SCyrw4nqurTS12vtbbWcigpiAw0xPonByXm7hch4Oc7q5v8GC1:S5dnqn8YV1aKhlqrE

Score

N/A

Malware Config

Signatures

Files

fc3f478e8f43b1127089ce5fce5c4ec8e26bbd25d3a1f79129192efee4bff191.bin.sample.gz
.gz
sample
.exe windows x86

744c3350a8d126231cd9face72928953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WTSGetActiveConsoleSessionId
GetComputerNameW
CreateProcessW
WideCharToMultiByte
GetTempFileNameW
CreateProcessA
GlobalMemoryStatus
GetTickCount
MoveFileW
GetDriveTypeW
FindFirstFileW
GetFileSizeEx
HeapFree
FindNextFileW
lstrlenW
LocalAlloc
FileTimeToSystemTime
HeapAlloc
FileTimeToLocalFileTime
VerSetConditionMask
GetProcessHeap
VerifyVersionInfoW
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
FindNextFileA
GetStartupInfoA
FindFirstFileExA
FindClose
GetProcAddress
Module32FirstW
CreateThread
GetSystemInfo
Process32FirstW
DeleteFileW
LoadLibraryA
TerminateThread
SetEvent
Process32NextW
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
SetFileAttributesW
OpenProcess
GetACP
GetModuleHandleA
ReleaseMutex
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
PeekNamedPipe
SetFilePointer
SetErrorMode
CreatePipe
TerminateProcess
GetCurrentProcess
GetOEMCP
GetVolumeInformationW
ReadFile
GlobalUnlock
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
GetCurrentThreadId
SetEnvironmentVariableA
WriteFile
CreateToolhelp32Snapshot
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
IsValidCodePage
GetStringTypeW
GetFileType
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
GetModuleFileNameW
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

GetProcessWindowStation
GetDesktopWindow
GetUserObjectInformationW
OpenInputDesktop
SetProcessWindowStation
CloseDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
ReleaseDC
OpenWindowStationW
GetDC
PostThreadMessageW
wsprintfA
GetMessageW
wsprintfW
OpenDesktopW

gdi32

CreateDCW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
RealizePalette
DeleteObject
GetStockObject
GetDIBits
GetDeviceCaps
DeleteDC
SelectPalette
GetObjectW

advapi32

DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
GetSidSubAuthorityCount
GetSidSubAuthority
ControlService
OpenProcessToken
StartServiceW
EnumServicesStatusW
SystemFunction036
LookupAccountSidW
OpenServiceA
LookupAccountNameW
GetSidIdentifierAuthority
RegCloseKey
RegOpenKeyA
ConvertSidToStringSidA
RegQueryValueExA
GetUserNameW
GetTokenInformation

shell32

ord680

iphlpapi

GetAdaptersInfo

netapi32

NetWkstaGetInfo

shlwapi

PathFileExistsW

winhttp

WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpOpen

wtsapi32

WTSQueryUserToken

ws2_32

bind
accept
gethostname
gethostbyname
WSAGetLastError
htons
recv
connect
socket
send
WSAStartup
listen
closesocket
shutdown

Exports

Exports

mymain

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

744c3350a8d126231cd9face72928953

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

netapi32

shlwapi

winhttp

wtsapi32

ws2_32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB