32d9342cd1f14aa1b9ab2e0e638baa1f6c1113375bc8986daed64879e08bacd8

Sharing

Copy URL Twitter E-mail

General

Target

32d9342cd1f14aa1b9ab2e0e638baa1f6c1113375bc8986daed64879e08bacd8
Size

324KB
MD5

91294a4ecaf6cc7d4c0adda10da68a46
SHA1

78994ec14d97e25498961f7a62346ed53464c62c
SHA256

32d9342cd1f14aa1b9ab2e0e638baa1f6c1113375bc8986daed64879e08bacd8
SHA512

229073d614aa6af7733332fa32b6dd0102cb17b65e0bc12e1bced831a47602d50727853963f9a19f1729ca422597f4ae553576546e1cc2eb7161c31038508a13
SSDEEP

6144:foT+wu5JGSur+TpH09TWCKfZLbws9lZu58E2o:foT+wu5JGSur+Td09TWC4Ys9lM58C

Score

N/A

Malware Config

Signatures

Files

32d9342cd1f14aa1b9ab2e0e638baa1f6c1113375bc8986daed64879e08bacd8
.exe windows x86

62dbe720f2c4a0b6d33593deb6355c67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

kernel32

HeapFree
HeapAlloc
GetSystemInfo
GetVersionExA
GetStartupInfoA
OpenProcess
LCMapStringW
LCMapStringA
SetFilePointer
FlushFileBuffers
MultiByteToWideChar
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CloseHandle
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
EnterCriticalSection
DeleteCriticalSection
Sleep
GetOEMCP
GetVersion
LocalAlloc
LocalFree
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
InterlockedExchange
lstrcpyA
ResetEvent
WideCharToMultiByte
VirtualAlloc
VirtualFree
LeaveCriticalSection
LoadLibraryA
GetProcAddress
SetStdHandle
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
RaiseException
SetLastError
TlsAlloc
GetCommandLineA
GetModuleHandleA
ExitThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
CreateThread
GetLastError
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
BlockInput
SetRect
PostMessageA
OpenInputDesktop
SetThreadDesktop
GetDC
WindowFromPoint
MapVirtualKeyA
CloseDesktop
wsprintfA

gdi32

BitBlt
DeleteDC
DeleteObject

advapi32

LookupAccountNameA
LsaClose
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
IsValidSid

shell32

SHGetSpecialFolderPathA

ws2_32

bind
WSACleanup
WSAIoctl
setsockopt
ntohs
closesocket
send
gethostname
select
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
WSAStartup
getsockname
htons
socket
connect
inet_addr
inet_ntoa
gethostbyname
recv

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62dbe720f2c4a0b6d33593deb6355c67

Headers

File Characteristics

Imports

avicap32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wtsapi32

Sections

.text Size: 240KB - Virtual size: 236KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 24KB - Virtual size: 233KB

.rsrc Size: 4KB - Virtual size: 684B

.text
Size: 240KB - Virtual size: 236KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 233KB

.rsrc
Size: 4KB - Virtual size: 684B