8c69b593514fe66a0ec3b92029dd6d72a035dbcf3e6984d87814a13d8ef8c86e

Sharing

Copy URL Twitter E-mail

General

Target

8c69b593514fe66a0ec3b92029dd6d72a035dbcf3e6984d87814a13d8ef8c86e
Size

324KB
MD5

066475e26ac7932af0929438aedf06af
SHA1

64863306d673b0191c2842e8886cb0837fb2b0db
SHA256

8c69b593514fe66a0ec3b92029dd6d72a035dbcf3e6984d87814a13d8ef8c86e
SHA512

17096cd688de55ca3b1a15859f14a89a767a1bbb0b51d9704c24a0392cedde4380fe9d5d4254115186df91c81a71aa4982bbdac8c34d063c47731366df2ebd93
SSDEEP

6144:nEc1gNTqkt2caQtyVEa5H8bf2rdxAYBfZVEzyffrOyhGLJmwZz:EgBG0wy6kcf2rdxAYBxVrHlhGLJmwZz

Score

N/A

Malware Config

Signatures

Files

8c69b593514fe66a0ec3b92029dd6d72a035dbcf3e6984d87814a13d8ef8c86e
.exe windows x86

61755247b1925abffeb16c24cb06a302

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memmove
RtlIsNameLegalDOS8Dot3
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
NtAllocateVirtualMemory
_chkstk
_wcsicmp
strlen
NtQueryVirtualMemory
RtlInitUnicodeStringEx
wcslen

dnsapi

DnsReplaceRecordSetW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

kernel32

EnterCriticalSection
InterlockedDecrement
ResetEvent
GetProfileStringW
GetShortPathNameW
GetModuleHandleW
GetLastError
CreateFileW
GetTickCount
InterlockedExchange
FindFirstFileW
LocalSize
SetCurrentDirectoryW
GetCurrentProcess
DeleteCriticalSection
GetACP
GetModuleFileNameW
WaitForSingleObject
LockResource
lstrlenA
lstrcpynW
SetEvent
CreateEventW
GetCurrentThreadId
GlobalAlloc
GetSystemDefaultUILanguage
GlobalUnlock
LeaveCriticalSection
SetUnhandledExceptionFilter
GlobalReAlloc
MulDiv
QueryPerformanceCounter
GetLocaleInfoW
MultiByteToWideChar
GetTempFileNameW
DisableThreadLibraryCalls
GetDriveTypeW
TlsAlloc
WideCharToMultiByte
lstrlenW
GetModuleHandleA
GetSystemTimeAsFileTime
TlsFree
TerminateProcess
LoadLibraryW
CloseHandle
GlobalLock
lstrcmpW
lstrcmpiW
lstrcpyA
GetProcAddress
DeleteFileW
FindNextFileW
FreeLibraryAndExitThread
SetErrorMode
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
FormatMessageW
LocalFree
GetCurrentDirectoryW
GlobalFree
LoadLibraryA
GetCurrentProcessId
GetVersionExA
CreateThread
GetUserDefaultLCID
FindResourceExW
InterlockedIncrement
FreeResource
TlsSetValue
GetProcessVersion
LoadResource
FindResourceW
lstrcpyW
FindClose
TlsGetValue
UnhandledExceptionFilter
DelayLoadFailureHook
ExpandEnvironmentStringsW
GetFileAttributesW
LocalReAlloc
LocalAlloc
FreeLibrary
GetVolumeInformationW
InterlockedCompareExchange
SetLastError
SizeofResource
FindResourceA

mswsock

GetAcceptExSockaddrs
AcceptEx

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61755247b1925abffeb16c24cb06a302

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

dnsapi

ole32

kernel32

mswsock

userenv

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 33KB - Virtual size: 33KB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 6KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 33KB - Virtual size: 33KB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 6KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB