ServerX86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ServerX86.exe
Size

148KB
MD5

332d720fe7ffbd1ab481a165f21e90b4
SHA1

4fd0eb130f9b21193bad2f45c28f074b25e17461
SHA256

0d697cc7323ccee0426b744c53180bafae2e8dcbdf4c68e455a6f7fab055759a
SHA512

a8b7a7194bd1629d0c4cde41ee9b408e6012ffa55c54fbbb414eae00a40cf64356e0a26aaa8d9200aabff33b04cd7ce0e22d771cdfdbdbea791ef559bb3d2bd4
SSDEEP

3072:x+mjmhZjhHIjjhS3qWu0NQw16+OU1m35AN:ImathHIg3Hu0jOU

Score

N/A

Malware Config

Signatures

Files

ServerX86.exe
.exe windows x86

d5229f19e2e3e1d79bdd6713dc496872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetEvent
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
InitializeCriticalSectionAndSpinCount
ReadFile
Sleep
WriteFile
ExpandEnvironmentStringsA
GetCurrentProcess
GetFileSize
CreateFileA
VirtualProtect
IsBadReadPtr
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
LoadLibraryA
GlobalFree
VirtualAlloc
GetACP
WideCharToMultiByte
VirtualFree
LocalFree
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
GetModuleHandleA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
CreateMutexA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetCurrentProcessId
WTSGetActiveConsoleSessionId
LocalAlloc
GetComputerNameExW
GetSystemDefaultLangID
GetProcAddress
GetLastError
MultiByteToWideChar
GetLogicalDriveStringsW
InterlockedDecrement
GetNativeSystemInfo
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleW
HeapCreate
RtlUnwind
GetLocalTime
lstrlenA
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException

advapi32

CryptHashData
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
CheckTokenMembership
RegCloseKey
CredFree
CredEnumerateA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDeriveKey
RegQueryValueExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize

oleaut32

SysFreeString
VariantClear
SysAllocString
GetErrorInfo

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeGetTime

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle

crypt32

CryptUnprotectData
CertOpenSystemStoreA
CertFreeCertificateContext
CertCloseStore
CertFindChainInStore
CertOpenStore

ws2_32

closesocket
inet_ntoa
send
recv
ntohs
gethostbyname
gethostname
WSAGetLastError
connect
setsockopt
inet_addr
WSAStartup
socket
WSASend
htons

shlwapi

StrStrIA

secur32

FreeCredentialsHandle
DeleteSecurityContext
InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
CompleteAuthToken

dnsapi

DnsFree
DnsQuery_A

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5229f19e2e3e1d79bdd6713dc496872

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

iphlpapi

wtsapi32

version

winmm

winhttp

crypt32

ws2_32

shlwapi

secur32

dnsapi

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 13KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 13KB

.reloc
Size: 9KB - Virtual size: 8KB