22383f6b7898aef6d10734f0b7ef02125915b2c7ce62d23126423eac5ec52e25

Sharing

Copy URL Twitter E-mail

General

Target

22383f6b7898aef6d10734f0b7ef02125915b2c7ce62d23126423eac5ec52e25
Size

667KB
MD5

6b8f9e73f83ec34b0d7dcd4897743570
SHA1

2a5118b946a70ca3f9f91223c5cb5f351aceae02
SHA256

22383f6b7898aef6d10734f0b7ef02125915b2c7ce62d23126423eac5ec52e25
SHA512

2c971e53e746616d5f2fca6787edecefd7ced189588f525665eeddddc23c98485a786e18aea1654615bef7282154ff651ffcabc6d37547b6605733e172c093dd
SSDEEP

12288:D64Bv9vABVKzfWKzk6G1ieGwMHEWin9pBu1En6TAWMtRB4:bBVIw+IF8i9EWQbBu1E6TAWoRB4

Score

N/A

Malware Config

Signatures

Files

22383f6b7898aef6d10734f0b7ef02125915b2c7ce62d23126423eac5ec52e25
.exe windows x86

362c586af2342092263955d52f50b191

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
WSAGetLastError
closesocket
WSAStartup
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSACleanup
socket
WSASetLastError
gethostname
ioctlsocket
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo

kernel32

CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
LockResource
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CreateProcessW
LoadLibraryW
CopyFileW
OpenProcess
GetCurrentProcessId
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
OpenEventW
LocalFree
FormatMessageW
SleepEx
SetLastError
GetTickCount
ExpandEnvironmentStringsA
FormatMessageA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
ExitThread
GetSystemTimeAsFileTime
CreateThread
Sleep
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
FindFirstFileA
GetConsoleOutputCP
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFileTime
WriteFile
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
GetACP
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
SetEndOfFile
GetStartupInfoW
TlsSetValue
TlsFree
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
VirtualFree

user32

CharUpperW
CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
wsprintfW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptReleaseContext
CryptDestroyHash
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegDeleteKeyW

shell32

SHFileOperationW
ord165
CommandLineToArgvW

ole32

CoTaskMemFree
CoRevokeClassObject
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
CoRegisterClassObject
CoInitialize
CoTaskMemAlloc

oleaut32

SafeArrayGetLBound
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi
VariantCopyInd
SafeArrayCreate
SafeArrayRedim
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
VariantCopy
VariantClear
SafeArrayLock
SafeArrayCopy
VariantInit
SafeArrayUnlock
SafeArrayGetVartype
SafeArrayGetUBound
UnRegisterTypeLi

shlwapi

PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW

urlmon

IsValidURL

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertEnumCertificatesInStore
CertOpenStore
CryptMsgClose

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

wininet

InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
HttpSendRequestW
InternetReadFile
InternetCloseHandle

userenv

CreateEnvironmentBlock

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rrdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

362c586af2342092263955d52f50b191

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wintrust

crypt32

psapi

wtsapi32

wininet

userenv

Sections

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 24KB - Virtual size: 24KB

.rrdata Size: 80KB - Virtual size: 80KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 24KB - Virtual size: 24KB

.rrdata
Size: 80KB - Virtual size: 80KB