fc28eed4f3b8383abb5294c2f28a83c82c3b7bf3f4867bf0b813456f492f1d32

Sharing

Copy URL Twitter E-mail

General

Target

fc28eed4f3b8383abb5294c2f28a83c82c3b7bf3f4867bf0b813456f492f1d32
Size

846KB
MD5

06ade635b19e085007d68250b74256d0
SHA1

d90f55b441c617d144f7d804284a412971682563
SHA256

fc28eed4f3b8383abb5294c2f28a83c82c3b7bf3f4867bf0b813456f492f1d32
SHA512

530dc2b5f0530d20e2019055aa4dc3c6745280a128bfe13ad650ac15db170e405f14c7897a3ea022fdbbb3a7a3f78b71974b5708804ee04c013e9f1480ac7566
SSDEEP

24576:TLrh6fFc4FbZv7cxxOkEpWQtTnyTGM+8fVpn:TLrhSc4FbZT2IMYTyTGL8fz

Score

N/A

Malware Config

Signatures

Files

fc28eed4f3b8383abb5294c2f28a83c82c3b7bf3f4867bf0b813456f492f1d32
.exe windows x86

1a6555a90e9ec8527726041ca36e514c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
inet_addr
ntohs
WSAAddressToStringA
WSAStartup
accept
getsockname
setsockopt
recv
bind
socket
closesocket
gethostbyaddr
send
listen
recvfrom
htons

kernel32

GetCurrentProcess
InitializeCriticalSection
OpenProcess
Sleep
SizeofResource
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
FindClose
LockResource
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
DeleteFileA
GetTickCount
FreeLibrary
GetSystemDirectoryA
GetLastError
CopyFileA
LoadLibraryA
CreateFileA
lstrcatA
RaiseException
GetCurrentThreadId
OutputDebugStringA
lstrcpyA
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
ResetEvent
GetEnvironmentVariableA
FindResourceExW
FindResourceW
GetFullPathNameA
LoadResource
SetLastError
SetUnhandledExceptionFilter
CreateEventA
OpenMutexA
CreateMutexA
CreateFileW
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetFilePointer
ReadFile
GetTimeZoneInformation
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlUnwind
UnmapViewOfFile
FindResourceA
CreateDirectoryA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetOverlappedResult
CancelIo
SetCurrentDirectoryA
SetEvent
HeapSetInformation
SetEnvironmentVariableW
CreateThread
GetCommandLineA
HeapReAlloc
ExitProcess
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LCMapStringW
HeapSize
FindFirstFileExA
GetDriveTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
HeapDestroy
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapFree
HeapAlloc
ExitThread
ResumeThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetStartupInfoW

user32

MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
SendMessageTimeoutW
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges

shell32

ShellExecuteA

shlwapi

SHGetValueA
SHSetValueA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

dbghelp

MiniDumpWriteDump

netapi32

Netbios

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6555a90e9ec8527726041ca36e514c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

shlwapi

wininet

dbghelp

netapi32

version

Sections

.text Size: 544KB - Virtual size: 544KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 42KB - Virtual size: 62KB

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 544KB - Virtual size: 544KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 42KB - Virtual size: 62KB

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 30KB - Virtual size: 29KB