56bf911a876e98f124315d162503041d9d275936e6d1270c27299c091ed1695a

Sharing

Copy URL

Twitter E-mail

General

Target

56bf911a876e98f124315d162503041d9d275936e6d1270c27299c091ed1695a
Size

124KB
MD5

7130d1fb806e7e5e41d364794ea3cece
SHA1

c607171a140ad202390f57c2b3985dd15574de9b
SHA256

56bf911a876e98f124315d162503041d9d275936e6d1270c27299c091ed1695a
SHA512

d9da3242beac04de1dc60bc558371cfab2a668bca00a92f3939cb5fa5d9b550dc48e29e385ea313d7b4825fdcf7cee6f466fc0f1d92bddec410fae31f6898e36
SSDEEP

3072:7U8EBVmKBPq1ZtGCmVZSs+a73OQsfF3ooT8k2MoTuPvhTaoc0dBbpr:wBVmKBPIZtGBSUTODfF38k2MoCHhpdL

Score

N/A

Malware Config

Signatures

Files

56bf911a876e98f124315d162503041d9d275936e6d1270c27299c091ed1695a
.exe windows x86

c1222ac70fa7979670d7cf59fc353783

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
socket
bind
WSAGetLastError

kernel32

CreateFileMappingA
CreateMutexA
GlobalAlloc
GlobalFree
lstrcmpiA
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
DuplicateHandle
Sleep
GetStringTypeW
lstrcpyA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCPInfo
WriteFile
RtlUnwind
VirtualFree
lstrcatA
CreateEventA
lstrcmpA
lstrlenA
GetVersion
WriteProcessMemory
ReadProcessMemory
WaitForSingleObject
OpenProcess
GetTickCount
GetCurrentProcessId
IsBadStringPtrA
SetEvent
MapViewOfFile
CloseHandle
UnmapViewOfFile
ReleaseMutex
GetCurrentProcess
GetModuleFileNameA
GetLastError
GetCurrentThreadId
OutputDebugStringA
FreeLibrary
GetVersionExA
LoadLibraryA
GetProcAddress
GetStringTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate

user32

MsgWaitForMultipleObjects
MessageBoxA
CreateWindowExA
ShowWindow
LoadCursorA
RegisterClassA
DestroyWindow
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
SetWindowTextA
PostThreadMessageA
wsprintfA

advapi32

OpenServiceA
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceObjectSecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
FreeSid
AddAccessDeniedAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
SetSecurityInfo
StartServiceCtrlDispatcherA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1222ac70fa7979670d7cf59fc353783

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

Size: 52KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 820B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 820B