d2359161b61895534dbbad8bc27798fda71f23b99a2e2b916024a11522afaaf6

Sharing

Copy URL Twitter E-mail

General

Target

d2359161b61895534dbbad8bc27798fda71f23b99a2e2b916024a11522afaaf6
Size

304KB
MD5

48ed4903cbf68c7ff5361d2f17598850
SHA1

b4ff2c45ce0fac983597e732238f48a349249947
SHA256

d2359161b61895534dbbad8bc27798fda71f23b99a2e2b916024a11522afaaf6
SHA512

5bb433d93e71636577dc453c9578e89469d36d2820c6f2276a2028dae7ccc6fabc1af668163f8e68c97e471bcddb10313501dc2a0b0ee6434515297fa3c82e42
SSDEEP

3072:ws9YRXNtT00iGl5EUapHEFwCCL3WWIZtSAbnCYiNPYCq/ZKxYgCsIVtHtmCm2k3G:wzty2ep5s/bnPz/Zdg68Cm2k3JEpdP

Score

N/A

Malware Config

Signatures

Files

d2359161b61895534dbbad8bc27798fda71f23b99a2e2b916024a11522afaaf6
.exe windows x86

92e2bfcf0c2a52416f62958de284deb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAStartup
inet_ntoa
gethostbyname
WSACleanup
inet_addr
ntohl
send
recv
gethostname
htons
closesocket
connect

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
CreateThread
QueryPerformanceCounter
CreateDirectoryW
GetCurrentThreadId
WaitForSingleObject
OpenThread
CloseHandle
GetLastError
GetTickCount
CreateMutexW
GetFileSize
CreateFileW
lstrlenA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
RaiseException
InterlockedDecrement
GetVersionExW
GetSystemDirectoryW
ReadFile
DeleteFileW
GetFileAttributesW
QueryPerformanceFrequency
SetFilePointer
MoveFileW
VirtualQuery
Sleep
FindClose
SetStdHandle
GetCurrentProcess
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GetSystemTimeAsFileTime
GetModuleHandleA
WriteFile
GetProcessTimes
FindFirstFileW
SetProcessAffinityMask
GetProcessAffinityMask
DeviceIoControl
CreatePipe
GetStdHandle
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
SetLastError
TlsFree
VirtualFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
WriteConsoleA
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
CreateFileA
GetCurrentProcessId
GetThreadLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
InterlockedExchange

user32

GetDesktopWindow
IsWindow
RegisterClassExW
GetClassInfoExW
SendMessageW
PostThreadMessageW
SetForegroundWindow
GetCursorPos
DestroyWindow
TrackPopupMenu
LoadMenuW
GetSubMenu
CharLowerW
CharNextW
CharLowerA
SetTimer
GetMessageW
SetWindowLongW
DefWindowProcW
ShowWindow
DispatchMessageW
KillTimer
CreateWindowExW
RegisterClassW
UpdateWindow
GetWindowLongW
LoadImageW
PostMessageW
DestroyMenu
TranslateMessage

gdi32

GetStockObject

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

ole32

CoFreeLibrary
CoLoadLibrary

oleaut32

SysFreeString
SysStringLen

shlwapi

PathFileExistsW

wintrust

CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetNameStringW

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92e2bfcf0c2a52416f62958de284deb4

Headers

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 76KB - Virtual size: 76KB