9edd211372bc9411e64c9b2110835e7961ac5df38e81aaf12b3a0895bf374e10

Sharing

Copy URL

Twitter E-mail

General

Target

9edd211372bc9411e64c9b2110835e7961ac5df38e81aaf12b3a0895bf374e10
Size

121KB
MD5

4b7624aecde3c3a85ff6f30c5c816e00
SHA1

0335eb66ddc62b420a7cfaaf4025a1ac01e24a8f
SHA256

9edd211372bc9411e64c9b2110835e7961ac5df38e81aaf12b3a0895bf374e10
SHA512

658500fbf76e2c7a7ba0a7063c009614f4bb375ec3bb796cce37dc9f3b4a4a03582338964498653de2ecda10098d6ac23fcdc196451bc894f018a6a0ff8fb00c
SSDEEP

3072:yAM/8WgD3BbfXNm5gyZfbprPBrM7vIce/R+aHJMMRvDln:FMwD3BbfXNcgyZTpTBrM7vIZ++J9

Score

N/A

Malware Config

Signatures

Files

9edd211372bc9411e64c9b2110835e7961ac5df38e81aaf12b3a0895bf374e10
.exe windows x86

0010c7fd4f80d3387dc19010a616a9d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FreeLibraryAndExitThread
GetCurrentThread
GetComputerNameW
OpenProcess
GetExitCodeProcess
GetModuleFileNameW
GetSystemDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetCurrentThreadId
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcatA
lstrcmpiA
IsDBCSLeadByte
lstrlenA
lstrlenW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExA
CreateSemaphoreA
CreateThread
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
SetThreadPriority
InitializeCriticalSection
CreateEventW
WaitForSingleObject
GetVersionExW
LocalAlloc
LoadLibraryW
LocalFree
InterlockedCompareExchange
GetStartupInfoA
WaitForSingleObjectEx
HeapSize
CreateEventA
Sleep
SetEvent

msvcrt

_strnicmp
__p__commode
strchr
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
wcsncpy
calloc
strncpy
strtoul
sprintf
_snwprintf
wcsrchr
iswalpha
_XcptFilter
_exit
_ultoa
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
towupper
wcscmp
_wtoi
wcsspn
wcsncmp
wcschr
__CxxFrameHandler
swscanf
_ultow
wcslen
iswdigit
iswcntrl
_cexit
iswascii
_adjust_fdiv
wcscspn
_c_exit
_purecall
realloc
_except_handler3
_stricmp
sscanf
malloc
free
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_snprintf
_beginthreadex
_vsnprintf

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetTokenInformation
OpenProcessToken
GetAce
GetAclInformation
AddAce
AddAccessDeniedAce
RegEnumKeyExA
AllocateAndInitializeSid
FreeSid
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AddAccessAllowedAce
EqualSid
DeleteAce
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW

user32

DefWindowProcA
GetWindowLongA
PostMessageA
DestroyWindow
SetWindowLongA
CreateWindowExA
RegisterClassA
GetMessageA
DispatchMessageA
CharPrevA
PostThreadMessageA
CharNextA
PostQuitMessage

ole32

CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoSuspendClassObjects
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysStringLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysFreeString

wininet

InternetOpenW
InternetQueryOptionA
HttpOpenRequestW
InternetQueryDataAvailable
HttpSendRequestExW
HttpEndRequestA
HttpQueryInfoA
InternetErrorDlg
HttpQueryInfoW
InternetSetOptionA
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
InternetReadFile

wsock32

bind
shutdown
closesocket
getsockopt
getpeername
getsockname
WSAAsyncSelect
inet_ntoa
WSACleanup
WSAStartup
ntohl
setsockopt
connect
send
sendto
recv
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
socket

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ojocarj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0010c7fd4f80d3387dc19010a616a9d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 91KB - Virtual size: 91KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 29KB - Virtual size: 30KB

ojocarj Size: - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 29KB - Virtual size: 30KB

ojocarj
Size: - Virtual size: 4KB