7d11aaab8d4a87d29039ba6ddf4fbf505f4edc627d79620998d6da733c686b7f

Sharing

Copy URL Twitter E-mail

General

Target

7d11aaab8d4a87d29039ba6ddf4fbf505f4edc627d79620998d6da733c686b7f
Size

404KB
MD5

06a654b9a2dfaa4be982c2d4e284c4d0
SHA1

b6fb0c623ad20bd51e9cd64820968f005b8e3470
SHA256

7d11aaab8d4a87d29039ba6ddf4fbf505f4edc627d79620998d6da733c686b7f
SHA512

5754266dc58d33ad14490a8dac64f97fb28f17ac6f0014c0900680f135cb7af8d14ef9644e991d95ee9eb05754282930d52d6b99caebe6622365e0e45d9eace4
SSDEEP

12288:oxfh6E/AQXAKiYs/URU813jh/kZHJ+kcyMAR:obpfi/URt/kZHlcyMA

Score

N/A

Malware Config

Signatures

Files

7d11aaab8d4a87d29039ba6ddf4fbf505f4edc627d79620998d6da733c686b7f
.exe windows x86

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
socket
closesocket
gethostbyname
WSACleanup
recv
connect
inet_ntoa
WSAStartup
inet_addr
htons

netapi32

Netbios

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FreeEnvironmentStringsW
RtlUnwind
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetLongPathNameW
DeleteFileW
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetVersionExW
GetCommandLineW
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
SizeofResource
OpenThread
LockResource
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetSystemDirectoryW
CopyFileW
GetExitCodeProcess
GetModuleHandleW
GetFileSizeEx
FindFirstFileW
VirtualQuery
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
GetProcessTimes
Sleep
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
MoveFileW
EnterCriticalSection
FindClose
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
DeleteCriticalSection
SetFileAttributesW
WideCharToMultiByte
DeviceIoControl
FreeLibrary
CreateProcessW
LoadLibraryW
GetStdHandle
CreatePipe
DuplicateHandle
GetFileType
lstrlenW
GetLocalTime
GetEnvironmentStringsW
OutputDebugStringW
IsBadReadPtr
TerminateThread
MultiByteToWideChar
ResetEvent
CreateEventW
GetWindowsDirectoryW
SetErrorMode
lstrlenA
GetTempFileNameW
lstrcatW
GlobalFree
GlobalAlloc
lstrcmpW
OpenProcess
lstrcpyW
GetVersion
RemoveDirectoryW
FindNextFileW
lstrcmpiW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
SearchPathW
GetShortPathNameW
GetFullPathNameW
SetCurrentDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetStartupInfoW
HeapSetInformation
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
HeapAlloc
HeapFree
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetEvent
SetHandleCount
WriteConsoleW
SetStdHandle
lstrcpynW
GetProcessHeap
SetLastError

user32

CharUpperW
wsprintfW
CharNextW
MessageBoxIndirectW
CharPrevW
wvsprintfW
SetTimer
GetMessageW
KillTimer
TranslateMessage
PeekMessageW
SetWindowLongW
RegisterClassW
UpdateWindow
DispatchMessageW
LoadImageW
IsIconic
SendMessageTimeoutW
FindWindowA
DestroyWindow
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
ShowWindow
IsWindow
CreateWindowExW
SendMessageW
DefWindowProcW
PostThreadMessageW
TrackPopupMenu
PostMessageW
GetSubMenu
SetForegroundWindow
LoadMenuW
GetCursorPos
DestroyMenu
SetWindowTextW
GetWindowLongW

gdi32

GetStockObject

advapi32

RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoFreeLibrary
CoLoadLibrary

shlwapi

PathFileExistsW

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wintrust

crypt32

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 7KB - Virtual size: 302KB

.ndata Size: - Virtual size: 544KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 302KB

.ndata
Size: - Virtual size: 544KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 91KB - Virtual size: 92KB