87d85438155de13f3449f653068550db9bacddde7485a6661433b1e56cb4955f

Sharing

Copy URL Twitter E-mail

General

Target

87d85438155de13f3449f653068550db9bacddde7485a6661433b1e56cb4955f
Size

264KB
MD5

62d652dca6a03bb9651aa8b32acd2a3d
SHA1

eea3a4e8ab9635503fa70a01af99850fdc74b8b3
SHA256

87d85438155de13f3449f653068550db9bacddde7485a6661433b1e56cb4955f
SHA512

0e45af78b81bf458fe38eda88949eb0ddd94e9e3498a115dca17a88e2b24f17d2936c02531a28efd252b4c104e2bcc632af56176fcd279615952208dedcdb71a
SSDEEP

3072:WxZVGsB+UHwqXzVeoy6AaF0HbJ1Gt9Lg8eNEO64kjjpzdO1DN9PGWWum2Mm2:Qm80HF1q9Lg9EO0ZJO1tfmR

Score

N/A

Malware Config

Signatures

Files

87d85438155de13f3449f653068550db9bacddde7485a6661433b1e56cb4955f
.exe windows x86

ec9f82939eaaee04a937dd5fd2bf82dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
WSAStartup
sendto
ntohl
socket

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiClassGuidsFromNameW
SetupDiOpenDevRegKey

kernel32

LocalFree
CreateNamedPipeW
LoadLibraryA
GetShortPathNameW
GetModuleHandleW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcpynW
InitializeCriticalSection
lstrcpyW
lstrcatW
GetCurrentProcess
GetCurrentThread
lstrcmpW
SetThreadPriority
GetWindowsDirectoryW
GetModuleHandleA
MulDiv
LockResource
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TlsSetValue
TlsGetValue
ExitThread
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
GetStartupInfoW
ResetEvent
ExitProcess
TlsAlloc
TlsFree
TerminateProcess
UnhandledExceptionFilter
FatalAppExitA
LCMapStringA
LCMapStringW
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
WaitForMultipleObjects
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
ConnectNamedPipe
ReadFile
WriteFile
DisconnectNamedPipe
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateFileW
GetSystemDirectoryW
OutputDebugStringW
GetModuleFileNameW
lstrlenW
GetCommandLineW
lstrcmpiW
GetCurrentThreadId
GetVersionExW
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateMutexW
CreateEventW
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
SetLastError
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
Sleep
CloseHandle
GetVersion
CompareStringA

user32

SetWindowPos
CreateDialogParamW
PostQuitMessage
SetDlgItemTextW
BringWindowToTop
SetActiveWindow
SetFocus
EnableWindow
GetSystemMetrics
IsWindowEnabled
GetWindowRect
mouse_event
FindWindowW
SendMessageW
UpdateWindow
EnumWindows
IsWindowVisible
EnumChildWindows
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
SetClassLongW
ShowWindow
GetParent
GetClassNameW
GetWindowTextW
FindWindowExW
GetWindowLongW
CreateWindowExW
GetForegroundWindow
DestroyWindow
wvsprintfW
CloseDesktop
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
SetThreadDesktop
MessageBoxW
LoadStringW
GetMessageW
DispatchMessageW
PostThreadMessageW
CharNextW
PeekMessageA
RegisterClassExW
DefWindowProcW
KillTimer
SetTimer
IsWindow
GetWindowThreadProcessId

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
CryptDestroyKey
CryptEncrypt
GetTokenInformation
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegSetValueExA
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
StartServiceCtrlDispatcherW
RegOpenKeyExA
QueryServiceStatus
StartServiceW
GetUserNameW
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
SetSecurityDescriptorDacl
CopySid
CryptExportKey
CryptGenKey

ole32

CoRegisterClassObject
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoRevokeClassObject
CoUninitialize

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec9f82939eaaee04a937dd5fd2bf82dd

Headers

File Characteristics

Imports

ws2_32

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 48KB - Virtual size: 155KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 48KB - Virtual size: 155KB

.rsrc
Size: 32KB - Virtual size: 30KB