1b771ebe9dc81e17e00649071f153f2ebe6abcf78788f102f12dccfc2a59cc30

Sharing

Copy URL Twitter E-mail

General

Target

1b771ebe9dc81e17e00649071f153f2ebe6abcf78788f102f12dccfc2a59cc30
Size

462KB
MD5

627d0c474a07fca6ec43f9ba382e2830
SHA1

30706176397cac5847f7a53457c0f213896c9c59
SHA256

1b771ebe9dc81e17e00649071f153f2ebe6abcf78788f102f12dccfc2a59cc30
SHA512

c59e415c8117cf742224b2816094856ce2e825cef361f96060be185cfc0c2e226ce44947eb2a0ea3fd1e02117567420c6412167ead2dac856b95a88468885b71
SSDEEP

12288:OprIAYZpElLmVT0+IaY57k5FbHGBywusSe:OprIAgZVT5Il7kvHGXuE

Score

N/A

Malware Config

Signatures

Files

1b771ebe9dc81e17e00649071f153f2ebe6abcf78788f102f12dccfc2a59cc30
.exe windows x86

89fe1a2a6988306a78b7052b484169b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
CopyFileW
SetLastError
GetVersion
LocalFree
CreateEventW
ResetEvent
SetEvent
ResumeThread
InterlockedExchange
SetFilePointer
Sleep
GetTickCount
ReadFile
MoveFileW
GetExitCodeThread
CreateThread
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
lstrlenW
GetFileAttributesExW
ReleaseMutex
OutputDebugStringW
GetCurrentThreadId
GetFileSize
CreateMutexW
SetFileAttributesW
GetPrivateProfileSectionW
GetCommandLineW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
GetDriveTypeW
WriteConsoleW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetExitCodeProcess
GetVersionExW
CreateFileW
WriteFile
WaitForSingleObject
CloseHandle
GlobalFree
CreateDirectoryW
MoveFileExW
GetPrivateProfileIntW
FindNextFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
FindClose
DeleteFileW
GetLastError
GetFileAttributesW
GetPrivateProfileStringW
lstrlenA
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
HeapCreate
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryA
GetUserDefaultUILanguage
CreateFileA
DeviceIoControl
GetVersionExA
CreatePipe
GetStartupInfoA
CreateProcessA
SleepEx
TerminateThread
CreateEventA
WaitForMultipleObjects
CreateMutexA
DuplicateHandle
PeekNamedPipe
GetStdHandle
GetFileType
FormatMessageA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
FindFirstFileExW
GetDriveTypeA
GetFileInformationByHandle
ExitThread
SetUnhandledExceptionFilter
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

user32

wsprintfW
GetDesktopWindow

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

wininet

InternetErrorDlg
InternetReadFile
InternetCrackUrlW
InternetAttemptConnect
InternetOpenW
InternetSetOptionExW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW

shlwapi

PathFileExistsW

ws2_32

htons
ntohs
connect
send
sendto
recvfrom
WSASetLastError
__WSAFDIsSet
select
gethostbyname
accept
listen
ioctlsocket
getsockname
setsockopt
recv
bind
socket
getsockopt
closesocket
WSAStartup
WSACleanup
WSAGetLastError

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32
ord200

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89fe1a2a6988306a78b7052b484169b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

wininet

shlwapi

ws2_32

wldap32

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 95KB - Virtual size: 96KB