95e913a18152da1893d1f7d0d1d2e37473cdbef2c214df7da8595a7a2ec9f1f1

Sharing

Copy URL Twitter E-mail

General

Target

95e913a18152da1893d1f7d0d1d2e37473cdbef2c214df7da8595a7a2ec9f1f1
Size

342KB
MD5

641bafd110ad31ad7b4e551c0bb26520
SHA1

bc2a5d60e6e152f9611f433311cf770f024c894c
SHA256

95e913a18152da1893d1f7d0d1d2e37473cdbef2c214df7da8595a7a2ec9f1f1
SHA512

57c21648319a7d2dbe6b335ce66a8023189345a60bdd6ab117473359f255bbe9b7bafa98169ca8e3e7f2305f17ccef8fec6ef1d0aefeae33075980f5ff3e645d
SSDEEP

6144:dpcr6/KPHnNbFcW6qHOIpZAcqk0mwfCog4IrTKCRkIrncHZ:dpcWSvNbWgHOIpZUk0mwfCog4IrTKokS

Score

N/A

Malware Config

Signatures

Files

95e913a18152da1893d1f7d0d1d2e37473cdbef2c214df7da8595a7a2ec9f1f1
.exe windows x86

63ddc189a426e05c390ec45fdf058c48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hfnapi

?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_free@nfapi@@YAXXZ
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z

hfpapi

?pf_getNFEventHandler@ProtocolFilters@@YAPAVNF_EventHandler@nfapi@@XZ
?pf_free@ProtocolFilters@@YAXXZ
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_postObject@ProtocolFilters@@YAH_KPAVPFObject@1@@Z
?pf_init@ProtocolFilters@@YAHPAVPFEvents@1@PB_W@Z
?pf_canDisableFiltering@ProtocolFilters@@YAH_K@Z

ws2_32

WSACleanup
WSAStartup
inet_addr

kernel32

QueryPerformanceCounter
GetLongPathNameW
CreateThread
GetLastError
lstrcpyW
GetTempPathW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LoadLibraryW
Sleep
GlobalFree
WriteFile
GetTickCount
GetTempFileNameW
CopyFileW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
LocalAlloc
InterlockedDecrement
DeleteFileW
GetStartupInfoW
GetFileType
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetConsoleCtrlHandler
UnhandledExceptionFilter
FreeLibrary
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
TerminateProcess
GetCurrentProcess
CreateFileW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FatalAppExitA
InitializeCriticalSectionAndSpinCount
HeapSize
GetLocaleInfoW
IsValidCodePage
LCMapStringW
GetCPInfo
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RaiseException
RtlUnwind
InterlockedCompareExchange
GetOEMCP
GetACP
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedIncrement
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

user32

wsprintfW

advapi32

CreateServiceW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
LockServiceDatabase
QueryServiceLockStatusW
ChangeServiceConfig2W
UnlockServiceDatabase
CloseServiceHandle
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CLSIDFromProgID
OleUninitialize
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
CreateErrorInfo
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
SysAllocStringByteLen

shlwapi

StrStrIW

winhttp

WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpenRequest

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63ddc189a426e05c390ec45fdf058c48

Headers

DLL Characteristics

File Characteristics

Imports

hfnapi

hfpapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

winhttp

Sections

.text Size: 272KB - Virtual size: 272KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 272KB - Virtual size: 272KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB