bdf6c86f81ab36e6043289a4a09169ad7713a4ae28a81ba1117b6280ded13dff

Sharing

Copy URL Twitter E-mail

General

Target

bdf6c86f81ab36e6043289a4a09169ad7713a4ae28a81ba1117b6280ded13dff
Size

644KB
MD5

4f1cc8ee3c0986e8490cfc99e851127e
SHA1

a37a081bbbdbfbaf9d299aaa00f7774241948fa4
SHA256

bdf6c86f81ab36e6043289a4a09169ad7713a4ae28a81ba1117b6280ded13dff
SHA512

0010fc70386c2c9a58e3469c71bd08e0c1f92c5c1d0ced4d62013d8c3d9f9752c6997ba8eedc580a883e75ef0d39fc3031b6a35f6aef6405ac7c1fa72cab5f36
SSDEEP

12288:xX6e1/PFOtv8BxcmH6TGfD3cPUJ0jpY1XjFkeKQT+21P:VC8BxcmHAPUJip4jF1KQT+21P

Score

N/A

Malware Config

Signatures

Files

bdf6c86f81ab36e6043289a4a09169ad7713a4ae28a81ba1117b6280ded13dff
.exe windows x86

0fce79e96216ef6fd160cdbcbdbe7498

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
lstrlenW
SetLastError
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetFileTime
SetEvent
CreateEventA
ReleaseMutex
CreateMutexA
ResetEvent
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetModuleHandleA
lstrlenA
GlobalAlloc
GlobalUnlock
GlobalLock
GetCurrentThread
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
GetCurrentThreadId
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetSystemDirectoryA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FlushFileBuffers
ReadFile
SetFilePointer
GetFileType
SetHandleCount
GetOEMCP
GetCPInfo
HeapCreate
HeapDestroy
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapReAlloc
GetModuleFileNameA
InterlockedIncrement
OutputDebugStringA
InterlockedDecrement
WriteFile
GetSystemInfo
GetVolumeInformationA
GetDiskFreeSpaceExA
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
GetVersionExA
GetProcessHeap
HeapAlloc
HeapFree
LocalAlloc
OpenProcess
InitializeCriticalSection
LocalFree
ProcessIdToSessionId
GetCurrentProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
GlobalMemoryStatus
CreatePipe
GetStartupInfoA
PeekNamedPipe
TerminateProcess
MoveFileA
GetDriveTypeA
GetLastError
FindNextFileA
SetFileTime
SetFileAttributesA
FindFirstFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetACP
EnterCriticalSection
LeaveCriticalSection
Sleep
InterlockedExchangeAdd
CreateThread
WaitForSingleObject
GetStdHandle
DebugBreak
GetVersion
ExitProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
HeapValidate
IsBadReadPtr
IsBadWritePtr
CloseHandle
DeleteCriticalSection
SetConsoleCtrlHandler
SetEnvironmentVariableA

user32

GetProcessWindowStation
ReleaseDC
GetWindowDC
GetWindowRect
SystemParametersInfoA
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
keybd_event
MapVirtualKeyA
mouse_event
GetDesktopWindow
CloseDesktop
wsprintfA
IsWindowVisible
EnumThreadWindows
SwitchDesktop
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
GetClassNameA
EnumDesktopWindows
FindWindowA
SetThreadDesktop
GetThreadDesktop
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
GetCursorPos

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDIBits
CreatePalette
SelectPalette
RealizePalette
GetObjectA
CreateBitmap
SelectObject
SetPixel
GetBitmapBits
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetSystemPaletteEntries

advapi32

BuildTrusteeWithSidA
LookupAccountSidA
GetTokenInformation
OpenThreadToken
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
BuildExplicitAccessWithNameA
IsValidSecurityDescriptor
AllocateAndInitializeSid
RevertToSelf
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetEntriesInAclA
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
FreeSid
ImpersonateLoggedOnUser
LogonUserA
CreateProcessAsUserA
DuplicateTokenEx
SetTokenInformation
OpenProcessToken

shell32

CommandLineToArgvW
SHFileOperationA

ws2_32

inet_ntoa
inet_addr
ntohs
accept
htons
recvfrom
__WSAFDIsSet
select
WSAStartup
closesocket
shutdown
ioctlsocket
WSACleanup
getpeername
send
listen
WSASocketA
WSADuplicateSocketA
ntohl
setsockopt
getsockname
WSAIoctl
gethostname
gethostbyname
socket
bind

dnsapi

DnsQuery_A
DnsRecordListFree

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA
GetModuleBaseNameA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fce79e96216ef6fd160cdbcbdbe7498

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

dnsapi

psapi

wtsapi32

userenv

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 36KB - Virtual size: 61KB

.idata Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 36KB - Virtual size: 61KB

.idata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 11KB