702b77244f503f591638e022d2005b2a329be38a276c051ed1fea1e3925982a4

Sharing

Copy URL

Twitter E-mail

General

Target

702b77244f503f591638e022d2005b2a329be38a276c051ed1fea1e3925982a4
Size

782KB
MD5

55946c7fc511a342b581cd207bdb58d9
SHA1

99a3931c81273f8893e2a06cb57a6853d4b6968c
SHA256

702b77244f503f591638e022d2005b2a329be38a276c051ed1fea1e3925982a4
SHA512

29554ec4d7e923d496d8203c17845d06d71207838a8ebb33e2d2ab63e5610d5f6324f04bdab577ddbf3c88bce8b853e4d21e7bed829f20beb2d573e484963345
SSDEEP

6144:CtSFq5l7Pfij2bqyAfcdY10n3xpWPcjr5rPC9q8oLdc956NESYG5I:C0GlL66pAEFdmaYG

Score

N/A

Malware Config

Signatures

Files

702b77244f503f591638e022d2005b2a329be38a276c051ed1fea1e3925982a4
.exe windows x64

bd956031110ec82defe9a3472ee61477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

send
closesocket
accept
listen
bind
htons
inet_addr
socket
WSAStartup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ReleaseMutex
LoadLibraryW
GetProcAddress
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateDirectoryW
WriteFile
MoveFileExW
CreateProcessW
Sleep
FreeConsole
GetModuleHandleW
GetFileAttributesW
SetFileAttributesW
CreateProcessA
OpenProcess
OpenThread
TerminateProcess
GetFileType
WaitForSingleObject
CreateMutexW
GetModuleFileNameA
GetLastError
GetCurrentProcess
SetFilePointerEx
FindClose
WriteConsoleW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
WTSGetActiveConsoleSessionId
LCMapStringW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CompareStringW
QueryPerformanceCounter
QueryPerformanceFrequency
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
MultiByteToWideChar
FreeEnvironmentStringsW

user32

GetWindowTextA
EnumWindows
MessageBoxA
GetWindowThreadProcessId

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW
CreateServiceW
StartServiceW
QueryServiceStatus
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegisterEventSourceW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd956031110ec82defe9a3472ee61477

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

userenv

kernel32

user32

advapi32

shell32

ole32

ntdll

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 621KB - Virtual size: 620KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 621KB - Virtual size: 620KB

.reloc
Size: 2KB - Virtual size: 1KB