be90ec220bdb0006efa638b1b6c8f740db66e4652c4da5edbbda70ee60f1e501[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

be90ec220bdb0006efa638b1b6c8f740db66e4652c4da5edbbda70ee60f1e501.exe
Size

64KB
MD5

04196baa125b73c7230d9eefb642ebb3
SHA1

6e87156aa1512c23709be66bf0562a2bee96b86e
SHA256

be90ec220bdb0006efa638b1b6c8f740db66e4652c4da5edbbda70ee60f1e501
SHA512

299e8df2ec91f878d2cf2241a2a4c668773bccc6b23cab01069b2ba8841513ebbdde5471e4ea95584713a51ad6b53ec889f672405fe1af594305fbb33c86cf98
SSDEEP

768:0v9IKNnRBmV+UYUf/jQk8Ag2mxOoSvFT7ysFSqWWInrJQQvzoN:+RBmxYUfy2mBSvFT7yuSqWWINXoN

Score

N/A

Malware Config

Signatures

Files

be90ec220bdb0006efa638b1b6c8f740db66e4652c4da5edbbda70ee60f1e501.exe
.exe windows x86

7bcf76ad149c69035bc31235235af70c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
GetProcAddress
GetModuleHandleA
GetComputerNameW
SleepEx
MoveFileW
ExitThread
LeaveCriticalSection
EnterCriticalSection
TerminateThread
WaitForSingleObject
CreateThread
lstrlenA
FindClose
GetDriveTypeW
lstrcmpW
FindFirstFileW
CreateDirectoryW
ExitProcess
GetTempPathW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
GetCommandLineW
CopyFileW
CreateFileW
DeleteFileW
GetCurrentProcess
CloseHandle
GetFullPathNameW
lstrcmpiW
GetVersionExA
GetTickCount
GetFileSize
SetFilePointerEx
ReadFile
WriteFile
FindNextFileW
GetLastError

user32

GetKeyboardLayoutList
GetForegroundWindow

shlwapi

StrStrIW
StrStrW
StrStrA

advapi32

GetTokenInformation
CheckTokenMembership
FreeSid
CryptGenKey
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
GetUserNameW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid

ws2_32

htons
WSAStartup
socket
sendto
closesocket
htonl

wlanapi

WlanOpenHandle
WlanEnumInterfaces
WlanGetNetworkBssList

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReadData

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoCreateInstance
CoInitialize

dbghelp

ImageRvaToVa
ImageDirectoryEntryToData

imagehlp

MapAndLoad

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bcf76ad149c69035bc31235235af70c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

ws2_32

wlanapi

winhttp

shell32

ole32

dbghelp

imagehlp

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 2KB