429ef12d2f581935f29b15e0decefb31b01d24b8d50e3cba76024645ee7fd145

Sharing

Copy URL Twitter E-mail

General

Target

429ef12d2f581935f29b15e0decefb31b01d24b8d50e3cba76024645ee7fd145
Size

60KB
MD5

63415de9ae328bb8a0160c74c37d5a23
SHA1

f68828f0f941b8b03b02ff4a7b4bb335bb8b5d7c
SHA256

429ef12d2f581935f29b15e0decefb31b01d24b8d50e3cba76024645ee7fd145
SHA512

5ec3853101e65716f5a3d5405187e7927bcde73836d2ab217231af5eb8b1472b260cbd46b751d66ba4a9719c9c215835467a698951758548080f36cb80fb3676
SSDEEP

768:/HFswC4WmqZAuvb7GSfOtaRqebnptKxBqFs/p/WhstVdXw8:f6wCNJvvbSSfOtaRqQt0ms/pBA

Score

N/A

Malware Config

Signatures

Files

429ef12d2f581935f29b15e0decefb31b01d24b8d50e3cba76024645ee7fd145
.exe windows x86

52a8f3ec09a4fb0bb2c378eeae2dbab7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
strchr
_amsg_exit
__p___winitenv
exit
__security_error_handler
_local_unwind2
_cexit
_XcptFilter
_exit
_c_exit
_itoa
wprintf
strstr
strtol
_purecall
strncmp
_wcsnicmp
towlower
_strnicmp
tolower

advapi32

RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegCloseKey

kernel32

InterlockedCompareExchange
SwitchToThread
ExitProcess
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
WideCharToMultiByte
GetCurrentThreadId
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
lstrlenW
InterlockedDecrement
InterlockedIncrement
SetConsoleCtrlHandler
CreateWaitableTimerW
CreateEventW
GetProcessAffinityMask
MultiByteToWideChar
lstrlenA
GetLastError
HeapSize
FileTimeToSystemTime
GetCurrentProcessId
LoadLibraryW
GetProcAddress
HeapCreate
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
SetEvent
WaitForSingleObject
GetSystemInfo
SetWaitableTimer
Sleep
CloseHandle
CreateThread
HeapReAlloc

mswsock

GetAcceptExSockaddrs
AcceptEx

ole32

CoUninitialize
CoInitializeEx

ws2_32

select
recv
gethostbyname
ntohs
inet_ntoa
WSASend
WSASocketW
WSAGetOverlappedResult
WSACleanup
WSAStartup
closesocket
listen
bind
htonl
htons
setsockopt
WSAGetLastError
WSARecv

mscoree

ClrCreateManagedInstance

aspnet_isapi

PerfCounterInitialize
InitializeLibrary
?XspLogEvent@@YAJKPAGZZ
GetXSPHeap
AttachHandleToThreadPool

oleaut32

SysAllocString
SysFreeString

Exports

Exports

_STWNDCloseConnection@4
_STWNDDeleteStateItem@4
_STWNDEndOfRequest@4
_STWNDGetLocalAddress@8
_STWNDGetLocalPort@4
_STWNDGetRemoteAddress@8
_STWNDGetRemotePort@4
_STWNDIsClientConnected@4
_STWNDSendResponse@24

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ntilyzu
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52a8f3ec09a4fb0bb2c378eeae2dbab7

Headers

File Characteristics

Imports

msvcr71

advapi32

kernel32

mswsock

ole32

ws2_32

mscoree

aspnet_isapi

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 924B

.rsrc Size: 32KB - Virtual size: 32KB

ntilyzu Size: - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 924B

.rsrc
Size: 32KB - Virtual size: 32KB

ntilyzu
Size: - Virtual size: 4KB