8c360442a5aa9675f1f0e7b38447928de9461553fdc78202c45c2738f875d45a

Sharing

Copy URL Twitter E-mail

General

Target

8c360442a5aa9675f1f0e7b38447928de9461553fdc78202c45c2738f875d45a
Size

690KB
MD5

6b676a408d4b7c0e89a7b7a61cb671c0
SHA1

294a9d3a9e21680d1c6c7daa2a42b4963544713c
SHA256

8c360442a5aa9675f1f0e7b38447928de9461553fdc78202c45c2738f875d45a
SHA512

b48594e32b8810a441ee23f013f51912b7548cb1d32b49213d3c6f7dca493a260a4cfd4f8b0ca695fbfc984f774c4e04ee3769b97e0c1c818b7053dcb13fbd62
SSDEEP

12288:xkdFWO1O5GBNO816PP9Pe1BEAPxDRRYiD0V1XKb:imO1O5GfP3PxDRGiI/q

Score

N/A

Malware Config

Signatures

Files

8c360442a5aa9675f1f0e7b38447928de9461553fdc78202c45c2738f875d45a
.exe windows x86

22b5355419c12d786655e88191887436

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ociw32

ord37
ord28
ord40
ord6
ord41
ord39
ord19
ord38
ord16
ord10
ord3
ord26
ord15
ord21
ord1
ord8
ord29
ord13
ord22

wsock32

select
gethostname
gethostbyaddr
ord1140
WSAStartup
inet_addr
recv
shutdown
send
socket
setsockopt
gethostbyname
htons
bind
listen
accept
closesocket

kernel32

ResumeThread
CloseHandle
TerminateProcess
CreateFileA
GetFileSize
GetOverlappedResult
GetLastError
WriteFile
SetFilePointer
WaitForSingleObject
SetEvent
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
SuspendThread
GetModuleFileNameA
OpenProcess
CreateEventA
DeleteCriticalSection
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
InitializeCriticalSection
GetCurrentThread
Sleep
GetCurrentThreadId
SetThreadPriority
CreateThread

advapi32

DeleteService
ReportEventA
DeregisterEventSource
RegCreateKeyExA
StartServiceCtrlDispatcherA
RegisterEventSourceA
CreateServiceA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA

msvcrt

__p__fmode
__dllonexit
__set_app_type
_except_handler3
_putenv
_onexit
_stat
_close
_strdup
_stricmp
_open
_read
_fstat
_strnicmp
_write
_access
_controlfp
__p__commode
asctime
localtime
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_setjmp3
tolower
longjmp
__p___mb_cur_max
_isctype
__p__pctype
strncmp
strncat
memmove
fgetpos
toupper
strncpy
fopen
fclose
fflush
fputs
fgets
fwrite
fread
_snprintf
getenv
srand
rand
time
_setmode
__p__iob
_getpid
malloc
fsetpos
_dup2
gmtime
mktime
free
atoi
printf
sprintf
_errno
_vsnprintf
strrchr
_beginthread
_dup
_pipe
_spawnv
sscanf
exit
strchr
realloc
strstr

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22b5355419c12d786655e88191887436

Headers

File Characteristics

Imports

ociw32

wsock32

kernel32

advapi32

msvcrt

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 512B - Virtual size: 350B

.data Size: 39KB - Virtual size: 39KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 8KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 512B - Virtual size: 350B

.data
Size: 39KB - Virtual size: 39KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 8KB

.vmp0
Size: 500KB - Virtual size: 1.6MB