44bbc5427fe71134f8ca2486001099ba150e587796619917e5bedbe7596700ba

Sharing

Copy URL

Twitter E-mail

General

Target

44bbc5427fe71134f8ca2486001099ba150e587796619917e5bedbe7596700ba
Size

103KB
MD5

6f24d0f73988b40d0a094a1d53086fd0
SHA1

8f79704398d321d53ea980006ae733634f28d15e
SHA256

44bbc5427fe71134f8ca2486001099ba150e587796619917e5bedbe7596700ba
SHA512

55f199f5edc23fc5b64487eaef6d671fc4cb75e8f789cb75268e5af113fa9c82eec2cef98adaaa1df732b10fad3d2f6a00cb09531ac35805e1c987b8744b5254
SSDEEP

3072:x3Lt9ezTnI53TBm77+4hQ4uqAvlewaSO4PSU9:xB9ezrI53TBm7Di7Fv8wFO4PS

Score

N/A

Malware Config

Signatures

Files

44bbc5427fe71134f8ca2486001099ba150e587796619917e5bedbe7596700ba
.exe windows x86

3ea60282805b088ce948487ba2a9ccfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
strncpy
strtoul
sprintf
rand
_snwprintf
_snprintf
_beginthreadex
_ultoa
_XcptFilter
_exit
_c_exit
calloc
wcsrchr
_except_handler3
__set_app_type
sscanf
_stricmp
realloc
_acmdln
_purecall
__dllonexit
_onexit
_controlfp
_wtoi
wcscmp
towupper
wcsncpy
_strnicmp
strchr
wcscspn
wcsspn
iswascii
iswcntrl
iswdigit
swscanf
__CxxFrameHandler
wcschr
wcsncmp
_vsnprintf
iswalpha
_ultow
_vsnwprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
free
malloc
wcslen

advapi32

RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExA
RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
DeleteAce
EqualSid
AddAccessAllowedAce
AddAccessDeniedAce
AddAce
GetAclInformation
GetAce
OpenProcessToken
GetTokenInformation
MakeSelfRelativeSD
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl

kernel32

GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenProcess
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetCurrentThreadId
GetShortPathNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcatA
lstrcpyA
lstrcpynA
IsDBCSLeadByte
lstrcmpiA
lstrlenA
lstrlenW
CreateSemaphoreA
CreateThread
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
WaitForSingleObjectEx
HeapSize
CreateEventA
Sleep
SetEvent
InterlockedCompareExchange
LocalFree
LocalAlloc
WaitForSingleObject
GetSystemDirectoryA
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetSystemInfo
FreeLibraryAndExitThread
GetVersionExA
SetLastError
CreateEventW
GetModuleFileNameW
LoadLibraryW
GetVersionExW
GetComputerNameA
GetComputerNameW

user32

CharNextA
DestroyWindow
PostQuitMessage
SetWindowLongA
GetMessageA
DispatchMessageA
PostThreadMessageA
SendMessageA
CreateWindowExA
DefWindowProcA
GetWindowLongA
PostMessageA
RegisterClassA
RegisterWindowMessageA

ole32

CoInitialize
CoCreateInstance
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocString

wininet

InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetSetOptionA
HttpQueryInfoW
InternetErrorDlg
InternetReadFile
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExW
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
InternetQueryOptionA

wsock32

WSAAsyncSelect
ntohl
connect
send
sendto
recv
ioctlsocket
WSAGetLastError
gethostbyname
inet_addr
htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSASetLastError
WSACleanup
inet_ntoa
getsockname
getpeername
setsockopt
getsockopt
closesocket
shutdown
bind
socket

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ea60282805b088ce948487ba2a9ccfc

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 4KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 4KB