a6deb6a0a9fbae728ee39501ff2289347c1fa0b302adc5863156f4990992167e

Sharing

Copy URL Twitter E-mail

General

Target

a6deb6a0a9fbae728ee39501ff2289347c1fa0b302adc5863156f4990992167e
Size

331KB
MD5

164a40436e3c78c1d0de4af8c5f5eaf1
SHA1

39bfac12d89a2774de2ee38b654a429a00b90478
SHA256

a6deb6a0a9fbae728ee39501ff2289347c1fa0b302adc5863156f4990992167e
SHA512

c671aade23818e729915616366bea641a9cad7bc70e579d5080ac0bb589dcbfad6b8eabada2027e249a15865bcafdcdf10902f97a813e05f11a769b3122b9bb2
SSDEEP

6144:amKX9F8w+g1MZOeJRubCxL5bOhZGgRzdJHt8rn6cpkN6:amKX9F8GGOeiQL5EZGghPHt8T6cpk

Score

N/A

Malware Config

Signatures

Files

a6deb6a0a9fbae728ee39501ff2289347c1fa0b302adc5863156f4990992167e
.exe windows x86

fb924a1b4bf8c242f5c8c616148b87a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
htons
inet_ntoa
ntohl
inet_addr
WSACleanup
gethostbyname
gethostname
closesocket
connect
send
recv
socket

netapi32

Netbios

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
WaitForSingleObject
GetLastError
GetCurrentThreadId
OpenThread
CreateMutexW
CreateThread
QueryPerformanceCounter
GetTickCount
CloseHandle
CreateDirectoryW
CreateFileW
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
GetProcAddress
lstrlenW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
RaiseException
InterlockedDecrement
GetVersionExW
GetFileAttributesW
GetSystemDirectoryW
ReadFile
DeleteFileW
GetCurrentProcess
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GetSystemTimeAsFileTime
WriteFile
GetProcessTimes
FindFirstFileW
QueryPerformanceFrequency
SetFilePointer
MoveFileW
VirtualQuery
Sleep
GetCurrentProcessId
FindClose
SetProcessAffinityMask
GetProcessAffinityMask
DeviceIoControl
GetStdHandle
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
CreatePipe
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
VirtualFree
TlsGetValue
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetStdHandle
FlushFileBuffers
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetEndOfFile
CreateFileA
GetModuleHandleA
GetThreadLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
InterlockedExchange

user32

SendMessageW
GetClassInfoExW
GetDesktopWindow
IsWindow
RegisterClassExW
PostThreadMessageW
DestroyMenu
DestroyWindow
LoadMenuW
GetSubMenu
SetForegroundWindow
GetCursorPos
CharLowerW
CharLowerA
RegisterClassW
UpdateWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
GetMessageW
ShowWindow
TranslateMessage
DispatchMessageW
KillTimer
CreateWindowExW
LoadImageW
PostMessageW
CharNextW
TrackPopupMenu
SetTimer

gdi32

GetStockObject

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoFreeLibrary
CoLoadLibrary
CLSIDFromProgID
StringFromCLSID

oleaut32

SysFreeString
SysStringLen

shlwapi

PathFileExistsW
wnsprintfW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash

crypt32

CertGetNameStringW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb924a1b4bf8c242f5c8c616148b87a2

Headers

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 76KB - Virtual size: 76KB