4faffee9a22ba33a0b2dcd90e2ece8d8bf1cfda08173fdc9d140bd940d99a5c6

Sharing

Copy URL Twitter E-mail

General

Target

4faffee9a22ba33a0b2dcd90e2ece8d8bf1cfda08173fdc9d140bd940d99a5c6
Size

725KB
MD5

2906d6065db56faa1ca3c2dcd6ec2170
SHA1

2aa6748f3aa4da444845ac7a76fee5ba0fa1cdfd
SHA256

4faffee9a22ba33a0b2dcd90e2ece8d8bf1cfda08173fdc9d140bd940d99a5c6
SHA512

37d737d70c1fb9eaccc4c6f92809de1032812e0c8b75cdaae351f660e6b9cb4b70a18ddbec63c4f9cab4624a1898e6532f9cd0a15ae90321170c913419e4f339
SSDEEP

12288:gda+uSMj3zzol6cCsgT+aO7R9TvUaLF/AOjLiXG8+yjhP0cr4fHr3//UF2A55:gdxuE9nUaLxAOv+f+yjxlr4fHr3//M5

Score

N/A

Malware Config

Signatures

Files

4faffee9a22ba33a0b2dcd90e2ece8d8bf1cfda08173fdc9d140bd940d99a5c6
.exe windows x86

ced494f913e98caa8d6bba3a555e8c6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CreateEventA
SetEvent
InterlockedExchangeAdd
TlsAlloc
GetFileAttributesA
GetProcAddress
FindClose
FindNextFileA
FindFirstFileA
InitializeCriticalSectionAndSpinCount
HeapFree
GetProcessHeap
TlsGetValue
TlsSetValue
SetWaitableTimer
PostQueuedCompletionStatus
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
TlsFree
GetTickCount
SleepEx
CreateWaitableTimerA
DeleteFileA
CreateToolhelp32Snapshot
CopyFileA
Sleep
CreateThread
GetCommandLineA
SetDllDirectoryA
GetVersionExA
DeviceIoControl
CreateFileA
RemoveDirectoryA
SetFileAttributesA
MoveFileA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
LoadLibraryA
GetSystemDirectoryA
ResetEvent
CloseHandle
InterlockedExchange
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
SystemTimeToFileTime
ResumeThread
OpenEventA
FormatMessageA
LocalFree
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetThreadSelectorEntry
GetCurrentThread
VirtualQueryEx
VirtualQuery
SetUnhandledExceptionFilter
WritePrivateProfileStringA
OutputDebugStringA
GetCurrentProcessId
GetCurrentProcess
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FileTimeToSystemTime
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
FindFirstFileW
GetDriveTypeA
FileTimeToLocalFileTime
ExitThread
GetSystemInfo
GetStdHandle
SetFileAttributesW
VirtualAlloc
VirtualProtect
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetEndOfFile
CreateFileW
AreFileApisANSI
SetFileTime
CreateDirectoryA
GetFullPathNameA
CreateDirectoryW
GetCurrentDirectoryA
DeleteFileW
ReadProcessMemory

user32

TranslateMessage
CharNextA
PostThreadMessageA
GetMessageA
DispatchMessageA
CharUpperA
UnregisterClassA

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
IsTextUnicode

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoLoadLibrary
CoFreeLibrary
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoSuspendClassObjects
StringFromGUID2
CLSIDFromProgID
CoResumeClassObjects

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

wnsprintfA

ws2_32

accept
WSAGetLastError
listen
inet_addr
gethostbyname
send
bind
sendto
socket
inet_ntoa
setsockopt
ioctlsocket
closesocket
WSACleanup
WSAStartup
ntohl
getpeername
htons
ntohs
__WSAFDIsSet
recvfrom
select
recv
connect
htonl

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

imagehlp

SymSetOptions
SymInitialize
SymFunctionTableAccess
SymGetModuleInfo
SymLoadModule
StackWalk

Sections

.text
Size: 532KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ced494f913e98caa8d6bba3a555e8c6f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

netapi32

imagehlp

Sections

.text Size: 532KB - Virtual size: 528KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 16KB - Virtual size: 23KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 532KB - Virtual size: 528KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 16KB - Virtual size: 23KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 84KB - Virtual size: 84KB