2b489b6d7db3d170a3c9105729849c2f8d2638d0c31ecc6f7bfa25a143637995

Sharing

Copy URL Twitter E-mail

General

Target

2b489b6d7db3d170a3c9105729849c2f8d2638d0c31ecc6f7bfa25a143637995
Size

669KB
MD5

659a289062494f927f883f9fbce25810
SHA1

08161f5f36ad9ec4aaa343be86811abe2aea0ad9
SHA256

2b489b6d7db3d170a3c9105729849c2f8d2638d0c31ecc6f7bfa25a143637995
SHA512

919bb7e512f6e519e609135e593d828da0bb1a6bfcdf021601e993ee2414fcd35f31bf4deb707ddb09fa5dbb1490fbcc0206af9e326e5ab282d61f03dda4e847
SSDEEP

12288:f0Cwi5jLL+vqf1Na9RHFeYGACUv8KroflzH:f0mQe4R8Xg2l7

Score

N/A

Malware Config

Signatures

Files

2b489b6d7db3d170a3c9105729849c2f8d2638d0c31ecc6f7bfa25a143637995
.exe windows x64

63b80387cdeb81d9212d0aeacf8e7b5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey

kernel32

FormatMessageA
LocalFree
SetLastError
HeapSetInformation
ExpandEnvironmentStringsA
SetThreadUILanguage
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
LocalAlloc

msvcrt

fflush
memcpy
memset
fputc
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_write
system
sprintf_s
perror
fputs
putc
gmtime
getc
realloc
fwrite
ferror
fread
exit
strncpy_s
fclose
getenv
strcat_s
putchar
_iob
strcpy_s
fprintf
fopen
printf
fgets
strchr
malloc
free
isspace
strncmp
sscanf
_vsnprintf
_strnicmp

ntdll

RtlIpv4StringToAddressA
RtlIpv4AddressToStringExA
RtlIpv6AddressToStringExA
RtlIpv6AddressToStringA
RtlAnsiStringToUnicodeString
NtOpenKey
RtlFreeHeap
RtlUnicodeStringToAnsiString
RtlInitString
RtlFreeUnicodeString
RtlAllocateHeap
NtQueryValueKey
RtlIpv6StringToAddressExA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

wsock32

htonl
gethostname
ord1108
select
connect
recv
socket
closesocket
send
inet_addr
htons
ntohs
getservbyport
getprotobynumber
WSAStartup
WSAGetLastError

ws2_32

getaddrinfo
freeaddrinfo

user32

CharToOemBuffA

dnsapi

DnsFreeConfigStructure
DnsQueryConfigAllocEx

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63b80387cdeb81d9212d0aeacf8e7b5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

wsock32

ws2_32

user32

dnsapi

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 18KB - Virtual size: 51KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 580KB - Virtual size: 2.5MB

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 18KB - Virtual size: 51KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 580KB - Virtual size: 2.5MB