6813791402a404889d1e3f3570f64e67dcd2642322a3c5d57f77f05da91f3a88

Sharing

Copy URL Twitter E-mail

General

Target

6813791402a404889d1e3f3570f64e67dcd2642322a3c5d57f77f05da91f3a88
Size

112KB
MD5

61d9cdc81261ac62d97fa1620fe3cd4a
SHA1

405d99a83d3c492eedc62665a1dca674ca21f292
SHA256

6813791402a404889d1e3f3570f64e67dcd2642322a3c5d57f77f05da91f3a88
SHA512

44c62707c43023f9755f7ca94e0cdc6b826f38cec79bea8f96c7862abc3adfc96ce1b0d33ff643d11a763c075916f6b8884705e9f7e1a8d9eb5e59cf53adc392
SSDEEP

3072:IoRPfvYPNy+gNc8QsoI2voM9nfG1JhY1OG61:IotfQVy+gNc8QshgSWb61

Score

N/A

Malware Config

Signatures

Files

6813791402a404889d1e3f3570f64e67dcd2642322a3c5d57f77f05da91f3a88
.exe windows x86

7fe90f03181d94ca629b3cb71064546d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
tolower
bsearch
wcsncmp
realloc
_errno
atoi
strerror
srand
rand
_environ
_wenviron
__iob_func
fputs
_getch
fputc
iscntrl
islower
isdigit
strncmp
strchr
isalpha
modf
memcpy
signal
_close
memset
free
malloc
_getpid
exit

kernel32

FreeLibrary
LoadLibraryExW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetCurrentDirectoryW
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetFileAttributesExW
FindFirstFileW
FindClose
GetFullPathNameW
GetFileType
LocalFree
InterlockedExchange
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
UnlockFileEx
UnlockFile
LockFileEx
LockFile
Sleep
SetEvent
ReleaseMutex
DeleteCriticalSection
GetOverlappedResult
CancelIo
WaitForSingleObject
GetLastError
DeviceIoControl
GetFileInformationByHandle
CloseHandle
SetStdHandle
SetFilePointer
CreateFileW
GetStdHandle
SetLastError
ReadFile
PeekNamedPipe
WriteFile
CreateEventA
TlsAlloc
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
FormatMessageA
GetVersionExA
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
SetErrorMode
GetCurrentProcessId

advapi32

AllocateAndInitializeSid
GetNamedSecurityInfoW
GetNamedSecurityInfoA
GetSecurityInfo
GetEffectiveRightsFromAclW
FreeSid

wsock32

recv
accept
select
inet_ntoa
send
listen
closesocket
bind
socket
shutdown
__WSAFDIsSet
ioctlsocket
connect
getsockname
WSAGetLastError
WSAStartup
WSACleanup
ntohl

shell32

CommandLineToArgvW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7fe90f03181d94ca629b3cb71064546d

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

advapi32

wsock32

shell32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 49KB - Virtual size: 52KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 49KB - Virtual size: 52KB