77e35c838eb486adfc29d8fb8ed1752acbea1258b85354a88057fa6120d62d0d

Sharing

Copy URL

Twitter E-mail

General

Target

77e35c838eb486adfc29d8fb8ed1752acbea1258b85354a88057fa6120d62d0d
Size

168KB
MD5

9b68968c3d52c3983f9cb5d13a18b8c0
SHA1

95009d1eb5a88b0b6d21834f7a0511f71f15d43f
SHA256

77e35c838eb486adfc29d8fb8ed1752acbea1258b85354a88057fa6120d62d0d
SHA512

ced86a154420bbe7aca30350a9038d0cc7b755828319fd498469c96d7fd7e5a2181ff966c651d7c81f9e1bbaa31987f135c26dc706cefdd3846c06d42f702889
SSDEEP

3072:km3/OyVPX/1jTCAR4fsp0Vb2xosM89QJ49cqO2DDnMqqD/Tx0Hv/:kq/1VP1OyysNmJyXMqqD/ls/

Score

N/A

Malware Config

Signatures

Files

77e35c838eb486adfc29d8fb8ed1752acbea1258b85354a88057fa6120d62d0d
.exe windows x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 8KB