abd0dd8b072a93901eb2c06835fc0add7969746fe2969b37e339576c30be30e2

Sharing

Copy URL Twitter E-mail

General

Target

abd0dd8b072a93901eb2c06835fc0add7969746fe2969b37e339576c30be30e2
Size

454KB
MD5

912dd69f4bd7c2262008dc28031ab590
SHA1

d29086531449ce789a13d05abe5375b0e09ec616
SHA256

abd0dd8b072a93901eb2c06835fc0add7969746fe2969b37e339576c30be30e2
SHA512

2d189cb0e387f6b211f6ea1f9b27ead126a3f422c2a78284483c549be3898f6ca0d8852bfaf8992b04370c34e9651621523c007e414026d5b646901be2595cd5
SSDEEP

6144:4OiJl+VY1zULzDrMU+1a2JMs9h5CcOWriv03K2w9ekP:QJliy8r+1a2JMs9hbPriv0aRekP

Score

N/A

Malware Config

Signatures

Files

abd0dd8b072a93901eb2c06835fc0add7969746fe2969b37e339576c30be30e2
.exe windows x86

ec70b9fad97f442a0006c928f1c734bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

advapi32

CryptCreateHash
CryptDestroyHash
CryptHashData
CryptEncrypt
CryptImportKey
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LoadLibraryA
WaitForMultipleObjects
GetProcAddress
FreeLibrary
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
GetSystemTimeAsFileTime
SleepEx
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetTickCount64
DeleteFileA
CloseHandle
CreateToolhelp32Snapshot
FindNextFileA
GetModuleFileNameA
Process32Next
FindClose
SetFileAttributesA
ExpandEnvironmentStringsA
WaitForSingleObject
OpenProcess
Sleep
CreateProcessA
Process32First
TerminateProcess
CreateDirectoryA
VerifyVersionInfoA
FindFirstFileA

shell32

ShellExecuteA

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr120

_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_strdup
_read
_unlock
_lock
_write
_stricmp
_strnicmp
_close
_open
_CxxThrowException
fopen
sprintf
memmove
__CxxFrameHandler3
rand
_vsnprintf
srand
_purecall
??3@YAXPAX@Z
fwrite
getenv
fclose
_time64
??2@YAPAXI@Z
realloc
malloc
calloc
free
memset
memcpy
strchr
strncmp
strrchr
__iob_func
fgets
fputs
sscanf
qsort
strtoll
_errno
tolower
isalpha
isxdigit
strncpy
strpbrk
strstr
fread
strtol
strtoul
isdigit
isspace
memchr
fseek
fflush
isalnum
_gmtime64
fputc
strerror
__sys_nerr
_beginthreadex
_getpid
atoi
_lseeki64
_fstat64
_stat64
toupper
isupper
islower
isprint
isgraph

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec70b9fad97f442a0006c928f1c734bd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

advapi32

kernel32

shell32

msvcp120

msvcr120

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB