f138c3efb4f655cdc87b4b7cf3274d01a83d66b2a0ae56ab3cd1672783ec07aa

Sharing

Copy URL Twitter E-mail

General

Target

f138c3efb4f655cdc87b4b7cf3274d01a83d66b2a0ae56ab3cd1672783ec07aa
Size

276KB
MD5

830a1f695deecd8e53ac4fa0749b08ed
SHA1

93c29b9023e753bad7a16031ab6aeaf37fa3e0a6
SHA256

f138c3efb4f655cdc87b4b7cf3274d01a83d66b2a0ae56ab3cd1672783ec07aa
SHA512

e77c5c70fc35e2864c50e04821d6b45a667a60d6cf8ef94fd53d3c890e24e6d36e802a3629d87d16f2543ece8c21361b3b4119d2ab439547181f07e255a6de74
SSDEEP

6144:IReJU0+oXHSxpTolw3iwhokwAomkRH0wDh1ZgfiOD8y:IRwFLF6oAom+UKgfiOD8y

Score

N/A

Malware Config

Signatures

Files

f138c3efb4f655cdc87b4b7cf3274d01a83d66b2a0ae56ab3cd1672783ec07aa
.exe windows x86

1bbd985ed37a2b7fd8cfb6d2be38098c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetStartupInfoA
MultiByteToWideChar
FlushInstructionCache
lstrlenA
FormatMessageW
GetCurrentProcessId
HeapAlloc
GetModuleFileNameW
lstrlenW
LeaveCriticalSection
lstrcmpiW
VirtualFree
GetEnvironmentStringsA
lstrcpynW
DeleteCriticalSection
OutputDebugStringA
LoadLibraryExW
LoadLibraryW
FindResourceW
lstrcatW
QueryPerformanceCounter
SetLastError
GetProcessHeap
GetSystemInfo
LoadLibraryA
SetUnhandledExceptionFilter
GetTickCount
FreeLibrary
GetSystemTimeAsFileTime
InterlockedIncrement
GetUserDefaultLCID
SizeofResource
LoadResource
HeapDestroy
LocalFree
GetProcAddress
HeapFree
GetLastError
EnterCriticalSection
lstrcpyW
GetCurrentProcess

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrOleFree
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface

url

TelnetProtocolHandler
OpenURLA
OpenURL
TelnetProtocolHandlerA

advapi32

GetTraceEnableLevel
RegQueryInfoKeyW
GetTraceEnableFlags
RegisterTraceGuidsW
RegEnumKeyExW
TraceMessage
UnregisterTraceGuids
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
GetTraceLoggerHandle
RegDeleteValueW
RegOpenKeyExW

user32

GetSystemMetrics
CharNextW
GetClientRect
LoadImageW
SetWindowLongW
GetWindowRect
SendMessageW
SystemParametersInfoW
DialogBoxParamW
EnableWindow
SendDlgItemMessageW
GetDlgItem
GetWindow
EndDialog
MessageBoxW
GetDialogBaseUnits
DestroyWindow
GetParent
DrawTextW
SetDlgItemTextW
CreateDialogParamW
GetWindowLongW
GetDlgItemTextW
SetFocus
LoadStringW
CopyRect
ShowWindow
MapWindowPoints
SetWindowPos
SetWindowTextW

wldap32

ldap_count_entries
ldap_count_references
ldap_count_values
ldap_controls_freeW

shell32

SHGetFolderPathW
ShellExecuteW

Sections

text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bbd985ed37a2b7fd8cfb6d2be38098c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

url

advapi32

user32

wldap32

shell32

Sections

text Size: 121KB - Virtual size: 120KB

.rdata Size: 152KB - Virtual size: 160KB

.rsrc Size: 1024B - Virtual size: 922B

text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 152KB - Virtual size: 160KB

.rsrc
Size: 1024B - Virtual size: 922B