b1e6ffc9d2489555200f8f3eae303cdacad0ca65cf19498af9a0bb11024a2e14

Sharing

Copy URL Twitter E-mail

General

Target

b1e6ffc9d2489555200f8f3eae303cdacad0ca65cf19498af9a0bb11024a2e14
Size

449KB
MD5

7b6e379f9dd375e467b4cdd92612ff80
SHA1

9e13bad5616507a0e0891ed7a2eb55a4189c2eb7
SHA256

b1e6ffc9d2489555200f8f3eae303cdacad0ca65cf19498af9a0bb11024a2e14
SHA512

618a66d63f820d27821f56a2ed84d1b3dd96038f692ec22d59599aaddbd5a9384a61456897e42c24bd7913a813a5d3e7f116d58aecc524dce21fc9b221d737ae
SSDEEP

12288:JIK3CVn7RhE7s0Rb4af+lzbs2TXaAb9SEYtjbKYz3i:6t3E7pbN+BVbfY9jbKK3

Score

N/A

Malware Config

Signatures

Files

b1e6ffc9d2489555200f8f3eae303cdacad0ca65cf19498af9a0bb11024a2e14
.exe windows x86

940d124711a63ab46995f117277799d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
UnregisterWaitEx
GetCurrentProcessId
HeapReAlloc
VirtualAlloc
DeleteTimerQueueTimer
UnregisterWait
CreateTimerQueue
GetCurrentThreadId
WaitForSingleObject
DeviceIoControl
HeapAlloc
GetTickCount
EnterCriticalSection
GetComputerNameExW
ReadFile
DeleteTimerQueue
InterlockedExchange
GetProcAddress
WideCharToMultiByte
SetLastError
InterlockedIncrement
ChangeTimerQueueTimer
GetLastError
Sleep
InterlockedDecrement
CreateFileW
CreateEventW
GetCurrentProcess
HeapFree
GetSystemTimeAsFileTime
WriteFile
ExpandEnvironmentStringsW
DeleteCriticalSection
SetEvent
ReleaseMutex
UnhandledExceptionFilter
QueueUserWorkItem
MultiByteToWideChar
QueryPerformanceCounter
FreeLibrary
BindIoCompletionCallback
CloseHandle
DisableThreadLibraryCalls
HeapDestroy
SetUnhandledExceptionFilter
HeapCreate
TerminateProcess
LeaveCriticalSection
CreateMutexW
RegisterWaitForSingleObject
LoadLibraryW

wmi

WmiNotificationRegistrationW

dnsapi

DnsReplaceRecordSetW

ws2_32

WSAAddressToStringW
WSAAddressToStringA
WSARecvFrom
WSALookupServiceBeginW
freeaddrinfo
WSALookupServiceNextW
getnameinfo
WSAStringToAddressA
WSAEventSelect
WSALookupServiceEnd
WSAIoctl
WSASendTo
WSASocketW
getaddrinfo

rtutils

TraceDumpExA
RouterLogEventExA
RouterLogEventStringA
RouterLogRegisterA
RouterGetErrorStringW
LogErrorW

ddraw

DirectDrawCreate

ntdll

RtlAdjustPrivilege
RtlAddAccessAllowedObjectAce
NtQuerySemaphore
NtTerminateJobObject

iphlpapi

GetAdaptersAddresses
NotifyRouteChange
GetAdaptersInfo
NotifyAddrChange

advapi32

RegEnumValueW
CryptAcquireContextW
RegCloseKey
CryptGenRandom
RegEnumKeyExW
RegQueryValueExW
CryptReleaseContext
RegOpenKeyExW
RegisterServiceCtrlHandlerW
SetServiceStatus

msvcrt

malloc
wcslen
wcscmp
_initterm
_wcsicmp
_except_handler3
swprintf
free
memcmp
wcsncpy
wcscat
strlen
wcschr
_adjust_fdiv
wcscpy
memmove
memcpy
memset

mswsock

GetAcceptExSockaddrs
AcceptEx

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

940d124711a63ab46995f117277799d3

Headers

File Characteristics

Imports

kernel32

wmi

dnsapi

ws2_32

rtutils

ddraw

ntdll

iphlpapi

advapi32

msvcrt

mswsock

ole32

Sections

.text Size: 1024B - Virtual size: 996B

.data Size: 4KB - Virtual size: 2.4MB

.rsrc Size: 429KB - Virtual size: 429KB

.rdata Size: 9KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 1024B - Virtual size: 996B

.data
Size: 4KB - Virtual size: 2.4MB

.rsrc
Size: 429KB - Virtual size: 429KB

.rdata
Size: 9KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 3KB