780056a666002722a4dd72406837b1174f55512f630bc665f90d40036425cce1

Sharing

Copy URL

Twitter E-mail

General

Target

780056a666002722a4dd72406837b1174f55512f630bc665f90d40036425cce1
Size

335KB
MD5

401410464c72678b67698e4b8bead7c0
SHA1

d3beef401b521b0f2ed896893f230a45fbefce99
SHA256

780056a666002722a4dd72406837b1174f55512f630bc665f90d40036425cce1
SHA512

8d92bb1d2c453c3c5e9352502b3907c5b82b56e75591a8c78e602185fc3ceabf4bf0efebae46b22992d0c9ac6942f72d250612feae9b9b3a41f3065e3a70952c
SSDEEP

6144:BmKX9F8w+g1MZOe9ubCxL55OhZGgGzdJPDVUGHz8s2F:BmKX9F8GGOekQL5SZGgYPPxUFs

Score

N/A

Malware Config

Signatures

Files

780056a666002722a4dd72406837b1174f55512f630bc665f90d40036425cce1
.exe windows x86

fb924a1b4bf8c242f5c8c616148b87a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
htons
inet_ntoa
ntohl
inet_addr
WSACleanup
gethostbyname
gethostname
closesocket
connect
send
recv
socket

netapi32

Netbios

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
WaitForSingleObject
GetLastError
GetCurrentThreadId
OpenThread
CreateMutexW
CreateThread
QueryPerformanceCounter
GetTickCount
CloseHandle
CreateDirectoryW
CreateFileW
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
GetProcAddress
lstrlenW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
RaiseException
InterlockedDecrement
GetVersionExW
GetFileAttributesW
GetSystemDirectoryW
ReadFile
DeleteFileW
GetCurrentProcess
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GetSystemTimeAsFileTime
WriteFile
GetProcessTimes
FindFirstFileW
QueryPerformanceFrequency
SetFilePointer
MoveFileW
VirtualQuery
Sleep
GetCurrentProcessId
FindClose
SetProcessAffinityMask
GetProcessAffinityMask
DeviceIoControl
GetStdHandle
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
CreatePipe
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
VirtualFree
TlsGetValue
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetStdHandle
FlushFileBuffers
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
SetEndOfFile
CreateFileA
GetModuleHandleA
GetThreadLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
InterlockedExchange

user32

SendMessageW
GetClassInfoExW
GetDesktopWindow
IsWindow
RegisterClassExW
PostThreadMessageW
DestroyMenu
DestroyWindow
LoadMenuW
GetSubMenu
SetForegroundWindow
GetCursorPos
CharLowerW
CharLowerA
RegisterClassW
UpdateWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
GetMessageW
ShowWindow
TranslateMessage
DispatchMessageW
KillTimer
CreateWindowExW
LoadImageW
PostMessageW
CharNextW
TrackPopupMenu
SetTimer

gdi32

GetStockObject

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoFreeLibrary
CoLoadLibrary
CLSIDFromProgID
StringFromCLSID

oleaut32

SysFreeString
SysStringLen

shlwapi

PathFileExistsW
wnsprintfW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash

crypt32

CertGetNameStringW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb924a1b4bf8c242f5c8c616148b87a2

Headers

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 80KB - Virtual size: 80KB