01b6d0214fdc961b35bbd403a4408ec0a271f4ad9fe4a042171abb25ac32b1f7

Sharing

Copy URL Twitter E-mail

General

Target

01b6d0214fdc961b35bbd403a4408ec0a271f4ad9fe4a042171abb25ac32b1f7
Size

55KB
MD5

8066889e4ad9e34136f355fc938aa260
SHA1

87c120dccbc9e7c7d0f0c5e6e6e5eb692da97422
SHA256

01b6d0214fdc961b35bbd403a4408ec0a271f4ad9fe4a042171abb25ac32b1f7
SHA512

84bb70fc129010750c73cae5cab895b688669807f736eb26943ef8b48338426946021ebd48cc3eb419353b3993bc09f3a6e2363f84803953189e57dfa7eecb69
SSDEEP

768:cd0mmxKjDdoMTOiNq3vBjjjnjQjObHK4GurBl:u0mciDdouH8BjjjnjQjdutl

Score

N/A

Malware Config

Signatures

Files

01b6d0214fdc961b35bbd403a4408ec0a271f4ad9fe4a042171abb25ac32b1f7
.exe windows x86

6385d86cdd48d78850c37e24e20df681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
WriteFile
SetFilePointer
TerminateProcess
OpenProcess
CreateThread
MapViewOfFile
CreateFileMappingA
CreateEventA
InitializeCriticalSection
VirtualQuery
lstrcpyW
GetModuleFileNameW
lstrcatW
GetModuleHandleA
GetProcessHeap
ExitProcess
GetProcessVersion
Sleep
GetCurrentProcessId
CreateMutexA
GetCommandLineA
SetEvent
Process32Next
ReadProcessMemory
VirtualQueryEx
Process32First
CreateToolhelp32Snapshot
LeaveCriticalSection
lstrlenA
lstrcatA
EnterCriticalSection
lstrcmpiA
LockResource
SizeofResource
LoadResource
FindResourceA
GetCurrentDirectoryA
TerminateThread
WaitForSingleObject
HeapFree
HeapAlloc
lstrlenW
DeleteFileW
CopyFileW
CreateDirectoryW
GetVersionExA
GetSystemInfo
DeleteFileA
GetComputerNameA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
IsBadReadPtr
CreateRemoteThread
DuplicateHandle
CreateProcessW
CreateFileW
ResumeThread
SuspendThread
VirtualFree
SetLastError
CreateFileA
GetLastError
GetFileSize
VirtualAlloc
ReadFile
LoadLibraryA
GetProcAddress
GetCurrentProcess
CloseHandle
lstrcpyA
lstrcmpA
GetTickCount

user32

CreateWindowExA
GetMessageA
TranslateMessage
RegisterClassExA
SetWindowsHookExA
wsprintfW
GetSystemMetrics
wsprintfA
DispatchMessageA
DefWindowProcA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExW
RegNotifyChangeKeyValue
GetUserNameA
RegDeleteKeyA
LookupPrivilegeValueA

shell32

SHGetFolderPathW

ole32

CoCreateGuid

ws2_32

gethostname
gethostbyname
inet_ntoa

shlwapi

StrStrA
StrCmpNIA

rpcrt4

UuidToStringA

wininet

InternetOpenA
InternetGetCookieA
InternetReadFile
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA

urlmon

ObtainUserAgentString

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6385d86cdd48d78850c37e24e20df681

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

rpcrt4

wininet

urlmon

Sections

.text Size: 39KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 13KB

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 39KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 13KB

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB