a361302fff7dfe45498f3d1250a04c8750d8a1a6ca3a1063b645277d133d9c75

Sharing

Copy URL

Twitter E-mail

General

Target

a361302fff7dfe45498f3d1250a04c8750d8a1a6ca3a1063b645277d133d9c75
Size

72KB
MD5

495a3c0517d564a8bd49de157f9d8870
SHA1

6238f241a3da5085e982e4b5c254b51a75b10017
SHA256

a361302fff7dfe45498f3d1250a04c8750d8a1a6ca3a1063b645277d133d9c75
SHA512

b8123ad83e7fae0f2246cd5e14c604343b8df6fe21e2daf395b311ca710a410f2a9efa1cddc4d1900ae5bb747c5b4b6d4b830ab2a79894af9fc9b719b7f141bd
SSDEEP

1536:T1A/sl3WhuF6r+BtvNPapRJYg8TRGflxd:TOwWhw6SjNa96Gflx

Score

N/A

Malware Config

Signatures

Files

a361302fff7dfe45498f3d1250a04c8750d8a1a6ca3a1063b645277d133d9c75
.dll windows x86

8685b02d9654af5d55be3cbe9c9250e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetLastError
WriteProcessMemory
VirtualProtectEx
MultiByteToWideChar
ReadProcessMemory
WaitForSingleObject
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileA
GetSystemDirectoryA
WideCharToMultiByte
GetCurrentProcess
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
GlobalAlloc
GlobalFree
LoadLibraryW
ExpandEnvironmentStringsW
GetCurrentProcessId
WriteFile
SetEvent
CreateEventA
OpenProcess
CreateMutexA
GetModuleFileNameA
FlushFileBuffers
HeapSize
LCMapStringW
LCMapStringA
GetSystemInfo
SetStdHandle
InitializeCriticalSection
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetFilePointer
RtlUnwind

user32

EnumWindows
GetWindowThreadProcessId
GetClassNameA

shell32

ShellExecuteA

ws2_32

htons
bind
listen
accept
gethostbyname
closesocket
inet_addr
ntohs
socket
connect
send
WSAGetLastError
recv
__WSAFDIsSet
select
WSCEnumProtocols
WSCGetProviderPath
inet_ntoa

Exports

Exports

WSPStartup

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8685b02d9654af5d55be3cbe9c9250e4

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 15KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 15KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 4KB