ef7981c86ce0cd722bac1a91a778bc311ac9db19f021224d175a6d35994d9071

Sharing

Copy URL Twitter E-mail

General

Target

ef7981c86ce0cd722bac1a91a778bc311ac9db19f021224d175a6d35994d9071
Size

226KB
MD5

645887efefb6d0d84e9484f74690f9e5
SHA1

30399063effeeb1b8b57e95119efd04ea0a84041
SHA256

ef7981c86ce0cd722bac1a91a778bc311ac9db19f021224d175a6d35994d9071
SHA512

f14ee2b8881e87c304241f7db19126532880f96f2066cb429d3511610c1ea629ae80bb4bf42afa091b0b2b699e83c9a164bd340a3f763fc6104623e576c6dce4
SSDEEP

6144:2QyPo3BORsm46lF8UvTwVujJf12saCMcm:2Q13sRsmJGfcfba1cm

Score

N/A

Malware Config

Signatures

Files

ef7981c86ce0cd722bac1a91a778bc311ac9db19f021224d175a6d35994d9071
.exe windows x86

ff7346329016648147b91d5c700e36a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA
NdrClientCall

ole32

CoImpersonateClient
StringFromGUID2
CoQueryProxyBlanket
CoSetProxyBlanket
CoDisconnectObject
CoCreateInstanceEx
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoGetCallContext
CoCreateGuid
CoRevertToSelf

oleaut32

VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SysAllocStringLen

user32

SendDlgItemMessageA
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
CharNextA
SetWindowLongA
GetWindowLongA
SendMessageA
SetWindowTextA
GetWindowTextA
GetDC
ShowWindow
SetTimer
KillTimer
IsWindowEnabled
wsprintfW
PostThreadMessageA
EnumWindows
LoadStringA
GetWindowThreadProcessId
IsWindowVisible
RegisterWindowMessageA
MessageBoxW
DialogBoxParamA
SetForegroundWindow
wsprintfA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
UnregisterClassA
IsDlgButtonChecked
CheckDlgButton
EnableWindow

wsock32

socket
closesocket
setsockopt
send
bind
connect
recv
gethostbyname
ioctlsocket
WSAGetLastError
WSAStartup
htonl
ntohl
htons

advapi32

OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
LookupAccountSidA
AdjustTokenPrivileges
LookupPrivilegeValueA
PrivilegeCheck
RegQueryValueExW
LookupAccountSidW
IsValidSid
EqualSid
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
OpenProcessToken
GetTokenInformation
GetUserNameA
AllocateAndInitializeSid
GetSidLengthRequired
CopySid
FreeSid
LookupAccountNameA
RegOpenKeyExW
RegConnectRegistryA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapReAlloc
CreateThread
TlsGetValue
TlsSetValue
ExitThread
RtlUnwind
ExitProcess
GetStartupInfoA
RaiseException
ReadProcessMemory
SetFilePointer
ReadFile
LocalSize
FindFirstFileA
FindClose
GetModuleHandleW
Sleep
SetPriorityClass
CreateProcessW
GetExitCodeProcess
ReleaseMutex
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
GetSystemDirectoryA
SetEnvironmentVariableA
SetErrorMode
GetModuleHandleA
GetProcAddress
TlsFree
GetTickCount
lstrcatA
GetSystemTimeAsFileTime
VirtualAlloc
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
FindResourceExA
LockResource
GetCurrentProcessId
GetCommandLineA
OpenProcess
DuplicateHandle
GetProfileStringA
GetFileAttributesA
LocalFree
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
FlushFileBuffers
SetEndOfFile
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
LocalAlloc
QueryPerformanceCounter
ResumeThread
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
IsDBCSLeadByte
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CompareStringA
lstrlenW
CompareStringW
lstrcmpiA
lstrlenA
GetLastError
TerminateProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateEventA
CreateProcessA
GetCurrentThread
DeleteCriticalSection
GetModuleFileNameA
SetEvent
GetCurrentThreadId
SetUnhandledExceptionFilter
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA

gdi32

GetTextExtentPoint32A

icmp

IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff7346329016648147b91d5c700e36a1

Headers

File Characteristics

Imports

rpcrt4

ole32

oleaut32

user32

wsock32

advapi32

kernel32

gdi32

icmp

Sections

.text Size: 136KB - Virtual size: 134KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 4KB

.tdata Size: 68KB - Virtual size: 68KB

.text
Size: 136KB - Virtual size: 134KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 4KB

.tdata
Size: 68KB - Virtual size: 68KB