d98531b2abf9d4a6b04bf82819c63555d500831645d8855f8554014e1bdc2abf

Sharing

Copy URL Twitter E-mail

General

Target

d98531b2abf9d4a6b04bf82819c63555d500831645d8855f8554014e1bdc2abf
Size

308KB
MD5

47dec1dc228392897de925adc920601d
SHA1

37866a593d945eee295c170d496e0b6c1c6ac5de
SHA256

d98531b2abf9d4a6b04bf82819c63555d500831645d8855f8554014e1bdc2abf
SHA512

97d32e14daec9150f9cbe8f9d6944ddfa6451e9f8cc1d576cd0b4674800706cb53360e7c84341a9cb0e72f4f140d67d992718471f2dd5b95ab0036f86722b6ce
SSDEEP

6144:ClBl//RYBElJ8EDpTx+5gnMUWN1lBvF9F879T13Vg2jRRRR8RRRRLBklA:mRYaL8EDpTx+5WMrNHxW79TJVg2jRRR0

Score

N/A

Malware Config

Signatures

Files

d98531b2abf9d4a6b04bf82819c63555d500831645d8855f8554014e1bdc2abf
.exe windows x86

095ca2f874a00ff8b49a3e0969b17d9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

multprot

MangleNetBIOSName
SendPacket
DeinitProtocol
SetBlockingWinsock
GetLocalName
InitTCPStreamAccept
InitTCPIPSession
InitIPXSession
SetBlocking
IsSessionActive
RecvPacket
AcceptAnyCaller
ResetSession
GetRemoteName

wsock32

WSAGetLastError
WSACleanup
gethostbyname
WSAStartup
inet_addr
gethostname

kernel32

SetProcessWorkingSetSize
FormatMessageA
TlsGetValue
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualFree
HeapDestroy
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetACP
ResumeThread
ExitProcess
GetCommandLineA
GetStartupInfoA
SetFilePointer
GetFileType
GetLocalTime
GetSystemTime
GetTimeZoneInformation
WideCharToMultiByte
RtlUnwind
lstrcmpA
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
GetStringTypeW
SetStdHandle
SetHandleCount
CreateSemaphoreA
GetOEMCP
IsDBCSLeadByte
CreateProcessA
OpenMutexA
TerminateProcess
GetVersion
GetPrivateProfileStringA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
GetComputerNameA
CreateNamedPipeA
ReadFile
WriteFile
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
GetExitCodeProcess
HeapReAlloc
HeapCreate
FindFirstFileA
FindClose
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
GetFileAttributesA
GetCurrentDirectoryA
GetDriveTypeA
lstrcpyA
CreateEventA
GetSystemDirectoryA
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
GetStringTypeA
LocalFree
LocalAlloc
lstrcatA
GetCurrentProcess
lstrlenA
GetWindowsDirectoryA
DeviceIoControl
OutputDebugStringA
ResetEvent
GetCurrentThread
SetThreadPriority
CreateMutexA
OpenEventA
SetEvent
WaitForMultipleObjects
OpenProcess
CloseHandle
WaitForSingleObject
GetCurrentThreadId
GetTickCount
Sleep
CreateThread
LoadLibraryA
GetProcAddress
GlobalAlloc
FreeLibrary
GlobalFree
GetVersionExA
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
SetLastError
GetStdHandle
SetEndOfFile
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCPInfo
SetCurrentDirectoryA

user32

MsgWaitForMultipleObjects
SetCursor
GetActiveWindow
wvsprintfA
EnumChildWindows
InflateRect
SetActiveWindow
GetDoubleClickTime
EnableMenuItem
TrackPopupMenu
GetWindowDC
GetKeyState
DrawIcon
DestroyMenu
ClientToScreen
TrackPopupMenuEx
GetParent
SendDlgItemMessageA
GetDesktopWindow
LoadImageA
LoadMenuA
GetSubMenu
CreateDialogParamA
GetSystemMenu
IsDialogMessageA
UnregisterClassA
BringWindowToTop
ScreenToClient
CharUpperA
GetProcessWindowStation
CharPrevA
PeekMessageA
PostQuitMessage
TranslateMessage
DispatchMessageA
RegisterClassA
CreateWindowExA
BeginPaint
EndPaint
EnumDesktopWindows
ExitWindowsEx
EnumWindows
GetClassNameA
SendMessageTimeoutA
SetWindowLongA
SetForegroundWindow
GetWindowLongA
GetMessageA
LoadCursorA
SetDlgItemTextA
MessageBeep
CharNextA
IsWindow
OffsetRect
IsIconic
SetCursorPos
SystemParametersInfoA
MoveWindow
GetKeyboardType
IntersectRect
LoadIconA
SetWindowTextA
EnableWindow
GetWindowTextA
SetFocus
GetSysColor
GetWindowTextLengthA
DestroyWindow
IsWindowVisible
MessageBoxA
SetWindowPos
ShowWindow
UpdateWindow
CopyRect
SetTimer
KillTimer
InvalidateRect
GetForegroundWindow
GetWindowRect
EnumThreadWindows
UnionRect
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetWindowThreadProcessId
FindWindowA
OpenInputDesktop
GetUserObjectInformationA
ReleaseDC
GetCursorPos
GetThreadDesktop
SetThreadDesktop
PostMessageA
GetSystemMetrics
mouse_event
MapVirtualKeyA
keybd_event
DialogBoxParamA
EndDialog
GetDlgItem
wsprintfA
GetDC
GetClientRect
LoadStringA
SendMessageA
GetUserObjectSecurity
SetUserObjectSecurity
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
CloseWindowStation
CloseDesktop
DefWindowProcA

gdi32

GetBkColor
SetBkColor
ExtTextOutA
GetStockObject
SetDIBits
CreateCompatibleBitmap
GetDIBits
GetClipBox
GetDCOrgEx
PatBlt
SetSystemPaletteUse
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetTextExtentPoint32A
SetDIBColorTable
GetSystemPaletteEntries
SelectObject
DeleteObject
CreateCompatibleDC
CreateDIBSection
GetDIBColorTable
RealizePalette
CreatePalette
SelectPalette

advapi32

LookupPrivilegeValueA
RegCreateKeyA
AdjustTokenGroups
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
MapGenericMask
AccessCheck
LookupAccountNameA
AllocateAndInitializeSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
OpenThreadToken
CreateProcessAsUserA
RegSetValueExA
RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
CreateServiceA
QueryServiceStatus
StartServiceA
SetSecurityDescriptorDacl
CopySid
AddAce
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetTokenInformation
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetUserNameA
AdjustTokenPrivileges
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSecurityDescriptor
IsValidAcl
EqualSid
LookupAccountSidA
IsValidSid
GetSidIdentifierAuthority
LookupPrivilegeNameA
InitializeSid
GetSidLengthRequired
RegEnumValueA

shell32

FindExecutableA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize

imm32

ImmCreateContext
ImmAssociateContext
ImmDestroyContext

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

095ca2f874a00ff8b49a3e0969b17d9c

Headers

File Characteristics

Imports

multprot

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 36KB - Virtual size: 201KB

.rsrc Size: 92KB - Virtual size: 88KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 36KB - Virtual size: 201KB

.rsrc
Size: 92KB - Virtual size: 88KB