General
-
Target
Mon06295419f3.exe
-
Size
403KB
-
MD5
962b4643e91a2bf03ceeabcdc3d32fff
-
SHA1
994eac3e4f3da82f19c3373fdc9b0d6697a4375d
-
SHA256
d2671668c6b2c9da5d319e60dea54361a2cbb362e46628cf0dccb5ff0baf786b
-
SHA512
ef6f4a5ccfff09506c925003ac49837d771787028fddcf2183e98cba2794df375fd0d5099e36abf8fedfc0dddd10ad076d2fc69a77b8ffd8180215b5cfc88dfd
-
SSDEEP
6144:lInYPg/USg7WFugaTIv1pE0EAPMrGWsWDWidF0HQszCZ2Ftppb9Y81+k7pq7FLfj:leYI/7FugaoS2zO
Malware Config
Extracted
privateloader
http://45.133.1.107/server.txt
pastebin.com/raw/A7dSG1te
http://wfsdragon.ru/api/setStats.php
51.178.186.149
Signatures
-
Privateloader family
Files
-
Mon06295419f3.exe.exe windows x86
6256ca6fb1d33cce27dff272311e3072
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ReadFile
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
GetModuleHandleExA
CreateFileA
lstrcpyA
CloseHandle
GetFileSize
GetLastError
GetProcAddress
HeapFree
WriteFile
lstrlenA
lstrcpynA
WriteConsoleW
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
SetFilePointerEx
GetFileType
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetConsoleMode
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
CreateFileW
DecodePointer
Sections
.text Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 279KB - Virtual size: 279KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ