2f0f0956628d7787c62f892e1bd9edda8b4c478cf8f1e65851052c7ad493dc28_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

2f0f0956628d7787c62f892e1bd9edda8b4c478cf8f1e65851052c7ad493dc28_unpacked
Size

178KB
MD5

07d1c4952795e804b87c7c9d536dc547
SHA1

b19620bfa0a6311cdeac1a63aaf477d5b3df7730
SHA256

2f0f0956628d7787c62f892e1bd9edda8b4c478cf8f1e65851052c7ad493dc28
SHA512

c827b62142f24bfd4623675602a097f0d65f7a799dcc63e44728de0812f330dec7f3ff2f8bae0aa8de3c1c8def0aae022c5f5b23be7edfadbcb77e1c84ce55fa
SSDEEP

3072:2g0un3eQhR5kjetAXqRoGFkQX3/DSx5nGvWIG/e3RCawRkFv5co8Y/vgrOy:29yrhN/UGzGGMaX/oD

Score

N/A

Malware Config

Signatures

Files

2f0f0956628d7787c62f892e1bd9edda8b4c478cf8f1e65851052c7ad493dc28_unpacked
.exe windows x64

2e595bfa30d52f09b883558b1cfdabf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenProcess
GetLastError
DeleteFileW
CloseHandle
HeapReAlloc
GetLocalTime
GetStartupInfoW
ReadFile
WriteFile
CreatePipe
PeekNamedPipe
WaitForSingleObject
CreateProcessW
LocalAlloc
CreateFileA
LocalFree
FlushFileBuffers
FindFirstFileW
GetFileSizeEx
FindNextFileW
lstrcpynW
GetTempPathW
FindClose
CreateFileW
GetTickCount
WriteProcessMemory
Wow64SetThreadContext
TerminateProcess
ResumeThread
GetModuleHandleA
GetProcAddress
VirtualAllocEx
ReadProcessMemory
lstrcmpA
LoadLibraryA
GetCurrentProcess
DuplicateHandle
CreateFileTransactedW
GetThreadContext
SetThreadContext
MultiByteToWideChar
GetModuleFileNameW
K32GetModuleFileNameExW
GetProductInfo
GetLocaleInfoW
CreateToolhelp32Snapshot
GetTimeZoneInformation
Process32NextW
Process32FirstW
GetNativeSystemInfo
GetComputerNameW
CreateMutexA
Sleep
ExitProcess
WriteConsoleW
HeapSize
GetConsoleMode
SetLastError
GetComputerNameA
WideCharToMultiByte
lstrcpynA
GetWindowsDirectoryA
GetSystemDirectoryA
FileTimeToSystemTime
lstrlenW
GetFileAttributesExA
GetProcessHeap
HeapAlloc
lstrlenA
Wow64GetThreadContext
HeapFree
GetConsoleCP
SetFilePointerEx
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetFileType
GetModuleHandleExW
GetStdHandle
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
EncodePointer
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

wvsprintfA
CharUpperA

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

ktmw32

CreateTransaction
RollbackTransaction

ntdll

RtlInitUnicodeString
NtReadVirtualMemory
NtQueryInformationProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCreateSection
RtlCaptureContext

shlwapi

PathCombineW
PathFindFileNameW
PathAppendW
StrRChrA
StrChrA

wininet

HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetQueryDataAvailable
HttpQueryInfoA
InternetConnectA
HttpAddRequestHeadersA

urlmon

ObtainUserAgentString

ws2_32

recvfrom
closesocket
socket
__WSAFDIsSet
htons
ntohs
sendto
select
shutdown
inet_pton

netapi32

NetGetJoinInformation
NetApiBufferFree

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e595bfa30d52f09b883558b1cfdabf1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ktmw32

ntdll

shlwapi

wininet

urlmon

ws2_32

netapi32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB