b1cd9d3eedfbca41fc97421574eb5824d47fe4e74e4742ef4f00cd5007ad755d_unpacked_x64

Sharing

Copy URL Twitter E-mail

General

Target

b1cd9d3eedfbca41fc97421574eb5824d47fe4e74e4742ef4f00cd5007ad755d_unpacked_x64
Size

22KB
MD5

d963b3d92ff400fc2d217dc2e091942f
SHA1

9ff12a3692dafc0bd121ecdb3e4fe7f2267843e3
SHA256

b5a71a80cc43fc7053622611216b15131d665c014b64ee3303be1e2d572533b4
SHA512

448c013686748a766ede4580c1510d413d9795c57b7c37ce576e39f06b5e2d12d22a113bc7ec53ba7d755e1a03b7df047c178ce174159173b1e15f0ad0f693de
SSDEEP

384:4WcwnbCOlIhrP5lkvqIq1fw4Lh25VVo0YBaGNIZKatm6lBOuaPs+cPQZL:NujFP5SMJlLybaEKX1u4DcPA

Score

N/A

Malware Config

Signatures

Files

b1cd9d3eedfbca41fc97421574eb5824d47fe4e74e4742ef4f00cd5007ad755d_unpacked_x64
.exe windows x64

954ae96f348445282ca15ff37a022590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

tolower
sprintf
sscanf
isalpha
ZwResumeThread
RtlExitUserThread
RtlCompareMemory
strncpy
_snprintf
strchr
memset
_stricmp
memcpy

shlwapi

StrStrIA
PathAppendA
StrToIntA
PathRemoveExtensionA
PathAddExtensionA
PathFindFileNameA
PathCombineA
UrlGetPartA

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
InternetCrackUrlA
HttpQueryInfoA

urlmon

URLDownloadToFileA

kernel32

GetTickCount
WinExec
ExitThread
lstrcmpA
WriteProcessMemory
VirtualProtect
OpenEventW
GetModuleFileNameA
SetEvent
lstrcpyA
lstrcatA
Sleep
ExitProcess
CreateThread
DeleteFileA
GetTempPathA
CloseHandle
GetVersionExA
CreateMutexA
GetModuleHandleA
GetSystemInfo
GetTempFileNameA
LockFileEx
GetProcAddress
lstrcmpiA
GetLastError
ReadFile
WriteFile
lstrlenA
WaitForSingleObject
HeapReAlloc
CreateFileA
GetFileSize
SetFilePointer
MoveFileExA
SetEndOfFile
HeapAlloc
GetCurrentProcess
HeapFree
UnlockFileEx
GetProcessHeap

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

Exports

Exports

DownloadRunExeId
DownloadRunExeUrl
DownloadUpdateMain
Inject64End
Inject64Normal
Inject64Start
InjectNormRoutine
SendLogs
WriteConfigString

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

954ae96f348445282ca15ff37a022590

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wininet

urlmon

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB