e6deab10244efd31b8c0780ce8397db2

Sharing

Copy URL Twitter E-mail

General

Target

e6deab10244efd31b8c0780ce8397db2
Size

9KB
MD5

271d681c3fb78dc16d37bf7ba0c1f79f
SHA1

673531f8b4bf8cc2c8a7174abdd655756d16aaf0
SHA256

bd102b41754d2439666ad330db2d3cac73744d229330f0051c67dc93c84e57aa
SHA512

01122dad1d2bab006de40d5e8a9ad9e0600691278f11fe2e6916c7f245f64deb6cc90fe2bd96f0fd2b6d281f7685acfc5685cbf8569ffc7cf2a1310e396eb1bd
SSDEEP

192:6zje5/K3wlZsEfiVT74OXxKNFT2k/0AMsfVxtp4QlSOAL/gbGP96xLRS:6nyWwlZ6F71XcNF2k/0AMur4QkOkgbGx

Score

N/A

Malware Config

Signatures

Files

e6deab10244efd31b8c0780ce8397db2
.zip

Password: infected
593b53c9a57dd9adb2bb8edc38ff92785f9358a82da063ec078d6aa3946d9d00
.exe windows x86

Password: infected

161f65c7e38df9a42819c417f954dfbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
atoi
_stricmp
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
memset
strcpy
strcat
strrchr
malloc
realloc
exit
free

kernel32

HeapFree
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetCurrentThreadId
GetSystemTime
WritePrivateProfileStringA
SetFileAttributesA
GetModuleFileNameA
SetErrorMode
GetTickCount
OpenEventA
GetVersionExA
GetComputerNameA
GetSystemInfo
GetPrivateProfileStringA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetWindowsDirectoryA
ReadFile
GetFileAttributesA
CreateProcessA
lstrcpyA
lstrlenA
CreateThread
GetLastError
GetCurrentProcess
Process32Next
LocalReAlloc
LocalSize
OpenProcess
Process32First
LocalAlloc
CreateToolhelp32Snapshot
LocalFree
TerminateThread
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
FreeLibrary

user32

SetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenWindowStationA
SetProcessWindowStation
wsprintfA
OpenDesktopA
OpenInputDesktop
GetThreadDesktop
ExitWindowsEx
GetProcessWindowStation

advapi32

OpenProcessToken
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog

shell32

ShellExecuteA

ws2_32

setsockopt
send
closesocket
select
htons
gethostbyname
socket
getsockname
WSAStartup
WSACleanup
connect
recv

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

161f65c7e38df9a42819c417f954dfbf

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

wininet

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB