3eb1f2879ebeceaa8bc468f5b88d0c8aabc842893e4be1a0109a419bf13674e6_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

3eb1f2879ebeceaa8bc468f5b88d0c8aabc842893e4be1a0109a419bf13674e6_unpacked
Size

308KB
MD5

700cbfcb8aee634ba04799bbbfaf3f72
SHA1

c2c5d48b3ffe6b8555da5b3795fe2a90ab85d741
SHA256

6a3548fd668477572caf3b19ac92193d1acc3ad351fa89da2b721b9e1f3449f4
SHA512

456fd687dafd6861af855a929595cf1a6dbda3661274eb6ec3a3f062ca440d8e2607022fa03f6b3e904097ecb1d0c4903c45125a2802e095ac192cd0d2de5655
SSDEEP

6144:SoeCaPSJbhTH9UbMG0CP2b35dLQvZ4h6dm:NHyyxKbk75dGDd

Score

N/A

Malware Config

Signatures

Files

3eb1f2879ebeceaa8bc468f5b88d0c8aabc842893e4be1a0109a419bf13674e6_unpacked
.exe windows x86

a6a10e35e8ea66f2a5cfda67a816ba89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand
srand
memcmp
memcpy
_time64
memset
_lseek
tolower
strchr
strncmp
_strcmpi
memmove

ws2_32

__WSAFDIsSet
WSAStartup
gethostbyname
WSASend
gethostname
socket
setsockopt
select
shutdown
connect
accept
bind
send
recv
listen
htons
closesocket

wininet

InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestW

winscard

SCardDisconnect
SCardGetAttrib
SCardControl
SCardEstablishContext
SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
SCardConnectA
SCardBeginTransaction
SCardEndTransaction
SCardStatusA
SCardTransmit

cabinet

ord10
ord14
ord13
ord11

iphlpapi

GetIpForwardTable
GetAdaptersInfo

kernel32

HeapReAlloc
LoadLibraryExW
GetStringTypeW
LCMapStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW
WriteConsoleW
CreateFileA
SetErrorMode
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
lstrcatA
lstrlenA
GetFileTime
SetFileTime
CloseHandle
GetLastError
CreateMutexA
OpenProcess
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
lstrcpyA
FindClose
FindFirstFileA
FindNextFileA
lstrcmpiA
MultiByteToWideChar
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetEnvironmentVariableA
GetFileSize
ReadFile
WriteFile
GetShortPathNameA
GetTempPathA
MoveFileA
MoveFileExA
CreateThread
TerminateThread
GetSystemTime
SystemTimeToFileTime
HeapAlloc
HeapFree
GetProcessHeap
DuplicateHandle
GetProcessTimes
GetCurrentThread
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
GetProcAddress
SetEvent
WaitForSingleObjectEx
CreateEventA
GetTickCount
GetProcessId
MapViewOfFile
UnmapViewOfFile
LocalFree
CreateFileMappingA
GetCurrentThreadId
GlobalLock
GlobalUnlock
FileTimeToSystemTime
CreateRemoteThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WideCharToMultiByte
SetLastError
ResumeThread
GetDriveTypeA
GetLogicalDrives
OutputDebugStringA
OpenMutexA
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
DeviceIoControl
LoadLibraryA
ReleaseMutex
GetExitCodeThread
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeA
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
EncodePointer
DecodePointer
RtlUnwind
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

DefWindowProcA
EmptyClipboard
MessageBoxA
ExitWindowsEx
GetWindow
GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowExA
GetParent
SetWindowLongA
wsprintfA
wvsprintfA
GetKeyboardLayout
CallWindowProcA
IsWindow
OpenClipboard
CloseClipboard
GetClipboardData
GetKeyboardState
ToAsciiEx
GetWindowTextA
GetWindowTextLengthA
EnumChildWindows
SendMessageA
IsWindowVisible
GetWindowLongW

gdi32

DeleteObject
DeleteDC
GetDeviceCaps
CreateCompatibleDC
BitBlt
SelectObject
CreateDIBSection
GetDIBColorTable
CreateDCA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

advapi32

SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AdjustTokenPrivileges
GetUserNameA
OpenProcessToken

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6a10e35e8ea66f2a5cfda67a816ba89

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ws2_32

wininet

winscard

cabinet

iphlpapi

kernel32

user32

gdi32

shell32

ole32

advapi32

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 10KB - Virtual size: 20KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 10KB - Virtual size: 20KB

.reloc
Size: 13KB - Virtual size: 12KB