49b6966fbe23773925ec18ffc710689f3ff0381156a9b2b8c0d8de52f41f041b_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

49b6966fbe23773925ec18ffc710689f3ff0381156a9b2b8c0d8de52f41f041b_unpacked
Size

285KB
MD5

4ec7d0095a9e69d4aad5c8940f0192bd
SHA1

8bbb4823ee43f4362270bfecf4e071f734604270
SHA256

9b1cc0e09fd1ae06c9d23d6afe2054dc1008d9bb8f21c4caf35c23c4c40ccea8
SHA512

6737960a77f7b8577cef1efa63691ef88c3ac36ca51cd5c6ec2972bce508d88ec5b68586843adee2ccef5a44efe6351626f7f5b03fd62839c204b79c71ef3d34
SSDEEP

6144:DKMvN/bfLHZkqyIDGK0qE5Xuqwj6vrMMY03u4b1yKA3:DZ/HFy9R5uqy+S03RyKA3

Score

N/A

Malware Config

Signatures

Files

49b6966fbe23773925ec18ffc710689f3ff0381156a9b2b8c0d8de52f41f041b_unpacked
.exe windows x86

638b23cb863b77252f6b867c195cc7ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand
srand
memcmp
memcpy
_time64
memset
_lseek
tolower
strchr
strncmp
_strcmpi
memmove

ws2_32

__WSAFDIsSet
WSAStartup
gethostbyname
WSASend
gethostname
socket
setsockopt
send
select
shutdown
connect
accept
bind
recv
listen
htons
htonl
closesocket

wininet

HttpSendRequestW
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionA
InternetWriteFile
HttpSendRequestExA

winscard

SCardDisconnect
SCardGetAttrib
SCardControl
SCardEstablishContext
SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
SCardConnectA
SCardBeginTransaction
SCardEndTransaction
SCardStatusA
SCardTransmit

cabinet

ord10
ord13
ord11
ord14

iphlpapi

GetIpForwardTable
GetAdaptersInfo

kernel32

HeapReAlloc
LoadLibraryExW
GetStringTypeW
LCMapStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
SetFilePointerEx
CreateFileA
SetErrorMode
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
lstrcatA
lstrlenA
GetEnvironmentVariableA
GetFileTime
SetFileTime
CloseHandle
GetLastError
CreateMutexA
OpenProcess
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrcpyA
MoveFileExA
FindClose
FindFirstFileA
FindNextFileA
lstrcmpiA
MultiByteToWideChar
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetFileSize
ReadFile
WriteFile
GetTempPathA
MoveFileA
CreateThread
TerminateThread
GetSystemTime
SystemTimeToFileTime
HeapAlloc
HeapFree
GetProcessHeap
DuplicateHandle
GetProcessTimes
GetCurrentThread
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
GetProcAddress
SetEvent
WaitForSingleObjectEx
CreateEventA
GetTickCount
GetProcessId
MapViewOfFile
UnmapViewOfFile
LocalFree
CreateFileMappingA
GetCurrentThreadId
GlobalLock
GlobalUnlock
FileTimeToSystemTime
CreateRemoteThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WideCharToMultiByte
SetLastError
ResumeThread
GetDriveTypeA
GetLogicalDrives
OutputDebugStringA
OpenMutexA
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
DeviceIoControl
LoadLibraryA
ReleaseMutex
GetExitCodeThread
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeA
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
EncodePointer
DecodePointer
RtlUnwind
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

DefWindowProcA
EmptyClipboard
MessageBoxA
FindWindowA
ExitWindowsEx
GetWindow
GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowExA
GetParent
SetWindowLongA
wsprintfA
wvsprintfA
GetKeyboardLayout
CallWindowProcA
IsWindow
OpenClipboard
CloseClipboard
GetClipboardData
GetKeyboardState
ToAsciiEx
GetWindowTextA
GetWindowTextLengthA
EnumChildWindows
SendMessageA
IsWindowVisible
GetWindowLongW

gdi32

DeleteObject
DeleteDC
GetDeviceCaps
CreateCompatibleDC
BitBlt
SelectObject
CreateDIBSection
GetDIBColorTable
CreateDCA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

advapi32

SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AdjustTokenPrivileges
GetUserNameA
OpenProcessToken

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

638b23cb863b77252f6b867c195cc7ad

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ws2_32

wininet

winscard

cabinet

iphlpapi

kernel32

user32

gdi32

shell32

ole32

advapi32

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 10KB - Virtual size: 20KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 10KB - Virtual size: 20KB

.reloc
Size: 13KB - Virtual size: 12KB