ffc4a1c6deb4f29cef02a4fef7259a6177570582c21f2f8292ca42312de37a4a

Sharing

Copy URL Twitter E-mail

General

Target

ffc4a1c6deb4f29cef02a4fef7259a6177570582c21f2f8292ca42312de37a4a
Size

147KB
MD5

8469627753e894041363a68266c9b0b0
SHA1

de2ca88600b7eb2b19d2441b5446913e257f10d8
SHA256

ffc4a1c6deb4f29cef02a4fef7259a6177570582c21f2f8292ca42312de37a4a
SHA512

b28147f996023600580005c1728be46e36e6c9c521cf030b20b0d782acfc6c2571d35bb5028a6bc6090f17f86b807873f7c695f15ef1715140fcfb7cce07773f
SSDEEP

3072:rB1c771+SH6EU36LzybGQhbzlEUKKKKKKlGfGt3K85r:Ea4qbGQvEUKKKKKKlGfGtaW

Score

N/A

Malware Config

Signatures

Files

ffc4a1c6deb4f29cef02a4fef7259a6177570582c21f2f8292ca42312de37a4a
.exe windows x86

33a11bd9f3b3e0d6687b6d950e9c8122

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
GetLastError
CreateMutexA
MoveFileA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
lstrlenA
GetCommandLineA
GetModuleFileNameA
Sleep
GetLocalTime
GetTickCount
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetTempPathA
WriteFile
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
HeapReAlloc
VirtualAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetStartupInfoA
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

GetParent
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathGetArgsA
PathFileExistsA
PathIsDirectoryA
PathRemoveBlanksA
PathFindFileNameA

ws2_32

closesocket
__WSAFDIsSet
select
ioctlsocket
htons
socket
gethostbyname
send
connect
recv
WSAStartup

netapi32

Netbios

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33a11bd9f3b3e0d6687b6d950e9c8122

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB