6fe0dc6a6bdff962befab49040dc19fdc9d2648deef8661f70f92dd548362b40

Sharing

Copy URL Twitter E-mail

General

Target

6fe0dc6a6bdff962befab49040dc19fdc9d2648deef8661f70f92dd548362b40
Size

40KB
MD5

83eb4c18f39e968488202c38b421bf40
SHA1

a5c34efcd138827e9e2e0997fddacb03b3ece7ca
SHA256

6fe0dc6a6bdff962befab49040dc19fdc9d2648deef8661f70f92dd548362b40
SHA512

692b6260bd83353d433cbf9c87af820b225e1124f0227dd5c769a7af9885cf8353e64d0c4284259c42633b1329077ca26dfc16fd93224a229eac22344047c334
SSDEEP

768:Ju2kw+y6tpnYDa63AVzbUY/c35ccq9bOpQ9zaC:cFXy67kAVHv/c35ccq9bOpQR1

Score

N/A

Malware Config

Signatures

Files

6fe0dc6a6bdff962befab49040dc19fdc9d2648deef8661f70f92dd548362b40
.dll windows x86

65005f222bab2e87c372d24c6c513688

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
ReadFile
VirtualAlloc
GetFileSize
FreeConsole
GetModuleHandleA
GetVersionExA
GetComputerNameA
FindClose
InterlockedExchange
GetTickCount
HeapAlloc
RaiseException
LocalAlloc
lstrcpyA
GetModuleFileNameA
MoveFileExA
WinExec
ExitProcess
lstrcatA
CreateThread
WaitForSingleObject
lstrlenA
SetLastError
GetLastError
Sleep
CreateFileA
SetFilePointer
WriteFile
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
CloseHandle
GetUserDefaultUILanguage

user32

GetDesktopWindow
ExitWindowsEx
wsprintfA

advapi32

LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
DeleteService
CreateServiceA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
ControlService
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetServiceStatus

msvcrt

??1type_info@@UAE@XZ
__CxxFrameHandler
_CxxThrowException
_except_handler3
atoi
strcspn
strncpy
strstr
wcstombs
??3@YAXPAX@Z
rand
srand
sprintf
_strlwr
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
_strrev

Exports

Exports

CreateP2SPTask
GetServerInfo
Install
IsProcessRunning
QueryTaskPeer
RunInstall
RunUninsta3l
ServiceMain
SetImageFileKey
SetImageFileVersion
UnloadAll
UpdateRegText

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65005f222bab2e87c372d24c6c513688

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB