1aaa9861f8a024fea556e64e24d73a6cd5a74a88e66b2ef6d93b8b5ba2ca5fee

General

Target

1aaa9861f8a024fea556e64e24d73a6cd5a74a88e66b2ef6d93b8b5ba2ca5fee
Size

364KB
MD5

0ab7bebbcc657583927dcf29572e2143
SHA1

e56cdc14f56106331b20d8408777c499a7bf4682
SHA256

1aaa9861f8a024fea556e64e24d73a6cd5a74a88e66b2ef6d93b8b5ba2ca5fee
SHA512

c88bb4ebc26048105c0a9441b491b06449a4f901da6682cf50c154dabb31fdc60ff02a51bd6f67178ea0f3a5f0d537084fef393ac8e9e55bcc6604e1f577c4f0
SSDEEP

3072:JtNDVMsqVl3riNshJleaDgQXMmAI97V13jl35KR4dfsI:J67YNshaaxMKL1jHKR4Bs

Score

N/A

Malware Config

Signatures

Files

1aaa9861f8a024fea556e64e24d73a6cd5a74a88e66b2ef6d93b8b5ba2ca5fee
.exe windows x86

b15e8f07c7177ce4f064268ef9d89959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatA
GetLocalTime
ExpandEnvironmentStringsA
CloseHandle
CreateMutexA
CreateFileA
DeleteFileA
TerminateThread
CreateThread
GetVersionExA
GlobalMemoryStatus
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetOEMCP
GetACP
GetLastError
Sleep
GetSystemDirectoryA
CopyFileA
WriteFile
CreateProcessA
GetCPInfo
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetFilePointer
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ReadFile
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
GetCurrentProcess
TerminateProcess
ExitProcess

mpr

WNetAddConnection2A
WNetCancelConnection2A

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

accept
ntohl
ioctlsocket
select
getsockname
inet_ntoa
gethostbyaddr
recv
listen
connect
WSASocketA
setsockopt
htons
htonl
sendto
WSAGetLastError
inet_addr
gethostbyname
WSAStartup
WSACleanup
closesocket
bind
WSAAsyncSelect
__WSAFDIsSet
socket
send

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b15e8f07c7177ce4f064268ef9d89959

Headers

File Characteristics

Imports

kernel32

mpr

advapi32

shell32

ws2_32

wininet

Sections

.text Size: 360KB - Virtual size: 360KB

.text
Size: 360KB - Virtual size: 360KB