202b475f3c7a2249e233ca375ee255b895152171c2f0ec26e3f62acfce8e6c50

Sharing

Copy URL Twitter E-mail

General

Target

202b475f3c7a2249e233ca375ee255b895152171c2f0ec26e3f62acfce8e6c50
Size

1.9MB
MD5

ab53c77c6a2430038105976f50e08f80
SHA1

fdd522b5719eac0d622a91a66ea2e608507a77a3
SHA256

202b475f3c7a2249e233ca375ee255b895152171c2f0ec26e3f62acfce8e6c50
SHA512

67fa2f51a889d90d80ac9ecd86e4f9c7a326344cb9b466f016c64741524fb8df335173d188c3372a0d8625f11558d9a5e0d0788ee77f170f5173a1a95c995e09
SSDEEP

49152:enDZ4GFDo7SgQY3u5XMV1io20QkZ//fTo611aTef3N:enl4GFDo7SgUXgio20Qg/EW

Score

N/A

Malware Config

Signatures

Files

202b475f3c7a2249e233ca375ee255b895152171c2f0ec26e3f62acfce8e6c50
.exe windows x86

0af0b09aa780ed4448af3eff2ea99e92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

ws2_32

sendto
recvfrom
accept
send
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
select
__WSAFDIsSet
getpeername
getsockopt
closesocket
WSASetLastError
WSAStartup
WSACleanup
socket
bind
recv
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl

kernel32

GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateProcessW
DeleteFileW
WriteFile
MoveFileExW
SetFileAttributesW
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GetCurrentProcessId
OpenProcess
CreateDirectoryW
GetFullPathNameW
GetLongPathNameW
ExitProcess
SetUnhandledExceptionFilter
SetErrorMode
VirtualAlloc
HeapCreate
LoadLibraryA
GetProcAddress
HeapAlloc
CreateThread
ExitThread
CreateMutexW
FindFirstFileW
SetFilePointer
FindResourceW
LoadResource
VerSetConditionMask
GetCurrentProcess
GetTickCount
SizeofResource
GetVersionExW
GetFileAttributesA
GetFileAttributesW
TerminateProcess
VerifyVersionInfoW
FindClose
IsWow64Process
LockResource
GetSystemInfo
FindNextFileW
GetFileAttributesExW
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
InterlockedCompareExchange
OutputDebugStringW
FormatMessageW
LocalFree
InterlockedDecrement
GetSystemDirectoryW
GetVolumeInformationW
InterlockedIncrement
InterlockedExchange
FormatMessageA
CreateFileA
GetModuleHandleA
UnmapViewOfFile
CreateFileMappingA
CreateMutexA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
HeapFree
GetModuleHandleW
GetProcessHeap
SetLastError
GetModuleFileNameA
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetFullPathNameA
HeapReAlloc
HeapCompact
MapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
UnlockFile
LockFile
UnlockFileEx
LoadLibraryW
HeapDestroy
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
CopyFileW
GetEnvironmentVariableW
GetCommandLineW
GetDriveTypeW
ReadFile
GetLastError
GetFileSize
GetTempPathW
CloseHandle
CreateFileW
GetModuleFileNameW
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEnvironmentVariableA
SleepEx
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetComputerNameW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetStdHandle
GetFileType
WriteConsoleW
GetDateFormatA
GetTimeFormatA
VirtualQuery
VirtualProtect
GetStartupInfoW
HeapSetInformation
GetFileInformationByHandle
GetCurrentDirectoryW
DeviceIoControl
DecodePointer
EncodePointer
GetStringTypeW

advapi32

RegCreateKeyW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

AssocQueryStringW
PathAppendW

wldap32

ord30
ord35
ord79
ord33
ord27
ord301
ord26
ord41
ord143
ord50
ord46
ord211
ord200
ord32
ord60
ord22

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0af0b09aa780ed4448af3eff2ea99e92

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

ws2_32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

wldap32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 86KB - Virtual size: 100KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 86KB - Virtual size: 100KB

.rsrc
Size: 1KB - Virtual size: 1KB