db641603225209f99d590f7ac618a9a3403a22cba4ca0233ea5f4fd839e11dbf

Sharing

Copy URL

Twitter E-mail

General

Target

db641603225209f99d590f7ac618a9a3403a22cba4ca0233ea5f4fd839e11dbf
Size

587KB
MD5

57e1fc1b99b335630574616271e911cc
SHA1

5e4f5ccde85dd6adc9c63bb1d230fd2bc7529ebf
SHA256

db641603225209f99d590f7ac618a9a3403a22cba4ca0233ea5f4fd839e11dbf
SHA512

118ac5dd8cd2294e3654d95bf6c0e1cc3f15640d1f7afee64d3165d72503221513165d03cd3380b37f1ea426dd0f92add1f01a54fdaed7f570d7544435aa6f84
SSDEEP

6144:Ga6JYkfLe1ZQaLflrrDcQx2OLSdntybTA/jK96sWgx6Etoe1cg0jR4YQgm6hFGN0:gV+f/DcGueA7ovh1L0jR4w/K/v0

Score

N/A

Malware Config

Signatures

Files

db641603225209f99d590f7ac618a9a3403a22cba4ca0233ea5f4fd839e11dbf
.exe windows x86

2c0005d96536314422ccdf18d8a12ed0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

FlushFileBuffers
SetStdHandle
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
OutputDebugStringW
WriteConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetFileType
SetHandleCount
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
HeapValidate
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
WriteFile
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcatA
FindFirstFileA
FindClose
FormatMessageA
OutputDebugStringA
GetSystemTime
HeapCreate
GetCommandLineW
lstrlenA
lstrcpyA
lstrcpynA
HeapAlloc
GetSystemInfo
AllocConsole
GetStdHandle
GetSystemDirectoryA
CreateFileA
ReadFile
DeleteFileA
WriteConsoleA
ReadConsoleA
Sleep
FreeConsole
GetLocaleInfoA
CreateIoCompletionPort
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
CreateFileW
GetModuleHandleW
GetProcAddress
DecodePointer
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GetLastError
WaitForSingleObject
CreateThread
CloseHandle

user32

PostQuitMessage
DestroyWindow
DefWindowProcA
PostMessageA
EnableMenuItem
GetDlgItem
GetSystemMenu
EnumDesktopsA
SetFocus
SetForegroundWindow
ShowWindow
SetWindowPos
GetWindowRect
DrawTextA
TrackPopupMenuEx
IsWindow
GetCursorPos
GetWindowContextHelpId
GetDlgCtrlID
GetForegroundWindow
SetWindowLongA
GetDC
FillRect
ReleaseDC
BroadcastSystemMessageA
EnableWindow
IsWindowEnabled
SetTimer
MessageBoxA
KillTimer
PeekMessageA
BeginPaint
IsRectEmpty
EndPaint
GetClientRect
SendMessageA
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
SetWindowTextA
CreateWindowExA
LoadBitmapA
LoadStringA
GetSystemMetrics
InvalidateRect
LoadIconA
LoadCursorA
RegisterClassExA
TranslateMessage
GetMessageA
DispatchMessageA

gdi32

CreateSolidBrush
TextOutA
FillRgn
ChoosePixelFormat
GetObjectA
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
CreateCompatibleDC
SetPixelFormat
BitBlt
DeleteDC
GetPixel
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleBitmap
MoveToEx
LineTo
Rectangle

advapi32

RegOpenKeyExA

shell32

CommandLineToArgvW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

OleGetClipboard
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

odbc32

ord26
ord31
ord43
ord11
ord41
ord39
ord24
ord13
ord12
ord72
ord75
ord9
ord19

ws2_32

WSASend
htons
bind
WSAGetLastError
htonl
listen
WSAAccept
WSASocketA
WSAStartup

netapi32

NetWkstaUserGetInfo
NetShareGetInfo
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetIpForwardTable

shlwapi

StrFormatByteSizeA
StrCmpNIA
PathFileExistsA

comctl32

InitCommonControlsEx

secur32

AcquireCredentialsHandleA
QuerySecurityPackageInfoA
EnumerateSecurityPackagesA

opengl32

wglCreateContext
wglMakeCurrent

imm32

ImmGetContext
ImmGetConversionStatus
ImmReleaseContext

ntdsapi

DsUnBindA

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c0005d96536314422ccdf18d8a12ed0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

odbc32

ws2_32

netapi32

version

iphlpapi

shlwapi

comctl32

secur32

opengl32

imm32

ntdsapi

Sections

.text Size: 419KB - Virtual size: 419KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 12KB

.udata Size: 5KB - Virtual size: 5KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 419KB - Virtual size: 419KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 12KB

.udata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 16KB - Virtual size: 15KB