c992f85a87a83a0b28edd6a926c4c71a62611ddf054fff8aaafedf5e3b4e8d20

Sharing

Copy URL

Twitter E-mail

General

Target

c992f85a87a83a0b28edd6a926c4c71a62611ddf054fff8aaafedf5e3b4e8d20
Size

618KB
MD5

5b343dc91ebc010e08343f6b3d868bb0
SHA1

9c5f0a6183839076aaeba2e33a44fb3b66e6c316
SHA256

c992f85a87a83a0b28edd6a926c4c71a62611ddf054fff8aaafedf5e3b4e8d20
SHA512

40f8b5fb8805d7ad3f3339abfc2947acc49919d590be30f344a4f5864c69e5f1715ddcd0745e7130d6ae8e636d337d666caf38f16524087c62577088f76a9216
SSDEEP

12288:0WlsLVUcJj60oIZt7wjjYuYnN1htRq1dhPa8xvUiZG24:OucJj60oIZtEj8PN1bs88ZUiZG

Score

N/A

Malware Config

Signatures

Files

c992f85a87a83a0b28edd6a926c4c71a62611ddf054fff8aaafedf5e3b4e8d20
.exe windows x64

34fb0a5fafdaa2b632d3dfd5af069dfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
FreeSid
AllocateAndInitializeSid
CheckTokenMembership

kernel32

CloseHandle
LocalFree
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
CompareStringA
K32GetModuleBaseNameA
HeapSetInformation
GetProcAddress
GetLastError
GetSystemDirectoryA
SetThreadPreferredUILanguages
GetConsoleOutputCP
FormatMessageW
LoadLibraryA
Sleep
LoadLibraryW
GetSystemDirectoryW
OpenProcess
FormatMessageA
GetProcessHeap
HeapFree
GetCurrentProcess
FreeLibrary
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
exit
_setmode
toupper
time
_wsetlocale
_iob
_fileno
_vsnprintf
_vsnwprintf
fprintf
memset
sscanf
strchr
_strupr
system
memcpy

dbghelp

SymCleanup

iphlpapi

InternalGetTcp6Table2
InternalGetTcp6TableWithOwnerModule
InternalGetTcpTable2
InternalGetTcpTableWithOwnerModule
InternalGetUdp6TableWithOwnerModule
GetUdpStatisticsEx
GetIcmpStatisticsEx
GetTcpStatisticsEx
GetIpStatisticsEx
InternalGetUdpTableWithOwnerModule

user32

CharToOemBuffW
CharToOemBuffA

ws2_32

ntohs
getnameinfo
WSAStartup
htons
ntohl
gethostname

snmpapi

SnmpUtilMemFree
SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilMemAlloc

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34fb0a5fafdaa2b632d3dfd5af069dfa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

dbghelp

iphlpapi

user32

ws2_32

snmpapi

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 588KB - Virtual size: 2.0MB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 588KB - Virtual size: 2.0MB