71df93a01517e27f9648664b795f6cff2b98410e570238ae5ad2b0315f3bb25a

Sharing

Copy URL Twitter E-mail

General

Target

71df93a01517e27f9648664b795f6cff2b98410e570238ae5ad2b0315f3bb25a
Size

618KB
MD5

47fd4f321c324c7d643b610e87d21cf0
SHA1

e04859ef1877b072132c0fabf576a5e698264afa
SHA256

71df93a01517e27f9648664b795f6cff2b98410e570238ae5ad2b0315f3bb25a
SHA512

e3793aa8cfe3cf8b1fac74974f1964c356154648b84be600d9c9cb77826a13b87325f9aa3e422b023880351fdcaae7d1b6f2d8ce1ec74363d1baa62cc3ab8e49
SSDEEP

12288:ZCHgVaa+g5GtnoTdb+zah37+ujlCsrTE+efIYK8YFw2E6n2Nd:54mGhAboK7+ujlf8Hi8YFw2V

Score

N/A

Malware Config

Signatures

Files

71df93a01517e27f9648664b795f6cff2b98410e570238ae5ad2b0315f3bb25a
.exe windows x64

34fb0a5fafdaa2b632d3dfd5af069dfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
FreeSid
AllocateAndInitializeSid
CheckTokenMembership

kernel32

CloseHandle
LocalFree
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
CompareStringA
K32GetModuleBaseNameA
HeapSetInformation
GetProcAddress
GetLastError
GetSystemDirectoryA
SetThreadPreferredUILanguages
GetConsoleOutputCP
FormatMessageW
LoadLibraryA
Sleep
LoadLibraryW
GetSystemDirectoryW
OpenProcess
FormatMessageA
GetProcessHeap
HeapFree
GetCurrentProcess
FreeLibrary
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThreadId

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
exit
_setmode
toupper
time
_wsetlocale
_iob
_fileno
_vsnprintf
_vsnwprintf
fprintf
memset
sscanf
strchr
_strupr
system
memcpy

dbghelp

SymCleanup

iphlpapi

InternalGetTcp6Table2
InternalGetTcp6TableWithOwnerModule
InternalGetTcpTable2
InternalGetTcpTableWithOwnerModule
InternalGetUdp6TableWithOwnerModule
GetUdpStatisticsEx
GetIcmpStatisticsEx
GetTcpStatisticsEx
GetIpStatisticsEx
InternalGetUdpTableWithOwnerModule

user32

CharToOemBuffW
CharToOemBuffA

ws2_32

ntohs
getnameinfo
WSAStartup
htons
ntohl
gethostname

snmpapi

SnmpUtilMemFree
SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilMemAlloc

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34fb0a5fafdaa2b632d3dfd5af069dfa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

dbghelp

iphlpapi

user32

ws2_32

snmpapi

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 588KB - Virtual size: 2.5MB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 588KB - Virtual size: 2.5MB