e6b608d4ae58f230110bee3063a824437775ae10a470781367044f4b8ac5fcff

Sharing

Copy URL Twitter E-mail

General

Target

e6b608d4ae58f230110bee3063a824437775ae10a470781367044f4b8ac5fcff
Size

366KB
MD5

5bfc29667b4d6edbf700ebdb419c1110
SHA1

4da453ed8c04deb6b0274a2192bd15a426b3cd89
SHA256

e6b608d4ae58f230110bee3063a824437775ae10a470781367044f4b8ac5fcff
SHA512

5002e66219c7932f047f6e46d87f0cef4a9fd6156ba419a4616753d48d8507f8c3fc16bbcf7615ee7381c6a61bf5321b16c70e563806bf938619aa7d3cbd9833
SSDEEP

3072:KVlTVzE6R9zIExovfmqcNb+eKDc5DLxE9PtlMqyeLd348nvby4bunboJo9av47OQ:8lRCcNbc8HGDzyc48njHVUxokebou4

Score

N/A

Malware Config

Signatures

Files

e6b608d4ae58f230110bee3063a824437775ae10a470781367044f4b8ac5fcff
.dll windows x86

6fecc40db14999801ed5eaa3ccb5224f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
SetErrorMode
InterlockedExchange
DeleteFileA
lstrlenA
lstrcatA
lstrcpyA
GetModuleHandleA
lstrcpyW
GetLastError
SetLastError
GetCurrentThreadId
GetCurrentProcessId
IsBadWritePtr
TlsGetValue
IsBadReadPtr
GetCommandLineW
GetCommandLineA
TlsSetValue
GetModuleFileNameW
SuspendThread
CloseHandle
CreateThread
SetEvent
IsBadCodePtr
WinExec
CreateFileA
WaitForSingleObject
TerminateThread
CreateEventA
TerminateProcess
GetSystemDirectoryA
OpenEventA
lstrlenW
WaitForMultipleObjects
lstrcatW
ResumeThread
ExitProcess
LoadLibraryA
GetProcAddress
TlsAlloc
GetModuleFileNameA
LocalAlloc
LocalFree
FreeLibrary
RaiseException
GetCurrentProcess
Process32First
GetModuleHandleW
ReadProcessMemory
VirtualProtectEx
Process32Next
lstrcmpiW
CreateToolhelp32Snapshot
WriteProcessMemory
InterlockedIncrement
InterlockedDecrement
VirtualFree
Sleep
AddVectoredExceptionHandler
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
GetFileSize
FindFirstFileW
WriteFile
ReadFile
CreateFileW
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindNextFileW
GetTickCount
SetFilePointer
ExpandEnvironmentStringsA
SearchPathA
GetTempPathA
GetVolumeInformationA
GetSystemInfo
GetVersionExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileMappingW
OpenFileMappingW
OpenFileMappingA
GetLocalTime
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetThreadContext
CreateRemoteThread
GetWindowsDirectoryW
CallNamedPipeA
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
GetFileAttributesA
lstrcmpA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
GetCurrentDirectoryA
CreateProcessA
MoveFileExA
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThread
VirtualAlloc
GetModuleHandleExA

msvcrt

_except_handler3

iphlpapi

GetAdaptersInfo

comdlg32

GetSaveFileNameA

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fecc40db14999801ed5eaa3ccb5224f

Headers

File Characteristics

Imports

kernel32

msvcrt

iphlpapi

comdlg32

Sections

.text Size: 139KB - Virtual size: 138KB

bss Size: - Virtual size: 286KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 139KB - Virtual size: 138KB

bss
Size: - Virtual size: 286KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 10KB