b7dc891e04a3ceacaf0e229eceb5b28619336c256efe996c7dd43bcf533f0574

Sharing

Copy URL

Twitter E-mail

General

Target

b7dc891e04a3ceacaf0e229eceb5b28619336c256efe996c7dd43bcf533f0574
Size

603KB
MD5

925afab92fd78df2ce664bdf94d177e0
SHA1

3dea5f7e36326fab6c6b63e060f70049c148359a
SHA256

b7dc891e04a3ceacaf0e229eceb5b28619336c256efe996c7dd43bcf533f0574
SHA512

79d26764c5b06cf594a575d41868f61246282c28a341c087cad6f33c6b67ddc88dcd164d04c9cc97fbda336375977967b72ad737a4d92c8944d2977aee72a3fb
SSDEEP

12288:2cn3HzVYF/G8fBJJFGeaiuDFL9lSAtaPbByif7vTY06s+hS6q:PnKFOsJ7Oc66HN6sAS6q

Score

N/A

Malware Config

Signatures

Files

b7dc891e04a3ceacaf0e229eceb5b28619336c256efe996c7dd43bcf533f0574
.exe windows x86

e64081d82a66a17e73dc4b088f0cd11a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord195
ord70

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostbyname
htons
recv
WSACleanup
inet_ntoa
connect
WSAStartup
socket
send
inet_addr
closesocket

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
CreateDirectoryW
WriteFile
FindResourceW
FindFirstFileW
LoadResource
FindClose
CloseHandle
GetFileAttributesW
GetTickCount
SizeofResource
CreateFileW
RemoveDirectoryW
MoveFileExW
MoveFileW
GetLastError
DeleteFileW
CreateMutexW
GetProcAddress
LoadLibraryW
WaitForSingleObject
GetVersionExW
WideCharToMultiByte
CreateProcessW
Process32FirstW
OpenProcess
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
TerminateProcess
InterlockedCompareExchange
GetModuleHandleW
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
ReleaseMutex
SetLastError
GetModuleFileNameW
SetFilePointer
OutputDebugStringA
GetModuleHandleA
CopyFileW
GetFileAttributesExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
ReadFile
GetStdHandle
SetUnhandledExceptionFilter
ResumeThread
AssignProcessToJobObject
GetSystemTimeAsFileTime
LocalFree
GetCommandLineW
ExpandEnvironmentStringsW
CreateEventW
InterlockedExchangeAdd
GetSystemDirectoryW
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThreadId
Sleep
SetEndOfFile
FlushFileBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
SetEnvironmentVariableA
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedIncrement
SetEvent
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
HeapReAlloc
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
UnhandledExceptionFilter
MultiByteToWideChar
InitializeCriticalSection
LoadLibraryA
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
CompareStringA
CompareStringW
InterlockedDecrement

user32

MessageBoxW
RegisterClassExW
CreateWindowExW
DefWindowProcW
DestroyWindow
UnregisterClassW
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetQueueStatus
PeekMessageW
WaitMessage
SetTimer
KillTimer
PostMessageW

advapi32

RegEnumValueW
CreateProcessAsUserW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
SHFileOperationW

ole32

StringFromCLSID
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

wnsprintfW
SHDeleteKeyW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e64081d82a66a17e73dc4b088f0cd11a

Headers

File Characteristics

Imports

msi

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

userenv

shlwapi

winmm

Sections

.text Size: 416KB - Virtual size: 414KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 23KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 416KB - Virtual size: 414KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 23KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 92KB - Virtual size: 92KB