224b3ffecf01f6aa51343aaf0d5b40cbc341cf05df4b1b9e1c87dc6969320ab3

Sharing

Copy URL Twitter E-mail

General

Target

224b3ffecf01f6aa51343aaf0d5b40cbc341cf05df4b1b9e1c87dc6969320ab3
Size

552KB
MD5

5ecab0ac1d50d2c69fd6318c3aa8033d
SHA1

bc6460c801448fea93a191888c4c1f053cd0d239
SHA256

224b3ffecf01f6aa51343aaf0d5b40cbc341cf05df4b1b9e1c87dc6969320ab3
SHA512

8416c5808619a9f24c4b597d0b7205a11263aa410a4c03bc30d3e8d6236e039a5e7021c43b2eebe7b7dc837d74da9a85bc68b0b600a391d9ddd0fe2b1790ed47
SSDEEP

12288:Zz8s6HcXnZhTO0AkjpoCuLSEz1XkzgQ7MDSpvHY+opK6qkQF:Z8s6HcXNoCuLSEz1X0MDSpvHY+opK6qD

Score

N/A

Malware Config

Signatures

Files

224b3ffecf01f6aa51343aaf0d5b40cbc341cf05df4b1b9e1c87dc6969320ab3
.exe windows x86

1160395755bf381fb144b7b14b2e6aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
GetLastError
MoveFileA
GetSystemInfo
HeapAlloc
GetProcessHeap
WaitForSingleObject
MapViewOfFileEx
GlobalFree
VirtualProtect
VirtualAlloc
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
VirtualFree
HeapCreate
HeapDestroy
UnmapViewOfFile
HeapWalk
HeapLock
GetProcessHeaps
QueryPerformanceFrequency
QueryPerformanceCounter
HeapUnlock
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualQuery
InterlockedCompareExchange
GlobalMemoryStatus
SetPriorityClass
GetEnvironmentStrings
InterlockedIncrement
SetEnvironmentVariableA
SetLastError
FreeEnvironmentStringsA
GetDiskFreeSpaceA
HeapFree
ExpandEnvironmentStringsA
WideCharToMultiByte
LocalAlloc
MultiByteToWideChar
GetStdHandle
GetConsoleMode
LocalFree
GetTimeZoneInformation
GetCurrentThread
SetConsoleMode
GetFullPathNameA
GetEnvironmentVariableA
GetThreadTimes
WriteFile
ReadFile
CreateFileA
FindNextFileA
DeleteFileA
GetModuleFileNameA
GetVersionExA
CloseHandle
GetProcessTimes
OpenProcess
Sleep
FindClose
FindFirstFileA
SleepEx
TerminateProcess
lstrlenA
GetCommandLineW
WaitForSingleObjectEx
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
GetComputerNameA

ws2_32

WSAStartup
gethostbyaddr
inet_addr
htons
gethostbyname
WSAEnumProtocolsA
WSAGetLastError
gethostname

msvcrt

_onexit
__dllonexit
_controlfp
__p__fmode
_except_handler3
__set_app_type
__setusermatherr
__p__commode
_adjust_fdiv
__p___initenv
_initterm
__getmainargs
ctime
_XcptFilter
_exit
scanf
_strnicmp
_strcmpi
strncat
_pctype
__mb_cur_max
_ftime
atol
mbstowcs
iswctype
_winmajor
wctomb
calloc
wcslen
_ftol
wcstombs
_beginthreadex
_splitpath
_fmode
tmpnam
realloc
toupper
strncmp
strchr
free
memcpy
_stricmp
getc
abort
strncpy
perror
getenv
strstr
_iob
rewind
_isctype
printf
qsort
bsearch
_chmod
memset
_errno
strerror
_stat
remove
sprintf
system
fgets
strtok
fclose
time
localtime
strftime
atoi
strcmp
memcmp
exit
_getcwd
fprintf
fflush
fopen
strlen
malloc
strcpy
strcat
strrchr
strpbrk
_putenv
_tempnam

advapi32

ReportEventA
DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
IsValidSid
GetSidIdentifierAuthority
RegLoadKeyA
RegUnLoadKeyA
RegEnumValueA
RegDeleteValueA
GetFileSecurityA
GetSecurityDescriptorDacl
RegisterEventSourceA
CloseServiceHandle
RegSetValueExA
LookupAccountNameA
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExA
ChangeServiceConfigA
QueryServiceConfigA
StartServiceA
ControlService
QueryServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA

user32

DdeCreateDataHandle
DdeClientTransaction
MessageBoxA
DdeGetLastError
DdeCreateStringHandleA
DdeInitializeA
wsprintfA
DdeUninitialize
DdeDisconnect
DdeConnect
DdeFreeStringHandle

netapi32

NetUserEnum

shell32

CommandLineToArgvW

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.erdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1160395755bf381fb144b7b14b2e6aa8

Headers

File Characteristics

Imports

kernel32

ws2_32

msvcrt

advapi32

user32

netapi32

shell32

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 324KB - Virtual size: 331KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 21KB

.erdata Size: 80KB - Virtual size: 80KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 324KB - Virtual size: 331KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 21KB

.erdata
Size: 80KB - Virtual size: 80KB