aa818d626a27b90e013bf95ba0f18e057cf7e3a47b55d155d0f7853e3ef55c25

Sharing

Copy URL Twitter E-mail

General

Target

aa818d626a27b90e013bf95ba0f18e057cf7e3a47b55d155d0f7853e3ef55c25
Size

871KB
MD5

846bb5fb87251d5e13f2f5d8fbcdeb30
SHA1

772b54b128f9de0898f1ce0117e8a2bae8c9a4cf
SHA256

aa818d626a27b90e013bf95ba0f18e057cf7e3a47b55d155d0f7853e3ef55c25
SHA512

0c71acc89a979a4e76ef25b4edb949c4dd8f5908c096960b05fe15e1b1f3c115cbb403a269290cac00c9a46351057daedd3055904ef8cbf02a65a0a0928b531a
SSDEEP

24576:Q0sVWJ+GGiDfn6PbWV6P8DGJPp8E67wiIN:Q4J+1yf6PfU6JPpb6a

Score

N/A

Malware Config

Signatures

Files

aa818d626a27b90e013bf95ba0f18e057cf7e3a47b55d155d0f7853e3ef55c25
.exe windows x86

d0c51893a1980a1f897e3d11ac6bea46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

ws2_32

htons
connect
select
__WSAFDIsSet
ioctlsocket
bind
listen
socket
setsockopt
WSAAccept
freeaddrinfo
accept
shutdown
closesocket
getsockname
WSAStartup
ntohl
htonl
ntohs
WSACreateEvent
WSAGetLastError
WSACloseEvent
WSAResetEvent
WSAAddressToStringA
WSASetEvent
recv
send
getpeername
getaddrinfo

iphlpapi

GetExtendedTcpTable
GetAdaptersAddresses
NotifyAddrChange
SetTcpEntry

dnsapi

DnsModifyRecordsInSet_A

crypt32

CryptProtectData
CryptUnprotectData

kernel32

VirtualAlloc
HeapReAlloc
HeapCreate
HeapSize
GetConsoleCP
VirtualFree
GetLastError
WaitForSingleObject
FormatMessageA
GetComputerNameExA
CreateEventA
DuplicateHandle
GetCurrentProcess
CloseHandle
SetEvent
ResetEvent
CreateFileA
GetOverlappedResult
GetConsoleMode
WriteFile
DeviceIoControl
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
GetVersionExA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetCurrentThreadId
ResumeThread
GetTickCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStartupInfoA
SetHandleCount
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcessHeap
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
ReadFile
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
RtlUnwind
HeapAlloc
HeapFree
ExitThread
CreateThread
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
DeleteFileA
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

RegisterDeviceNotificationA
DestroyWindow
CreateWindowExA
RegisterClassA
UnregisterDeviceNotification
DefWindowProcA

advapi32

CreateServiceA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
ChangeServiceConfig2A
CloseServiceHandle
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 560KB - Virtual size: 1.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0c51893a1980a1f897e3d11ac6bea46

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ws2_32

iphlpapi

dnsapi

crypt32

kernel32

user32

advapi32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.vmp1 Size: 560KB - Virtual size: 1.7MB

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp1
Size: 560KB - Virtual size: 1.7MB