89a4850f6fec560c8a0af63769124338d60dd09e1e35ffc926bdc17a91b10680

Sharing

Copy URL Twitter E-mail

General

Target

89a4850f6fec560c8a0af63769124338d60dd09e1e35ffc926bdc17a91b10680
Size

208KB
MD5

a27287760e24feae8f20b9f554697be5
SHA1

bdd75e0ec77060177d00ec2110ab074fb5331139
SHA256

89a4850f6fec560c8a0af63769124338d60dd09e1e35ffc926bdc17a91b10680
SHA512

e83af384f3838c4971850f4a172d533da83cc6a9dc99bbac14acfe71b2124d9655c175f809d09cb1f5882cc1eb1979a2fd39298ac70a46e763ec77153a3d05d3
SSDEEP

3072:dX/XOXn4qaAMnAYl+HwqF0q6kfQMHNE+nAW95/yl:dPOXn4RA/Qqmqnfhfyl

Score

N/A

Malware Config

Signatures

Files

89a4850f6fec560c8a0af63769124338d60dd09e1e35ffc926bdc17a91b10680
.exe windows x86

6d8533f1ec1cce2b14435f8ddfd4122c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetCurrentProcess
LocalFree
FormatMessageA
ExitProcess
CreateMutexA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
ReadFile
GetFileSize
DeleteFileA
CopyFileA
GetModuleFileNameA
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetSystemDirectoryA
lstrcmpiA
FreeResource
TerminateThread
CreateProcessA
WaitForSingleObject
FindResourceA
SizeofResource
LoadResource
LockResource
WriteFile
lstrlenA
GetTempPathA
WinExec
lstrcpyA
GetSystemInfo
HeapAlloc
CreateThread
CloseHandle
CreateFileA
Sleep
GlobalAlloc
GlobalFree
DeviceIoControl
GetTickCount
lstrcatA
LoadLibraryA
GetProcAddress
GetFileAttributesA
GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
HeapReAlloc
VirtualAlloc
SetFilePointer
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
TerminateProcess
LCMapStringW

user32

wsprintfA
FindWindowA
FindWindowExA
PostMessageA

advapi32

CreateServiceA
StartServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegFlushKey
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey

ws2_32

recvfrom
ntohs
inet_ntoa
ntohl
send
WSASocketA
WSAGetLastError
setsockopt
WSAIoctl
sendto
WSACleanup
WSAStartup
htonl
socket
htons
connect
closesocket
inet_addr
gethostbyname
recv
__WSAFDIsSet
select
gethostname

iphlpapi

GetNetworkParams

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d8533f1ec1cce2b14435f8ddfd4122c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 140KB - Virtual size: 136KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 140KB - Virtual size: 136KB