fc6e36d4db3f8b64d1dcd2946d26aab2f3479d939a0481bb8e7c37e49d3984bb

Sharing

Copy URL Twitter E-mail

General

Target

fc6e36d4db3f8b64d1dcd2946d26aab2f3479d939a0481bb8e7c37e49d3984bb
Size

597KB
MD5

8352b77d3c99237cd25913b93c2f0390
SHA1

19e77e2d0d62f9b4dec7cbe11c386ff966448c29
SHA256

fc6e36d4db3f8b64d1dcd2946d26aab2f3479d939a0481bb8e7c37e49d3984bb
SHA512

2b8af62fda10a70fdeff2780535b9706a5fcf5bde8063a7f154cb62c9c78ee377e20b793e08f506041f76334abfe8f858db18248c59006007a2aff0fd3cfb0f1
SSDEEP

12288:eM8iyDtSqK0ZzIjpLSXDdmvVgc/EcCheK0f3fXwj6uVPqLBCHx8:aZz3ZzIt2XDovVgRCfXIs

Score

N/A

Malware Config

Signatures

Files

fc6e36d4db3f8b64d1dcd2946d26aab2f3479d939a0481bb8e7c37e49d3984bb
.exe windows x86

8112049427b9b48d23637e161f661cf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterEventSourceW
OpenProcessToken
OpenEventLogW
GetTokenInformation
RegCreateKeyExW
RegQueryValueExW
DeregisterEventSource
RegConnectRegistryW
RegOpenKeyExW
ReportEventW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
CloseEventLog

kernel32

CloseHandle
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
SetLastError
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetStdHandle
GetConsoleMode
GetFileType
InterlockedExchange
Sleep
GetLastError
GetCurrentProcess
WideCharToMultiByte
LocalFree
FormatMessageW
SetThreadUILanguage
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
ReadConsoleW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
InterlockedCompareExchange

msvcrt

wcstok
fflush
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_iob
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
__iob_func
fprintf
memset

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

CharUpperW
LoadStringW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

secur32

GetUserNameExW

ws2_32

WSACleanup
GetAddrInfoW
GetNameInfoW
FreeAddrInfoW
WSAGetLastError
WSAStartup

netapi32

NetApiBufferFree
NetServerGetInfo

shlwapi

StrChrW
StrStrW
StrStrIW
StrChrIW

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 564KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8112049427b9b48d23637e161f661cf5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

mpr

secur32

ws2_32

netapi32

shlwapi

version

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 564KB - Virtual size: 1.7MB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 564KB - Virtual size: 1.7MB