8ff88d9ae1d935f67b24f6469b85c5f1a820f8799e88cb62531b314dd07e732b

Sharing

Copy URL Twitter E-mail

General

Target

8ff88d9ae1d935f67b24f6469b85c5f1a820f8799e88cb62531b314dd07e732b
Size

188KB
MD5

82c9d69dca8da7f9345dbb393d0f3b96
SHA1

dd127a4068c0d84e8aa50cb253b29128af897176
SHA256

8ff88d9ae1d935f67b24f6469b85c5f1a820f8799e88cb62531b314dd07e732b
SHA512

fb73a268d85c50f0e961a172c122ec1b30e75c7496652ee410da125208552b9abdb24bcc4347974a222b8ff9abf9ae14b29c9edc230133bb339403d1a562df3e
SSDEEP

3072:yq6JTDfuk0EdTsRL4uC1KlzXN9dql2JMO+9WQ+4oe:ybJTDfuk02TK4Y0JH+

Score

N/A

Malware Config

Signatures

Files

8ff88d9ae1d935f67b24f6469b85c5f1a820f8799e88cb62531b314dd07e732b
.exe windows x86

82644f6dc654b1ee6ffd5cdc45ab1ffb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
FormatMessageW
GetProcAddress
lstrcmpiW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
LoadLibraryW
lstrcatW
GetDriveTypeW
GetVersionExW
GlobalFree
GlobalUnlock
ReadFile
SetStdHandle
FlushFileBuffers
GetFileAttributesW
lstrlenW
LocalFree
GlobalAlloc
GlobalLock
SetEvent
OutputDebugStringW
GetComputerNameW
Sleep
SetErrorMode
GetACP
WideCharToMultiByte
ReleaseSemaphore
MultiByteToWideChar
CreateEventW
OpenSemaphoreW
CreateSemaphoreW
WaitForSingleObject
SetConsoleCtrlHandler
GetCurrentProcess
GetLastError
FreeLibrary
GetEnvironmentVariableW
LoadLibraryA
GetOEMCP
CloseHandle
VirtualFree
HeapCreate
LocalAlloc
GetCommandLineA
RaiseException
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
lstrcpyW
GetStartupInfoA
GetVersion
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetCPInfo
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
RtlUnwind
GetFileType
HeapReAlloc
GetEnvironmentStrings
ExitProcess
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA

user32

wsprintfW
LoadStringW
MessageBoxW
CharUpperW

advapi32

RegDeleteValueW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
FreeSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid

dklib

?IsAtLeastXP@COSDetect@@SAHXZ
?Is9X@COSDetect@@SAHXZ
?IsNT4@COSDetect@@SAHXZ
?IsVolumeWriteable@@YAHPAGPAK@Z
?IsWin2K@COSDetect@@SAHXZ
GetDKString

rpcrt4

RpcStringFreeW
NdrServerCall2
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingFree

ws2_32

connect
socket
closesocket
htons
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82644f6dc654b1ee6ffd5cdc45ab1ffb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

dklib

rpcrt4

ws2_32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 52KB - Virtual size: 52KB