77a60e627f76d5bff031ee95faa46baeac45b027a06639e32f9e76d5d63608a1

Sharing

Copy URL Twitter E-mail

General

Target

77a60e627f76d5bff031ee95faa46baeac45b027a06639e32f9e76d5d63608a1
Size

148KB
MD5

914007c0c7e0c84f06d81236aea115df
SHA1

b56ca63281ce0fb9ebf228a201c4fdf4ef84e9ba
SHA256

77a60e627f76d5bff031ee95faa46baeac45b027a06639e32f9e76d5d63608a1
SHA512

7332e237181da45d54508c6f3bd654bc8f29d26ec796001262cc1bfe1282ed942a0ed6be148096eff25609cee7a405bac7cd32f1da3c3384025e095aaa1cdf42
SSDEEP

3072:R0BCt/69++Y4pPR67TrVyES6falcZe5PV:T/69hPuK6C2ZS

Score

N/A

Malware Config

Signatures

Files

77a60e627f76d5bff031ee95faa46baeac45b027a06639e32f9e76d5d63608a1
.exe windows x86

6c573d1d13d123fd1603e002d38374c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

_wcsnicmp
rand
wcsncpy
memmove
_wcslwr
_itow
_wcsicmp
malloc
free
wcscpy
swprintf
wcscat
printf
_getpid
wprintf
wcslen
_endthread
_beginthread
setlocale
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
__p___initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3
__security_error_handler
_getch

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
ExitProcess
CreateEventW
WaitForSingleObject
SetEvent
InterlockedCompareExchange
GetLastError
FormatMessageW
CreateFileW
CloseHandle
LocalAlloc
DeviceIoControl
LocalFree
GetCurrentThreadId
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetUnhandledExceptionFilter
DebugBreak
GetNativeSystemInfo
Sleep
WaitForMultipleObjects
SetHandleInformation
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
GetLocaleInfoW
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
SetLastError
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
InterlockedIncrement
SetEnvironmentVariableW
GetEnvironmentVariableW
InitializeCriticalSection
GetComputerNameW
InterlockedExchange
WideCharToMultiByte
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
UnmapViewOfFile

advapi32

ReportEventW
RegCloseKey
RegQueryValueExW
AllocateAndInitializeSid
RegSetKeySecurity
FreeSid
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptCreateHash
CryptImportKey
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptHashData
RegOpenKeyExW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterEventSourceW

ctxsecureima

CTX_CreateRegistryKey
CTX_SetRegistryKeyValue

imacommon

_Sync_LeaveCriticalSection@4
_Sync_DestroyCriticalSection@4
_Sync_InitializeCriticalSection@4
_WorkItem_CloseHandle@4
_Sync_CreateCondition@4
_WorkItem_Create@28
_Sync_DestroyCondition@4
_Sync_InterlockedIncrement@4
_Thread_Create@12
_Sync_WaitForCondition@8
_WorkItem_DispatchNow@4
_Sync_InterlockedDecrement@4
_Thread_WaitForExit@8
_Thread_CloseHandle@4
_DestroySystemWorkQueue@0
_DisableSystemWorkQueue@0
_EnableSystemWorkQueue@4
_Sync_CreateConditionAuto@4
_WorkItem_CloseHandleNoWait@4
_Sync_EnterCriticalSection@4
_Resource_UnloadDLLs@0
_Resource_LoadDLLs@0
_Mem_Free_Debug@4
_FlushSystemWorkQueue@0
_Mem_Alloc_Debug@12
_DestroyHashTable@4
_Sync_SetConditionState@8
_InitializeHashTable@12
_QueueShortcutWorkItemToPool@16
_RemoveHashEntry@8
_InsertHashEntry@16
_InitializeHashEntry@4
_FindHashEntry@12

user32

wsprintfW
CharUpperW

wsock32

connect
bind
inet_ntoa
htonl
socket
ntohs
accept
listen
WSAStartup
gethostbyname
htons
WSAGetLastError
inet_addr
closesocket
WSACleanup
ioctlsocket

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
WSACloseEvent
WSAEventSelect
WSARecv
WSASend
WSAIoctl

imagehlp

ImageGetCertificateData
ImageGetDigestStream
ImageEnumerateCertificates
ImageGetCertificateHeader

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dcxfywz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c573d1d13d123fd1603e002d38374c1

Headers

File Characteristics

Imports

msvcr71

kernel32

advapi32

ctxsecureima

imacommon

user32

wsock32

ws2_32

imagehlp

iphlpapi

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

dcxfywz Size: - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

dcxfywz
Size: - Virtual size: 4KB