8230596bfd0459c3cf5a52dc31dbb77b6855cb3507314f0ca4a5660b3439d844

Sharing

Copy URL

Twitter E-mail

General

Target

8230596bfd0459c3cf5a52dc31dbb77b6855cb3507314f0ca4a5660b3439d844
Size

460KB
MD5

49010614f2c6847c02cc3f9652fdc038
SHA1

5d566ed39acafaf4cf551b26a79b140739ff734b
SHA256

8230596bfd0459c3cf5a52dc31dbb77b6855cb3507314f0ca4a5660b3439d844
SHA512

167633f1ac4b7a00dc3a8add590c970cf03f8a8ca8b220d2fd11d74566d2d5df4b0927480be3dd8bb10ff230fed8252cfe54e32ecfe35079e4986787e10d96da
SSDEEP

12288:S9RINWZVbR+OeO+OeNhBBhhBBch6F8rm5qrWNruysjM:S9RINWDonoT

Score

N/A

Malware Config

Signatures

Files

8230596bfd0459c3cf5a52dc31dbb77b6855cb3507314f0ca4a5660b3439d844
.exe windows x86

23ec1c0bfca93baa078721677c638779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleHandleW
lstrcpyW
GetTickCount
lstrcmpW
lstrlenA
GetLogicalDrives
FindFirstVolumeW
GetCurrentProcess
lstrcpynW
TerminateProcess
WaitForMultipleObjects
GetEnvironmentVariableW
CreateMutexW
WaitForSingleObject
GetComputerNameExW
lstrcatA
OpenProcess
GetVolumeNameForVolumeMountPointW
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
SetVolumeMountPointW
SetFilePointerEx
ExitProcess
GetComputerNameW
FindVolumeClose
GlobalMemoryStatusEx
CreateProcessW
WideCharToMultiByte
GetVolumePathNamesForVolumeNameW
WinExec
FindNextVolumeW
lstrcmpiW
OpenMutexW
MoveFileW
GetExitCodeProcess
ResetEvent
HeapAlloc
CloseHandle
HeapReAlloc
DeleteFileW
lstrcatW
GetLastError
MultiByteToWideChar
CreateFileW
FindClose
GetTempPathW
SetEndOfFile
GetModuleFileNameW
RemoveDirectoryW
WriteFile
lstrlenW
FindNextFileW
HeapFree
SetEvent
FindFirstFileW
WriteConsoleW
HeapSize
SetStdHandle
FreeEnvironmentStringsW
CreateThread
ReadFile
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateEventW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
GetProcAddress
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
SetLastError

advapi32

CryptAcquireContextA
CryptGenRandom
GetTokenInformation
CryptDestroyKey
RegCloseKey
CloseServiceHandle
CryptEncrypt
OpenSCManagerW
RegCreateKeyExW
ControlService
CryptAcquireContextW
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExW
CryptImportKey
OpenServiceW
GetUserNameW
CryptReleaseContext

shell32

ShellExecuteW
SHEmptyRecycleBinW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear

iphlpapi

GetAdaptersInfo

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

rstrtmgr

RmEndSession
RmShutdown
RmStartSession
RmGetList
RmRegisterResources

shlwapi

wnsprintfW
StrStrW
PathRemoveFileSpecW
StrStrA
StrCmpNA
wnsprintfA
PathCombineW

wininet

InternetCrackUrlA
HttpOpenRequestW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenW
InternetCrackUrlW
HttpSendRequestW
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetCloseHandle

ws2_32

htons
closesocket
inet_addr
send
socket
recv
connect

Sections

.text
Size: 308KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23ec1c0bfca93baa078721677c638779

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

iphlpapi

mpr

rstrtmgr

shlwapi

wininet

ws2_32

Sections

.text Size: 308KB - Virtual size: 312KB

.rdata Size: 91KB - Virtual size: 92KB

.data Size: 37KB - Virtual size: 52KB

.reloc Size: - Virtual size: 20KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 20KB

.text
Size: 308KB - Virtual size: 312KB

.rdata
Size: 91KB - Virtual size: 92KB

.data
Size: 37KB - Virtual size: 52KB

.reloc
Size: - Virtual size: 20KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 20KB