ea1c40306f69806f27ed7e2c301282def328fe34900e685d3132dd51410d6c23

Sharing

Copy URL Twitter E-mail

General

Target

ea1c40306f69806f27ed7e2c301282def328fe34900e685d3132dd51410d6c23
Size

822KB
MD5

1083fa2aa84d9eee5948e8b63747259a
SHA1

4f6b9ad84236f6e35bfd069b7bad723403ade719
SHA256

ea1c40306f69806f27ed7e2c301282def328fe34900e685d3132dd51410d6c23
SHA512

3a3e2a5ca709fe951ecc7caee1eb22db369e404b9d4f6eb5321e94ff4a9cfb11ca61c23bdd5af820073f7f3684eb21ce1e0caf45b8d6389916f586663d832b43
SSDEEP

24576:S2zUM450OWjIDUfo+hMn/PUvHr768xEJ+cb:SCUMA0OpEo+an/PW36nJ+E

Score

N/A

Malware Config

Signatures

Files

ea1c40306f69806f27ed7e2c301282def328fe34900e685d3132dd51410d6c23
.exe windows x86

7244a2880a41a01fb1a14691697b231d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
CreateEventW
FindFirstVolumeMountPointW
LoadLibraryW
QueryPerformanceCounter
FreeConsole
GlobalMemoryStatus
GetDefaultCommConfigW
SetConsolePalette
GetModuleHandleW
EnumLanguageGroupLocalesA
EnumResourceNamesA
_lcreat
GetLocaleInfoW
LoadResource
SetConsoleCursorMode
GetCurrentThread

msls31

LsQueryFLineEmpty
LsQueryLineDup
LsEnumSubline
LsdnResetPenNode
LsdnResetObjDim
LsQueryLineCpPpoint
LsdnDistribute
LsAppendRunToCurrentSubline
LssbGetPlsrunsFromSubline
LsdnFinishBySubline
LsFetchAppendToCurrentSublineResume
LsdnQueryPenNode
LsQueryCpPpointSubline

wsock32

EnumProtocolsA
SetServiceW
select
WSACancelAsyncRequest
connect
WSAGetLastError
inet_ntoa
WSApSetPostRoutine
getservbyport
EnumProtocolsW
accept
ntohl
gethostbyaddr
WSAAsyncGetProtoByName
WSASetLastError
getsockopt
WSAAsyncSelect
WSAAsyncGetProtoByNumber
WSAUnhookBlockingHook
NPLoadNameSpaces

pdh

PdhGetRawCounterArrayW
PdhGetCounterInfoA
PdhGetCounterInfoW
PdhVbOpenLog
PdhReadRawLogRecord
PdhEnumLogSetNamesW
PdhVbGetOneCounterPath
PdhCreateSQLTablesA
PdhVbGetLogFileSize
PdhGetFormattedCounterArrayW
PdhCalculateCounterFromRawValue
PdhOpenQuery
PdhBrowseCountersHW
PdhAdd009CounterW
PdhTranslate009CounterA
PdhAddCounterA
PdhOpenLogW
PdhGetDefaultPerfCounterHA
PdhVbGetDoubleCounterValue
PdhGetDataSourceTimeRangeW
PdhUpdateLogA

usp10

ScriptGetGlyphABCWidth
LpkPresent
ScriptGetProperties
ScriptStringXtoCP
ScriptBreak
UspAllocCache
ScriptTextOut
ScriptJustify

user32

GetWindowModuleFileNameA
BroadcastSystemMessageExA
PostMessageA
GrayStringW
GetActiveWindow
GetTabbedTextExtentA
SwitchToThisWindow
EnumDesktopWindows

gdi32

SetMapperFlags
CreateEllipticRgnIndirect
GdiValidateHandle
GdiPrinterThunk
GetHFONT
GetCharWidthFloatA
EngCreateDeviceBitmap
DdEntry6
XLATEOBJ_piVector
GetNearestPaletteIndex
ChoosePixelFormat

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7244a2880a41a01fb1a14691697b231d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msls31

wsock32

pdh

usp10

user32

gdi32

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 1024B - Virtual size: 808B

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 1024B - Virtual size: 808B