d140fdabc611ba8675df2e0468f45a2cb9f325c4e74952d9b32bb68c6e5e4d1d

Sharing

Copy URL Twitter E-mail

General

Target

d140fdabc611ba8675df2e0468f45a2cb9f325c4e74952d9b32bb68c6e5e4d1d
Size

116KB
MD5

3b12344e46e9505d25f4251edb333d50
SHA1

f1314279ed4d1d5c9cfa02368f2dc9432a69790d
SHA256

d140fdabc611ba8675df2e0468f45a2cb9f325c4e74952d9b32bb68c6e5e4d1d
SHA512

cd8d5da22377e3f6182d7ac5c218b62932837555e539802233e5d9966ae48cd56ea31ec4cdeea8e436d4b5d18b504b27aa45c6669a10866b39e8eb214c108e88
SSDEEP

3072:N7/nA69sBbeDHm1wsWyxVDm+D4SioOqfxQxQxzJVwQ4N:N7/AxBbGqwHaC+D4SioOqfxQx2

Score

N/A

Malware Config

Signatures

Files

d140fdabc611ba8675df2e0468f45a2cb9f325c4e74952d9b32bb68c6e5e4d1d
.exe windows x86

9e90e78508e03ec7f1dd7d7c29cd7475

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncmp
atoi
rand
strchr
strncat
_except_handler3
free
realloc
exit
malloc
strrchr
strcat
strcpy
memcmp
??2@YAPAXI@Z
memset
strstr
strlen
_ftol
ceil
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
memmove
memcpy
_strcmpi

ws2_32

select
closesocket
send
ntohs
socket
gethostbyname
htons
connect
setsockopt
gethostname
getsockname
WSAStartup
WSACleanup
recv

kernel32

SetErrorMode
ReleaseMutex
GetTickCount
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
GetPriorityClass
GetCurrentThread
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
HeapFree
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
lstrcmpiA
Process32Next
Process32First
OpenProcess
GetCurrentThreadId
WriteFile
GetStartupInfoA
OpenEventA
GetProcAddress
LoadLibraryA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
Sleep
SetEvent
InterlockedExchange
CancelIo
DeleteFileA
CreateProcessA
lstrlenA
TerminateThread
GetLastError
GetCurrentProcess
lstrcatA
GetSystemDirectoryA
HeapAlloc
GetProcessHeap
VirtualAlloc
IsBadReadPtr
VirtualFree
VirtualProtect

user32

OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenWindowStationA
SetProcessWindowStation
ExitWindowsEx
wsprintfA
GetThreadDesktop
PostMessageA
GetProcessWindowStation

advapi32

ClearEventLogA
CloseEventLog
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
CloseServiceHandle
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
RegEnumKeyExA

shell32

ShellExecuteExA
SHChangeNotify

iphlpapi

GetIfTable

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e90e78508e03ec7f1dd7d7c29cd7475

Headers

File Characteristics

Imports

msvcrt

ws2_32

kernel32

user32

advapi32

shell32

iphlpapi

wtsapi32

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 36KB - Virtual size: 34KB