2b0c5ccf21a30efa57272c670d24aec5e2a935b452c34bd8191f5b7ce04918e5

Sharing

Copy URL Twitter E-mail

General

Target

2b0c5ccf21a30efa57272c670d24aec5e2a935b452c34bd8191f5b7ce04918e5
Size

80KB
MD5

32e88bc4902f4bfb68716af5c4b55e5b
SHA1

61895051e6da5bc9f7806af24543c351c4cfbfa5
SHA256

2b0c5ccf21a30efa57272c670d24aec5e2a935b452c34bd8191f5b7ce04918e5
SHA512

36a4c5ccc9ad4a855ed6ac3a145feadac3488aeb6c45c14e7a71e2e3e151d0815b1cd602c4d273d010c3834994e91a06bd1656588d9a9772c3d574f141b3d7f6
SSDEEP

1536:D6zAgrE5b2l6eRK8r/6GIfIuHSDdmvXoDfL9UZR0v3uoj8fMf+f:D6M+lZ3iGIgA/XAfmZ+v5j8fMf

Score

N/A

Malware Config

Signatures

Files

2b0c5ccf21a30efa57272c670d24aec5e2a935b452c34bd8191f5b7ce04918e5
.dll windows x86

d89f8aa1f25a11d58b576e39dd26aff7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
inet_ntoa
ntohs
getsockname
closesocket
WSAGetLastError
WSCEnumProtocols
send

mfc42

ord6779
ord940
ord690
ord665
ord1988
ord1979
ord3318
ord2803
ord6385
ord353
ord5207
ord389
ord6467
ord1154
ord5442
ord5863
ord354
ord1997
ord5465
ord798
ord5194
ord533
ord6407
ord5829
ord3726
ord500
ord772
ord5606
ord5860
ord1158
ord5857
ord6663
ord568
ord287
ord6145
ord6143
ord6139
ord4278
ord823
ord610
ord819
ord2818
ord922
ord5608
ord6648
ord5683
ord4202
ord5861
ord541
ord540
ord6877
ord924
ord939
ord941
ord860
ord801
ord6883
ord538
ord2764
ord4277
ord4129
ord858
ord535
ord926
ord2915
ord825
ord537
ord800
ord5186

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
realloc
atoi
time
srand
wcstombs
strlen
strcpy
memcmp
rand
malloc
memset
strcmp
_purecall
_itoa
memcpy
free
__CxxFrameHandler
calloc

kernel32

ResetEvent
SetLastError
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
DeleteFileA
GetLocaleInfoA
Sleep
lstrlenA
CreateThread
CreateMutexA
GetLastError
WaitForSingleObject
GetProcAddress
GetModuleHandleA
GetTempPathA
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTickCount
FreeLibraryAndExitThread
LoadLibraryA
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
ExpandEnvironmentStringsA
ReleaseSemaphore
PostQueuedCompletionStatus
GetVersionExA
GetSystemInfo
CreateSemaphoreA
CreateIoCompletionPort
WaitForSingleObjectEx
GetQueuedCompletionStatus
TlsFree
TlsAlloc
TlsGetValue

user32

DefWindowProcA
GetWindowLongA
DestroyWindow
SetWindowLongA
CreateWindowExA
GetMessageA
LoadCursorA
LoadIconA
PostThreadMessageA
DispatchMessageA
RegisterClassA
TranslateMessage

gdi32

GetStockObject

advapi32

RegEnumValueA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoCreateGuid
StringFromGUID2

Exports

Exports

WSPStartup

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d89f8aa1f25a11d58b576e39dd26aff7

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB