2fab598f9dbcbe78310c92763921d707c6073ba1bb247d3a09bea216e43bea8e

Sharing

Copy URL Twitter E-mail

General

Target

2fab598f9dbcbe78310c92763921d707c6073ba1bb247d3a09bea216e43bea8e
Size

831KB
MD5

05df74f56b064ad7af0b463980a3f220
SHA1

d7f454599c21b53db02dd57def01752b3b952e79
SHA256

2fab598f9dbcbe78310c92763921d707c6073ba1bb247d3a09bea216e43bea8e
SHA512

6ae124c336ee68cb85614949ca18aa588bf4f644ece60f3d817676e9956e054855064ca683f127b7098c9d3f7359cbb30240536a7d08c5d4896a551b24ab7d7d
SSDEEP

24576:KvWAvTAFAm5jAA8GAxxJYkmTVA4FjLo28+I:KvWeTCt5jAG8xJYjTV1dLo28+I

Score

N/A

Malware Config

Signatures

Files

2fab598f9dbcbe78310c92763921d707c6073ba1bb247d3a09bea216e43bea8e
.exe windows x64

8a0092b9b4b6c53d9f08f22d48a6345d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
CloseHandle
WriteFile
CreateFileW
CreateEventA
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
SetEvent
ResetEvent
GetLocalTime
FileTimeToSystemTime
GetProcAddress
LoadLibraryW
GetModuleHandleW
SystemTimeToFileTime
GetVersionExA
PulseEvent
GetModuleFileNameW
GetStdHandle
GetExitCodeProcess
__C_specific_handler
OutputDebugStringW
LocalFree
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
ExpandEnvironmentStringsW
SetLastError
GetFileAttributesW
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
CreateDirectoryW
GetCurrentProcessId
CompareStringW
CompareStringA
SetEndOfFile
DeleteFileW
ReadFile
GetTempPathW
GetTempFileNameW
GetLastError
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
GetSystemTime
Sleep
ResumeThread
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CopyFileW
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
GetEnvironmentStringsW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapSetInformation
GetTimeZoneInformation
GetOEMCP
GetACP
GetCPInfo
RtlVirtualUnwind
HeapSize
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleFileNameA
ExitProcess
GetModuleHandleA
HeapReAlloc
CreateThread
ExitThread
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA

user32

LoadStringW
MessageBoxW

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegSetValueExW
RegEnumKeyExW
RegQueryValueExA
RegEnumValueW
RegConnectRegistryW
RegCreateKeyExW
RegQueryInfoKeyA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegDeleteKeyW

wsock32

setsockopt
htonl
ntohl
WSAGetLastError
select
recvfrom
sendto
htons
socket
bind
closesocket
inet_ntoa

odbc32

ord111
ord136
ord75
ord24
ord31
ord9
ord171
ord155
ord141
ord108
ord20
ord68
ord61
ord43
ord30
ord13
ord48
ord49
ord4
ord72
ord16
ord18
ord27
ord78
ord5
ord47
ord165
ord140
ord154
ord76
ord12
ord119
ord29
ord39

odbcbcp

ord2
ord14
ord3
ord18

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a0092b9b4b6c53d9f08f22d48a6345d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

odbc32

odbcbcp

version

Sections

.text Size: 592KB - Virtual size: 592KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 12KB - Virtual size: 3.0MB

.pdata Size: 44KB - Virtual size: 43KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 592KB - Virtual size: 592KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 12KB - Virtual size: 3.0MB

.pdata
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 8KB - Virtual size: 8KB