6169de4f3e06f9c9701e3d6eaffc6a49c98d23395f0faece06f1938c317e72f8

Sharing

Copy URL

Twitter E-mail

General

Target

6169de4f3e06f9c9701e3d6eaffc6a49c98d23395f0faece06f1938c317e72f8
Size

122KB
MD5

081d68a202a28553a1728286544c47f0
SHA1

4329fceb5dd7d862a3bdc9199dd9bcfe37a7ba68
SHA256

6169de4f3e06f9c9701e3d6eaffc6a49c98d23395f0faece06f1938c317e72f8
SHA512

6e1795441db64a404cfaeb8712708d61fb330c0464d3c5a31ab60d974999e2d781185f069433a6445c736d3e9e4cd0d393c2b0fadaf49740dd8fe2013987ab9e
SSDEEP

1536:VkZShQ7BWNxTLmCjocqaz6/A3gA1xZNvlwIsWz8pORq85Y5MYGQX3Io:ISC7kzLmC0cqZopZNvulhkqMYy

Score

N/A

Malware Config

Signatures

Files

6169de4f3e06f9c9701e3d6eaffc6a49c98d23395f0faece06f1938c317e72f8
.exe windows x86

a90732fe981ccf905022fe3e10877e2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey

kernel32

FormatMessageA
LocalFree
SetLastError
ExpandEnvironmentStringsA
LocalAlloc
GetLastError
WaitForSingleObject
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSetInformation
SetThreadUILanguage
ReleaseMutex

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
perror
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
system
sprintf_s
putc
_write
fputs
fwrite
getc
ferror
fread
realloc
malloc
fputc
fflush
getenv
strcat_s
fopen
fgets
isspace
strncmp
_strnicmp
printf
putchar
strncpy_s
strchr
memset
fprintf
fclose
sscanf
free
strcpy_s
_iob
exit
_vsnprintf
gmtime
memcpy

wsock32

ord1108
htonl
gethostname
select
socket
connect
send
recv
closesocket
ntohs
inet_addr
getprotobynumber
htons
getservbyport
WSAStartup
WSAGetLastError

ws2_32

getaddrinfo
freeaddrinfo

user32

CharToOemBuffA

dnsapi

DnsQueryConfigAllocEx
DnsFreeConfigStructure

ntdll

RtlIpv4StringToAddressA
RtlIpv6AddressToStringA
RtlIpv6StringToAddressExA
RtlIpv6AddressToStringExA
RtlIpv4AddressToStringExA
RtlFreeUnicodeString
NtOpenKey
RtlAnsiStringToUnicodeString
RtlInitString
RtlUnicodeStringToAnsiString
NtQueryValueKey
RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jzqihko
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a90732fe981ccf905022fe3e10877e2f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

wsock32

ws2_32

user32

dnsapi

ntdll

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 26KB - Virtual size: 43KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 33KB - Virtual size: 34KB

jzqihko Size: - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 26KB - Virtual size: 43KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 33KB - Virtual size: 34KB

jzqihko
Size: - Virtual size: 4KB