ca7481626725ad04ad069c7210209b31d7a1962699e1141cd1fa303942253658

Sharing

Copy URL Twitter E-mail

General

Target

ca7481626725ad04ad069c7210209b31d7a1962699e1141cd1fa303942253658
Size

1.1MB
MD5

0f9370cd690a84e838012d8b8c657840
SHA1

9cd7bf51052cc9f7de96f2bd1430ff077d69b4fa
SHA256

ca7481626725ad04ad069c7210209b31d7a1962699e1141cd1fa303942253658
SHA512

62a4ecda7aba3403fc98e4c8cb00e2672d51cb15d7c78e9a7e4d31abeb2f84c82172e933b364741fb1ef53d862bc0e0f695c13a277d812fea7e0c5848612e71b
SSDEEP

24576:0dN2B5jKSEXQE1jEkUuZDibQCI6Vd2Qy68pCx2U5aaU7/uA:0O/jlqjEkUuAbl8Qy1W22aR/uA

Score

N/A

Malware Config

Signatures

Files

ca7481626725ad04ad069c7210209b31d7a1962699e1141cd1fa303942253658
.exe windows x86

4f12044a501ee2a07d8d9b3d84a6cc69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
htons
sendto
ntohl
socket
closesocket
WSAStartup
WSACleanup
htonl

kernel32

lstrlenA
FindResourceW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceExW
GetCurrentProcess
ReadProcessMemory
WriteFile
VirtualQuery
GetCurrentThread
FreeLibrary
CloseHandle
CreateFileA
MultiByteToWideChar
GetVersionExW
SetFilePointer
SetUnhandledExceptionFilter
GetThreadSelectorEntry
ReadFile
DeleteFileW
GetCurrentProcessId
CreateFileW
VirtualQueryEx
WritePrivateProfileStringW
GetModuleFileNameA
GetCurrentThreadId
GetLogicalDrives
GetFileSize
GetDriveTypeW
DeviceIoControl
FindFirstFileW
FindClose
CopyFileW
ProcessIdToSessionId
LocalFree
lstrlenW
GetFullPathNameW
WideCharToMultiByte
GetCPInfo
GetVersion
lstrcmpiW
GetModuleHandleW
CreateProcessW
RaiseException
Sleep
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
SetLastError
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
GetStdHandle
CreatePipe
TlsSetValue
IsBadWritePtr
IsBadReadPtr
GetTickCount
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetFileAttributesW
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetFileType
GetStartupInfoA
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
DuplicateHandle
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
SetHandleCount
GetCurrentDirectoryA
HeapCreate
LCMapStringW
LCMapStringA
HeapFree
HeapAlloc
HeapDestroy
TlsFree
InterlockedIncrement
InterlockedDecrement
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
ExitProcess

user32

UnregisterClassA
GetPropW
GetMessageW
GetWindow
GetDesktopWindow
CreateDialogParamW
PostMessageW
BringWindowToTop
SetPropW
DispatchMessageW
TranslateMessage
PostQuitMessage
DestroyWindow
ShowWindow
SetWindowLongW
SendMessageW
LoadImageW
LoadIconW
DestroyIcon
IsWindow

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegSetValueExW
LookupAccountNameW
RegCreateKeyExW
RegDeleteValueW
ConvertSidToStringSidW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
QueryServiceConfigW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoFreeLibrary
CoUninitialize
CoCreateGuid
CoCreateInstance
CoLoadLibrary
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetQueryOptionW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f12044a501ee2a07d8d9b3d84a6cc69

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

version

wininet

netapi32

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 796KB - Virtual size: 796KB

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 796KB - Virtual size: 796KB