5b30535e9e8e21e58ce54da0a1aca6fb1728c3fed89655cbdb5f7429655a0d58

Sharing

Copy URL

Twitter E-mail

General

Target

5b30535e9e8e21e58ce54da0a1aca6fb1728c3fed89655cbdb5f7429655a0d58
Size

408KB
MD5

0786e410957b54002f3d021446b23060
SHA1

9e0171885099f96dd8315e5c7091661244003327
SHA256

5b30535e9e8e21e58ce54da0a1aca6fb1728c3fed89655cbdb5f7429655a0d58
SHA512

ef04eebdb50b174e8d637430d6438e669e57b62edeef542c49b4777ed08621ba991d7161aa7d5c44b45c5bfaf475dfc3a57f92178db171a65fb49cc90e762a49
SSDEEP

12288:Yxfh6E/AQXAKiYs/gRU813jh/kZHJ+kcR:Ybpfi/gRt/kZHlcR

Score

N/A

Malware Config

Signatures

Files

5b30535e9e8e21e58ce54da0a1aca6fb1728c3fed89655cbdb5f7429655a0d58
.exe windows x86

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
socket
closesocket
gethostbyname
WSACleanup
recv
connect
inet_ntoa
WSAStartup
inet_addr
htons

netapi32

Netbios

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FreeEnvironmentStringsW
RtlUnwind
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetLongPathNameW
DeleteFileW
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetVersionExW
GetCommandLineW
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
SizeofResource
OpenThread
LockResource
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetSystemDirectoryW
CopyFileW
GetExitCodeProcess
GetModuleHandleW
GetFileSizeEx
FindFirstFileW
VirtualQuery
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
GetProcessTimes
Sleep
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
MoveFileW
EnterCriticalSection
FindClose
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
DeleteCriticalSection
SetFileAttributesW
WideCharToMultiByte
DeviceIoControl
FreeLibrary
CreateProcessW
LoadLibraryW
GetStdHandle
CreatePipe
DuplicateHandle
GetFileType
lstrlenW
GetLocalTime
GetEnvironmentStringsW
OutputDebugStringW
IsBadReadPtr
TerminateThread
MultiByteToWideChar
ResetEvent
CreateEventW
GetWindowsDirectoryW
SetErrorMode
lstrlenA
GetTempFileNameW
lstrcatW
GlobalFree
GlobalAlloc
lstrcmpW
OpenProcess
lstrcpyW
GetVersion
RemoveDirectoryW
FindNextFileW
lstrcmpiW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
SearchPathW
GetShortPathNameW
GetFullPathNameW
SetCurrentDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetStartupInfoW
HeapSetInformation
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
HeapAlloc
HeapFree
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetEvent
SetHandleCount
WriteConsoleW
SetStdHandle
lstrcpynW
GetProcessHeap
SetLastError

user32

CharUpperW
wsprintfW
CharNextW
MessageBoxIndirectW
CharPrevW
wvsprintfW
SetTimer
GetMessageW
KillTimer
TranslateMessage
PeekMessageW
SetWindowLongW
RegisterClassW
UpdateWindow
DispatchMessageW
LoadImageW
IsIconic
SendMessageTimeoutW
FindWindowA
DestroyWindow
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
ShowWindow
IsWindow
CreateWindowExW
SendMessageW
DefWindowProcW
PostThreadMessageW
TrackPopupMenu
PostMessageW
GetSubMenu
SetForegroundWindow
LoadMenuW
GetCursorPos
DestroyMenu
SetWindowTextW
GetWindowLongW

gdi32

GetStockObject

advapi32

RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoFreeLibrary
CoLoadLibrary

shlwapi

PathFileExistsW

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wintrust

crypt32

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 7KB - Virtual size: 302KB

.ndata Size: - Virtual size: 544KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 302KB

.ndata
Size: - Virtual size: 544KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 95KB - Virtual size: 96KB