6d280a329f695d993e6557b3cb32efd8211e14fd3d2d17f3b221ce5a84f8578b

Sharing

Copy URL Twitter E-mail

General

Target

6d280a329f695d993e6557b3cb32efd8211e14fd3d2d17f3b221ce5a84f8578b
Size

855KB
MD5

0fdc3120c0c2ffc58e1efdd8e2953630
SHA1

4c7117b4eab5e3f7b0fcf6a6cf5102ffb7759bce
SHA256

6d280a329f695d993e6557b3cb32efd8211e14fd3d2d17f3b221ce5a84f8578b
SHA512

7c918cebc0b6c09926f9436b71a91e9273b60f2eb67593e4805dba902adb01d0a787dbdb8a002a27a5bccd64b3245bf312256f6f9b45741160d1d97de3ad9b04
SSDEEP

24576:Tsg3NzIcEy8YflYRAGyRX4sHRoYxSSbicG6XpX0Wg:Tsg3NzIcEy8YflYRZyRX4sHRoYx9GYpX

Score

N/A

Malware Config

Signatures

Files

6d280a329f695d993e6557b3cb32efd8211e14fd3d2d17f3b221ce5a84f8578b
.exe windows x64

a6c7beed94e5774d8d6c066c893b07a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
Sleep
lstrcmpiW
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameW
SetThreadUILanguage
RegisterApplicationRestart
GetConsoleMode
GetStdHandle
GetLastError
GetLocalTime
GetFileType
SetConsoleCtrlHandler
HeapSetInformation
GetModuleHandleW
WriteFile
FormatMessageW
WriteConsoleW
LocalAlloc
LocalFree
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime

msvcrt

_cexit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
_exit
?terminate@@YAXXZ
setvbuf
memset
_XcptFilter
__C_specific_handler
__wgetmainargs
exit
_wcsicmp
setlocale
__set_app_type
_iob
_vsnprintf
fprintf
_wtol
_wfopen
_wtoi
_vsnwprintf
fgetwc
_wcsnicmp
fclose
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringExW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

user32

LoadStringW

ws2_32

freeaddrinfo
htons
WSAGetLastError
getaddrinfo
WSAStartup
WSAAddressToStringW
WSACleanup

Exports

Exports

??0CDrCallTracer@@QEAA@KQEBD0PEBJ@Z
??1CDrCallTracer@@QEAA@XZ
?LogMessage@CDrCallTracer@@QEAAXKPEADZZ

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6c7beed94e5774d8d6c066c893b07a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

user32

ws2_32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 340KB

.data Size: 5KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 340KB - Virtual size: 340KB

.data
Size: 5KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 500KB - Virtual size: 1.8MB