eb6a6e01904ace44bbf0a0d139a9b9e4fa12b6800d82b7c1b720d239c0def1e6

Sharing

Copy URL Twitter E-mail

General

Target

eb6a6e01904ace44bbf0a0d139a9b9e4fa12b6800d82b7c1b720d239c0def1e6
Size

212KB
MD5

11ac7884f06d6180c10cd247774b7290
SHA1

ee7f55214befa5baf2806d2a337ab9af776e0370
SHA256

eb6a6e01904ace44bbf0a0d139a9b9e4fa12b6800d82b7c1b720d239c0def1e6
SHA512

fcb76d288bd8bb28d92b707bf4b1c06680e9feb1d79e965f3b9cad85a3325635b6bc7b17bb256a822e9462f82b2ebdfe0769d36a9fa388dc3f5ee8927e8c5486
SSDEEP

6144:gPUZ1jxhINfRN02uxJekQ4ARtXFWuVD1GbNA6:gPSTuDwx0kQjtXFWuR1GbO6

Score

N/A

Malware Config

Signatures

Files

eb6a6e01904ace44bbf0a0d139a9b9e4fa12b6800d82b7c1b720d239c0def1e6
.exe windows x86

ab4aa11ae8320ead77ce7c7b320b7775

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetProcessHeap
GetOEMCP
LoadLibraryW
lstrlenA
CloseHandle
GetEnvironmentStringsW
GetUserDefaultLCID
GetCurrentProcess
GetSystemDefaultLCID
HeapFree
lstrcmpA
FreeResource
LockResource
MultiByteToWideChar
CreateFileA
LoadResource
FindResourceA
QueryPerformanceCounter
GetLocalTime
HeapAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
WideCharToMultiByte
GetLocaleInfoW
DeviceIoControl
QueryDosDeviceA
GetVolumeInformationA
GetTickCount
GetSystemTimeAsFileTime
SetLastError

raschap

RasCpEnumProtocolIds
RasEapGetInfo
RasCpGetInfo

rasctrs

CloseRasPerformanceData
OpenRasPerformanceData
CollectRasPerformanceData

rasman

RasAddNotification
IsRasmanProcess
RasActivateRouteEx
RasAddConnectionPort
RasAllocateRoute

rasdlg

RasPhonebookDlgW
DwTerminalDlg
GetRasDialOutProtocols
RasSrvAddPropPages
RouterEntryDlgW
RasUserGetManualDial
RasAutodialQueryDlgA
RasSrvIsConnectionConnected
RouterEntryDlgA
RasSrvHangupConnection
RasDialDlgW
RasSrvIsServiceRunning
RasUserPrefsDlg
RasUserEnableManualDial
RasAutodialQueryDlgW
RasSrvInitializeService
RasEntryDlgW
RasSrvCleanupService
RasSrvAllowConnectionsConfig
RasPhonebookDlgA
RasDialDlgA
RasEntryDlgA
RasSrvEnumConnections

rasapi32

RasValidateEntryNameA
RasSetSubEntryPropertiesW
DwCloneEntry
RasValidateEntryNameW

advapi32

RegOpenKeyExA
RegOpenKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueExW

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 21KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab4aa11ae8320ead77ce7c7b320b7775

Headers

File Characteristics

Imports

kernel32

raschap

rasctrs

rasman

rasdlg

rasapi32

advapi32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 73KB - Virtual size: 72KB

.hdata Size: 21KB - Virtual size: 2.0MB

.zdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 73KB - Virtual size: 72KB

.hdata
Size: 21KB - Virtual size: 2.0MB

.zdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB