dc491a0f6f07ebb24e15b3285510f178ad5857af973694b7d8a39495991043ba

Sharing

Copy URL

Twitter E-mail

General

Target

dc491a0f6f07ebb24e15b3285510f178ad5857af973694b7d8a39495991043ba
Size

48KB
MD5

0e00c1a7d4ddc2fe6391ad61bb980530
SHA1

3e1a4af71a7bbeac09308f97fe74b4a9e3700ab9
SHA256

dc491a0f6f07ebb24e15b3285510f178ad5857af973694b7d8a39495991043ba
SHA512

e276181c7e7210269e6d7c6166ee481dd5d38e9f7ce362383bcf0f96eca4f8c49be9d1b6ee72de6e2a1acccab4b8889b0d0c4c2827e5180a31621de31a13e3fe
SSDEEP

768:dFEZIH3PKp3dtfBhQSYU0d+dngwaVIacUU0PRwLQIIy+jBCi5:bEZm3a7fBelRPSJ0PBy+jBCi5

Score

N/A

Malware Config

Signatures

Files

dc491a0f6f07ebb24e15b3285510f178ad5857af973694b7d8a39495991043ba
.exe windows x86

58f3b3066f15a209cd9611a0182ba2a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
VirtualFree
GetModuleHandleA
ReadFile
GetFileSize
SetFilePointer
CreateFileA
Sleep
OutputDebugStringA
GetTempPathA
ExitProcess
WriteProcessMemory
OpenMutexA
WaitForSingleObject
GetLastError
CreateMutexA
GetStartupInfoA
GlobalMemoryStatusEx
GetSystemInfo
lstrcpyA
GetSystemDefaultUILanguage
GetSystemDirectoryA
SetThreadContext
ExitThread
ResumeThread
CloseHandle
TerminateProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
FreeLibrary
LoadLibraryA
GetProcAddress
ReleaseMutex
VirtualAlloc
lstrcatA

user32

wsprintfA
GetDesktopWindow

advapi32

RegOpenKeyExA
StartServiceCtrlDispatcherA
CreateServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
RegQueryValueExA

shell32

ShellExecuteA

msvcrt

strchr
rand
memmove
strcat
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
realloc
malloc
strlen
memcpy
putchar
atoi
strncpy
strcspn
strstr
strcpy
exit
sprintf
__CxxFrameHandler
_CxxThrowException
free
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

ws2_32

send
WSAStartup
select
__WSAFDIsSet
closesocket
recv
setsockopt
WSAIoctl
sendto
inet_addr
htons
socket
connect
shutdown
gethostbyname
WSACleanup

netapi32

NetUserAdd
NetLocalGroupAddMembers

shlwapi

SHDeleteKeyA

iphlpapi

GetIfTable

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58f3b3066f15a209cd9611a0182ba2a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

netapi32

shlwapi

iphlpapi

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 7KB