81e85bcd6b8d7350d6994b4130d02d8fe0bc9b7c51499ad1aa403d6105aea26b

Sharing

Copy URL Twitter E-mail

General

Target

81e85bcd6b8d7350d6994b4130d02d8fe0bc9b7c51499ad1aa403d6105aea26b
Size

352KB
MD5

0c7220e4acadd612296ac99fc95b9f95
SHA1

9a857949be923444954bd48642cb8dca8c5a6ca8
SHA256

81e85bcd6b8d7350d6994b4130d02d8fe0bc9b7c51499ad1aa403d6105aea26b
SHA512

a30b5e8493c482dc5a137e758e76e521cea4dca2b57848766eed888484fff7cfa83c8b4269bc474f6bc5a1a5803ef76cba7aaa74d0c50860fe37be9ba44cb698
SSDEEP

6144:JYdprW/HaANu4dH475wId1OHiqDnXsGDHAQb5HaXlFHK9CsBFB:YrWyADdY7tdKbDn8GDHNjT

Score

N/A

Malware Config

Signatures

Files

81e85bcd6b8d7350d6994b4130d02d8fe0bc9b7c51499ad1aa403d6105aea26b
.exe windows x86

5acf928ad780fcc8e14e9237faa5daac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASetLastError
WSAStringToAddressA
WSAGetLastError
send
htons
listen
accept
inet_addr
WSAStartup
connect
WSAEventSelect
WSACleanup
WSAEnumNetworkEvents
WSARecvFrom
WSARecv
ioctlsocket
getsockname
socket
setsockopt
WSAIoctl
bind
closesocket
sendto
htonl

iphlpapi

GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
GetPerAdapterInfo
GetBestInterface
CreateIpForwardEntry
DeleteIpForwardEntry
GetIpAddrTable

netapi32

NetGetJoinInformation
NetShareEnum
NetApiBufferFree

powrprof

SetSuspendState

kernel32

GetTickCount
GetComputerNameExA
WideCharToMultiByte
CloseHandle
SetEvent
WaitForMultipleObjects
CreateEventW
SetWaitableTimer
DeviceIoControl
CreateFileA
QueueUserAPC
GetComputerNameExW
GetEnvironmentStringsW
GlobalAlloc
SleepEx
FreeLibrary
GetLastError
CreateWaitableTimerW
OpenThread
GetCurrentThreadId
MultiByteToWideChar
GetModuleFileNameW
CancelWaitableTimer
GetSystemPowerStatus
GetFullPathNameW
WaitForMultipleObjectsEx
GetVersionExW
SetConsoleCtrlHandler
GetModuleHandleW
HeapSetInformation
LCMapStringW
LCMapStringA
GetCommandLineA
LoadLibraryW
GetProcAddress
Sleep
FormatMessageA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
WaitForSingleObject
FreeEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
GlobalFree
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile

user32

LoadStringW

advapi32

OpenServiceW
RegisterServiceCtrlHandlerExW
DeregisterEventSource
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
SetServiceStatus
QueryServiceStatus
ControlService
DeleteService
CreateServiceW
StartServiceW
RegisterEventSourceW
ReportEventA
LockServiceDatabase
ChangeServiceConfig2W
UnlockServiceDatabase
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
LsaOpenPolicy
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaFreeMemory
LsaClose
RegOpenKeyExW
RegCreateKeyA
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5acf928ad780fcc8e14e9237faa5daac

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

netapi32

powrprof

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 35KB