3e07049b438f754dcc924580cf560fa70548b58d9ba6b813e394bf30207326ea

Sharing

Copy URL Twitter E-mail

General

Target

3e07049b438f754dcc924580cf560fa70548b58d9ba6b813e394bf30207326ea
Size

108KB
MD5

0f92b286a23549261cf5629ea9ebc70f
SHA1

a1824d905a3eba3ce1557c7f02b1efbe47731fc7
SHA256

3e07049b438f754dcc924580cf560fa70548b58d9ba6b813e394bf30207326ea
SHA512

7e662699b2b7ea8f0e111277df34ef2d7d6d0f0d7df99f6a182e5ee123c89d38ca6ef66048ba79b283b17297e0ac10566e0eb5a8314316b3b2ded7e1f6d30ef3
SSDEEP

3072:QpXbot8XWb+e5CF163Oqusp+0k8ZS0Klyv2Y4QsZBIr:0XWNb75CF16Dusp+ryv2Y4X

Score

N/A

Malware Config

Signatures

Files

3e07049b438f754dcc924580cf560fa70548b58d9ba6b813e394bf30207326ea
.exe windows x86

899a29f1e271dab098d56704942c3123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

na_util

?PrintError@@YAXPAD@Z
?PrintWinsockError@@YAXHPAD@Z
?PrintErrnoError@@YAXPAD@Z
?PrintWinsockError@@YAXPAD@Z
?PrintWindowsError@@YAXHPAD@Z
?InitDriverName@@YAXPBD@Z
?PrintWindowsError@@YAXPAD@Z

kernel32

LoadLibraryA
IsValidLocale
GetComputerNameA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
InterlockedIncrement
InterlockedDecrement
Sleep
LeaveCriticalSection
EnterCriticalSection
TerminateThread
WaitForSingleObject
CreateEventA
ExitProcess
GetCommandLineA
SetCurrentDirectoryA
GetModuleFileNameA
RaiseException
RtlUnwind
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetVersion
FatalAppExitA
HeapFree
SetUnhandledExceptionFilter
HeapAlloc
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
SetFilePointer
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetProcAddress
GetUserDefaultLCID
SetStdHandle
SetConsoleCtrlHandler
FlushFileBuffers
GetTimeZoneInformation
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetVersionExA
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc

user32

CreateWindowExA
LoadIconA
ShowWindow
GetMessageA
MessageBoxA
UpdateWindow
DefWindowProcA
RegisterClassExA
PostQuitMessage
DispatchMessageA
TranslateMessage
PostMessageA

advapi32

RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wsock32

ntohs
shutdown
recv
send
WSAGetLastError
accept
htons
bind
listen
gethostbyname
WSAStartup
ioctlsocket
gethostbyaddr
inet_addr
socket
closesocket
select
__WSAFDIsSet
inet_ntoa
WSACleanup

wnetway2

_net_receiveAsync@4
_net_ioctl@16
_net_sendAsync@4
_net_waitAsync@4
_net_detach@8
_net_flush@12
_net_attach@12
_net_localinfo@8
_net_close@8
_net_open@8

wdtgr2

_dtgr5_build@20
_dtgr5_init_def_adr@4
_dtgr5_init_srce_adr@8
_dtgr5_extract@16

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

899a29f1e271dab098d56704942c3123

Headers

File Characteristics

Imports

na_util

kernel32

user32

advapi32

wsock32

wnetway2

wdtgr2

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 13KB