cfd240a0f3ed1557748964ebaf5882f105f5383eef7223fd5a5bd70ec2d6af62

Sharing

Copy URL

Twitter E-mail

General

Target

cfd240a0f3ed1557748964ebaf5882f105f5383eef7223fd5a5bd70ec2d6af62
Size

2.2MB
MD5

4695907e83ebdea2f9c4a5b0c1b5e475
SHA1

91de0342b040898c0fac775fa45cbafced35ca67
SHA256

cfd240a0f3ed1557748964ebaf5882f105f5383eef7223fd5a5bd70ec2d6af62
SHA512

9c86e9f8e45ad254c920eb93bd20d7e775f5cc3f178ca3df218802bba31a2c771a882587fcd83d2add18ffbe6ff849f197c4143b2e3c8ab3deb0ba0e1552cb0e
SSDEEP

49152:K2JQu6XISgQv7x7PI6oaXZMqeD6lyRBqP4n2pEWTAX1Oqaq4t3b:tuYiv1rIdaL3lyRsP22kOM4h

Score

N/A

Malware Config

Signatures

Files

cfd240a0f3ed1557748964ebaf5882f105f5383eef7223fd5a5bd70ec2d6af62
.exe windows x86

092b69f5bb0e44697262eaab123ebf96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
CreateFileW
WriteConsoleW
SetStdHandle
OutputDebugStringW
GetModuleFileNameA
TlsFree
HeapReAlloc
GetCurrentThread
TerminateProcess
GetProcessHeap
HeapFree
HeapAlloc
SetConsoleCtrlHandler
OpenEventA
SetEvent
GetTickCount
GetACP
SystemTimeToFileTime
GetTempPathA
GetLocalTime
GetDiskFreeSpaceA
GetUserDefaultUILanguage
SetPriorityClass
SetThreadPriority
IsBadReadPtr
VirtualQuery
GetConsoleCP
GetModuleFileNameW
GetOEMCP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetComputerNameA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
SetLastError
GetCurrentDirectoryA
GetUserDefaultLCID
GetVersionExA
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetVersion
GetCurrentProcessId
GetExitCodeThread
GetCurrentThreadId
GetCurrentProcess
SetFilePointerEx
CompareStringW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
GetCPInfo
GetModuleHandleExW
GetStartupInfoW
GetFileType
RtlUnwind
RaiseException
GetStringTypeW
DecodePointer
EncodePointer
UnlockFile
LockFile
IsBadStringPtrW
IsBadStringPtrA
DeviceIoControl
VirtualProtect
FlushInstructionCache
GetDriveTypeA
OpenSemaphoreA
CreateSemaphoreA
ReleaseSemaphore
IsBadWritePtr
WaitForMultipleObjects
CreateEventA
GetSystemTimeAsFileTime
DuplicateHandle
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
LocalFree
LocalAlloc
TlsSetValue
TlsGetValue
TlsAlloc
ExitProcess
SetEnvironmentVariableA
WriteFile
SetFilePointer
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
LoadLibraryA
AreFileApisANSI
CloseHandle
GetLastError
WaitForSingleObject
GetExitCodeProcess
OpenProcess
FreeLibrary
GetProcAddress
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetStdHandle
GetConsoleMode
Sleep
VerSetConditionMask
IsWow64Process
GetProfileStringA
VerifyVersionInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
CreateFileA
DeleteFileA
SetFileTime
FlushFileBuffers
GetFileSize
GetFileTime
ReadFile

user32

GetSystemMetrics
CharUpperBuffA
MessageBoxA
DrawMenuBar
GetSystemMenu
CharLowerBuffA
AppendMenuA
CallMsgFilterA
PeekMessageA
DispatchMessageA
TranslateMessage
wsprintfA
LoadStringA

advapi32

QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
StartServiceA

shell32

ShellExecuteExA

wsock32

htons
connect
inet_ntoa
getsockopt
recv
WSACleanup
WSAStartup
gethostname
gethostbyname
gethostbyaddr
inet_addr
select
send
setsockopt
shutdown
socket
WSAGetLastError
getpeername
bind
recvfrom
sendto
__WSAFDIsSet
accept
ioctlsocket
closesocket

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

freeaddrinfo
getaddrinfo

Sections

__wibu00
Size: 868KB - Virtual size: 868KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 12KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu04
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu05
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu06
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

092b69f5bb0e44697262eaab123ebf96

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

version

ws2_32

Sections

__wibu00 Size: 868KB - Virtual size: 868KB

__wibu01 Size: 92KB - Virtual size: 90KB

__wibu02 Size: 12KB - Virtual size: 982KB

.rsrc Size: 96KB - Virtual size: 94KB

__wibu03 Size: 1.1MB - Virtual size: 1.1MB

__wibu04 Size: 8KB - Virtual size: 8KB

__wibu05 Size: 32KB - Virtual size: 48KB

__wibu06 Size: 36KB - Virtual size: 36KB

__wibu00
Size: 868KB - Virtual size: 868KB

__wibu01
Size: 92KB - Virtual size: 90KB

__wibu02
Size: 12KB - Virtual size: 982KB

.rsrc
Size: 96KB - Virtual size: 94KB

__wibu03
Size: 1.1MB - Virtual size: 1.1MB

__wibu04
Size: 8KB - Virtual size: 8KB

__wibu05
Size: 32KB - Virtual size: 48KB

__wibu06
Size: 36KB - Virtual size: 36KB