b010eea208714afe1fd8484cf7f25bd9cd75f2733cc084e47ba54547a0a005ab

Sharing

Copy URL Twitter E-mail

General

Target

b010eea208714afe1fd8484cf7f25bd9cd75f2733cc084e47ba54547a0a005ab
Size

229KB
MD5

22a882ee0c605491e18f556f05e3b295
SHA1

2f1b7917e82819437db0a63d02dafb6b6a7ee8b4
SHA256

b010eea208714afe1fd8484cf7f25bd9cd75f2733cc084e47ba54547a0a005ab
SHA512

95cd1a48e631cc2195f6d3c0b2af9875e83f5ef16025d1f56e478770f6bb088291827172eb606ea9d604039ea29f2a6364d01d9995b854f6778e83809943be9b
SSDEEP

6144:4UxMbcTqRowRWaGJbo18A9hyrNpnqcZdDiD4:4XbRNWaGq99OnqoDA4

Score

N/A

Malware Config

Signatures

Files

b010eea208714afe1fd8484cf7f25bd9cd75f2733cc084e47ba54547a0a005ab
.exe windows x86

d7e5e613192adf10a51afb4d081e3a66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

MesDecodeIncrementalHandleCreate
RpcIfIdVectorFree
NDRSContextMarshall
MesHandleFree
I_RpcPauseExecution
NdrClientContextUnmarshall
NdrAsyncServerCall
I_RpcSsDontSerializeContext
NDRSContextUnmarshall
NDRcopy
NdrConformantArrayBufferSize
NdrClientContextMarshall
NdrComplexStructMemorySize
MesInqProcEncodingId
NdrComplexStructMarshall
NdrByteCountPointerMarshall
I_RpcNsBindingSetEntryNameA
NDRSContextMarshallEx
NdrComplexArrayUnmarshall
I_RpcAllocate
IUnknown_Release_Proxy

user32

GetMessageA
CreateWindowExW
RegisterClassExA
TranslateAcceleratorA

msvcrt

_except_handler3
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_controlfp
__dllonexit
_onexit
__set_app_type

kernel32

VirtualAlloc
GetModuleHandleA
GetStartupInfoA

rasapi32

RasEnumDevicesA
RasDeleteEntryW
RasGetEntryPropertiesW
RasValidateEntryNameA
RasGetErrorStringW
RasEditPhonebookEntryA

resutils

ResUtilVerifyPropertyTable
ResUtilGetPropertiesToParameterBlock
ResUtilResourcesEqual
ResUtilGetBinaryValue
ResUtilGetAllProperties
ResUtilResourceTypesEqual
ResUtilGetEnvironmentWithNetName

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhCalculateCounterFromRawValue
PdhEnumObjectItemsA
PdhGetFormattedCounterArrayW
PdhExpandCounterPathW
PdhGetFormattedCounterArrayA
PdhOpenQueryA
PdhEnumObjectItemsW
PdhRemoveCounter
PdhOpenLogA
PdhComputeCounterStatistics

olepro32

ord253
ord248

oleaut32

VarUI2FromDisp
VarUI4FromBool
VarUI1FromI1
VarUI2FromDec
VariantTimeToDosDateTime
VarR8FromUI2
VarUI4FromI2
VariantTimeToSystemTime
VarUI1FromDisp
VarUI1FromDate
VarUI1FromI4
VarUI2FromI2
VarUI2FromI4
VarUI2FromDate
VarR8FromI1
VarUI4FromDate
VarUI2FromStr
VarUI2FromUI4

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e5e613192adf10a51afb4d081e3a66

Headers

File Characteristics

Imports

rpcrt4

user32

msvcrt

kernel32

rasapi32

resutils

pdh

olepro32

oleaut32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 2KB