f51c5913e3fb8d936e8c07973fd70a7ab8c1d27075605ac137c849a5967c9789

Sharing

Copy URL

Twitter E-mail

General

Target

f51c5913e3fb8d936e8c07973fd70a7ab8c1d27075605ac137c849a5967c9789
Size

280KB
MD5

bffe1723e69aba20f864f269231d75bd
SHA1

a6f2835572720c481a2bf859f94ff67dd764a2f1
SHA256

f51c5913e3fb8d936e8c07973fd70a7ab8c1d27075605ac137c849a5967c9789
SHA512

716967491ec3e7e793984c7e8d31c4d0cb303f6dee6b0c92dafc4dd7aab77dab385bc524648b0e012b404d45fb79592ea97d7a4c511bc1655950335074c14af6
SSDEEP

6144:StBgAG3wfRPK8DVBrg1bJrunLkuMHbjp1dPbMwvtR7kr5c:GIKK8BBq9Kn4pHbj2ev7k9c

Score

N/A

Malware Config

Signatures

Files

f51c5913e3fb8d936e8c07973fd70a7ab8c1d27075605ac137c849a5967c9789
.exe windows x86

e27614b454809497b3810ff841498059

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32Next
GlobalUnWire
HeapCreate
GlobalUnfix
GlobalWire
GlobalFix
HeapLock
GlobalLock
GlobalUnlock
GlobalMemoryStatus
HeapFree
GlobalSize
HeapDestroy
Heap32ListNext
GlobalFlags
lstrcpyA
GlobalGetAtomNameA
HeapCompact
GlobalAddAtomA
Heap32First
GlobalAlloc
GlobalFree
GlobalGetAtomNameW
Heap32ListFirst
GetModuleHandleA
GetStartupInfoA

netapi32

NetSessionEnum
NetShareSetInfo
NetServerEnum
NetServerTransportAdd
NetShareEnumSticky
NetServerComputerNameDel
NetFileClose
NetServerDiskEnum
NetServerGetInfo
NetServerEnumEx
NetServerTransportAddEx
NetShareAdd
NetShareCheck
NetShareEnum
NetServerTransportDel
NetSessionDel
NetServerComputerNameAdd
NetShareGetInfo
NetServerTransportEnum
NetFileGetInfo
NetShareDel

msimg32

AlphaBlend
TransparentBlt

lz32

LZStart
LZInit
LZSeek
LZRead
LZCopy
GetExpandedNameA
LZDone
LZClose
CopyLZFile
LZOpenFileW

msi

ord44
ord43
ord47
ord60
ord9
ord55
ord51
ord45
ord29
ord56
ord42
ord8
ord33
ord18
ord7
ord41
ord62
ord40
ord14
ord26
ord16
ord66
ord11
ord75
ord37
ord49
ord65
ord52
ord61
ord57
ord73
ord67
ord34
ord171
ord59
ord39
ord35
ord53
ord71
ord170
ord74
ord76
ord64
ord36
ord168
ord32
ord19
ord31
ord25

user32

RegisterClassExA
PostQuitMessage
DefWindowProcA

mpr

WNetDisconnectDialog
WNetCancelConnection2W
WNetGetUserW
WNetEnumResourceW
WNetGetLastErrorA
WNetCloseEnum
WNetOpenEnumA
WNetAddConnection3A
WNetCancelConnectionW
MultinetGetConnectionPerformanceA
WNetGetNetworkInformationA
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetDisconnectDialog1W
WNetGetConnectionW
WNetGetProviderNameW
WNetCancelConnectionA
WNetConnectionDialog1A
WNetGetProviderNameA
WNetConnectionDialog
WNetGetUserA
WNetGetNetworkInformationW
WNetGetConnectionA
WNetAddConnectionA
WNetEnumResourceA

wsock32

ord1107

ole32

CreateDataAdviseHolder
CoLockObjectExternal
HBITMAP_UserFree
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject
CoGetStandardMarshal
CoTaskMemAlloc
CoIsOle1Class
HBITMAP_UserMarshal
HBITMAP_UserSize
HACCEL_UserUnmarshal
CoIsHandlerConnected
GetRunningObjectTable
CLIPFORMAT_UserSize
CoRegisterSurrogate
CreateClassMoniker
CoFileTimeNow
CoUnmarshalHresult
HGLOBAL_UserFree
CoGetObject
CLIPFORMAT_UserUnmarshal
CreateDataCache
CoCreateInstance
CoFreeLibrary
DoDragDrop
CLSIDFromString
CoUninitialize
CreatePointerMoniker
CreateItemMoniker
CoResumeClassObjects
CoReleaseServerProcess
CLIPFORMAT_UserMarshal
CoGetMalloc
CoMarshalHresult
FmtIdToPropStgName
CoRevokeClassObject
CreateGenericComposite
CoFreeUnusedLibraries
CoGetStdMarshalEx
CoGetInterfaceAndReleaseStream
CoGetMarshalSizeMax
CoTaskMemFree
CoSuspendClassObjects
HBITMAP_UserUnmarshal
CoGetTreatAsClass
GetHGlobalFromStream
HGLOBAL_UserMarshal
HACCEL_UserSize
HGLOBAL_UserSize
CLIPFORMAT_UserFree
CoRevokeMallocSpy
BindMoniker
CreateAntiMoniker
CreateStdProgressIndicator
CoGetCurrentProcess
CoBuildVersion
CoGetPSClsid
CoDisconnectObject
CoRegisterPSClsid
GetConvertStg
CoRegisterClassObject
CoMarshalInterface
CoInitialize
GetClassFile
CoUnmarshalInterface

msvcrt

_except_handler3
__set_app_type
__p__fmode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
??3@YAXPAX@Z
exit
_XcptFilter
_exit
??2@YAPAXI@Z

nddeapi

ord500
ord611
ord512
ord506
ord501
ord601
ord609
ord505
ord612
ord613
ord604
ord503
ord602
ord607
ord513
ord510
ord600
ord511
ord606
ord509

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e27614b454809497b3810ff841498059

Headers

File Characteristics

Imports

kernel32

netapi32

msimg32

lz32

msi

user32

mpr

wsock32

ole32

msvcrt

nddeapi

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2.2MB

.rsrc Size: 192KB - Virtual size: 188KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2.2MB

.rsrc
Size: 192KB - Virtual size: 188KB

.reloc
Size: 16KB - Virtual size: 13KB