c9a14fc1f2e1aec67919b6dd229e4a1c188ac094d18a1817fa2ba53ce3b5b4fd

Sharing

Copy URL Twitter E-mail

General

Target

c9a14fc1f2e1aec67919b6dd229e4a1c188ac094d18a1817fa2ba53ce3b5b4fd
Size

1.3MB
MD5

1ba0ae29e9044f45c3b65c82de81b2b0
SHA1

f427d29bd00d657b271533b67775a6a876ad86fb
SHA256

c9a14fc1f2e1aec67919b6dd229e4a1c188ac094d18a1817fa2ba53ce3b5b4fd
SHA512

7223077d05663ca99f7e8c6d232375e67579ee47542cc5b76cb4616db77a677697f1ff001f4aed2e4062dac10dc540ef3431074c592274facee5fce57f12a469
SSDEEP

24576:8h5eTElJzG35i2H/ODrwsrWEoSpmIbS3CyZGnCl5lAyvu:o8QJzaOFrWEZpbS3CnsA8u

Score

N/A

Malware Config

Signatures

Files

c9a14fc1f2e1aec67919b6dd229e4a1c188ac094d18a1817fa2ba53ce3b5b4fd
.exe windows x86

6a03ea5b6b7a98949c56404a79182c91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
ioctlsocket
connect
select
__WSAFDIsSet
sendto
ntohs
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
WSAGetLastError
WSAStartup
gethostname
setsockopt
htons
bind
listen
WSACreateEvent
WSAEventSelect
closesocket
WSACloseEvent
recv
ntohl
send
htonl
shutdown
inet_ntoa
gethostbyname
socket
inet_addr
WSACleanup

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
Sleep
CloseHandle
WaitForSingleObject
ReadFile
CreateFileW
GetLastError
GetModuleFileNameW
GetSystemInfo
GetACP
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
TerminateThread
GetCommandLineW
CreateThread
GetCommandLineA
CreateMutexA
SetEvent
ConnectNamedPipe
WriteFile
GetTickCount
DisconnectNamedPipe
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
Process32Next
CreateNamedPipeA
GetTempPathW
SetFileAttributesW
CopyFileW
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
AreFileApisANSI
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
GetTempPathA
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
InterlockedIncrement
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
CreateEventA
GetDriveTypeA
VirtualAlloc
VirtualFree
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
HeapSize
ExitProcess
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStdHandle
LCMapStringW
LCMapStringA
GetFileSizeEx
GetComputerNameA
GetDiskFreeSpaceExA
GetSystemDirectoryA
Process32First
GetLogicalDrives
GetVolumeInformationW
GetCurrentProcess
GetDiskFreeSpaceExW
GetDriveTypeW
GetSystemDirectoryW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
InterlockedExchangeAdd
InterlockedExchange
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcpynW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
IsBadCodePtr
IsBadReadPtr
GetFileAttributesExW
lstrlenW
CreateProcessW
GetStartupInfoW
SetUnhandledExceptionFilter
CreateEventW
SetFileValidData
SetFilePointerEx
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
GetModuleFileNameA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
ResumeThread
HeapReAlloc
GetStartupInfoA
CreateDirectoryA
GetCPInfo

user32

DefWindowProcA
RegisterClassA
TranslateMessage
CreateWindowExA
DispatchMessageA
PostQuitMessage
wsprintfW
wsprintfA
GetMessageA
FindWindowA
PostMessageA
LoadCursorA
LoadIconA

advapi32

GetUserNameA
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsW
StrStrIA

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString

Sections

.text
Size: 924KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a03ea5b6b7a98949c56404a79182c91

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

dbghelp

shlwapi

iphlpapi

version

ole32

oleaut32

Sections

.text Size: 924KB - Virtual size: 920KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 16KB - Virtual size: 1.0MB

.rsrc Size: 192KB - Virtual size: 192KB

.text
Size: 924KB - Virtual size: 920KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 16KB - Virtual size: 1.0MB

.rsrc
Size: 192KB - Virtual size: 192KB