df20fda18eee62d309b5bdec03de38c298027d8af53fba832c5685ad2eeb6c0d

Sharing

Copy URL Twitter E-mail

General

Target

df20fda18eee62d309b5bdec03de38c298027d8af53fba832c5685ad2eeb6c0d
Size

124KB
MD5

1ad41a44fed3438a6b07d8a6cfab4e70
SHA1

b412dc5b7cf8ec958c95fddcb64e6341684359db
SHA256

df20fda18eee62d309b5bdec03de38c298027d8af53fba832c5685ad2eeb6c0d
SHA512

7d1212a1606aa855f8f776a9612aa36612ef844d2f7da038a1550e3e614d3e198974d412e680ebd327747d9da4c457231b9629d63dfade15d37701bdf7b966c1
SSDEEP

1536:U8QIWxlwrro61h1imCM+AjvjxOeDoClqmSY+A37feaCMJDmYsLIb4PvYqHB/AdGy:xQjlwLhX/2ClqmSDADeak7dJHB/AdGy

Score

N/A

Malware Config

Signatures

Files

df20fda18eee62d309b5bdec03de38c298027d8af53fba832c5685ad2eeb6c0d
.exe windows x86

997f8be932bbc686f5b13b8ab97060c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCancelConnection2A

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
FlushFileBuffers
WriteFile
LCMapStringW
LCMapStringA
GetSystemInfo
GetFileType
UnhandledExceptionFilter
SetStdHandle
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
HeapSize
GetLocaleInfoA
GetCPInfo
SetFilePointer
GetStringTypeA
GetStringTypeW
GetWindowsDirectoryA
GetCurrentProcess
LoadLibraryA
CopyFileA
DeleteFileA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetShortPathNameA
GetFileAttributesA
SetFileAttributesA
OpenEventA
WaitForSingleObject
GetComputerNameA
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
GetTickCount
CreateFileA
GetVersion
MultiByteToWideChar
lstrcmpiA
lstrlenA
HeapReAlloc
lstrcpyA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetModuleHandleA
GetProcAddress
CloseHandle
CreateThread
GetExitCodeThread
GetLastError
SetLastError
FormatMessageA
LocalFree
Sleep
GetModuleFileNameA
lstrcpynA
GetVersionExA
FindResourceA
LoadResource
LockResource
GetProcessHeap
HeapAlloc
HeapFree
GetACP
GetOEMCP
GetStdHandle
VirtualProtect
VirtualQuery
InterlockedExchange
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCommandLineA
TerminateProcess
RtlUnwind
ExitProcess

user32

SetWindowPos
DestroyWindow
GetSystemMetrics
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
CreateDialogParamA
wsprintfA
LoadStringA
PostQuitMessage
SystemParametersInfoA
DefWindowProcA
GetDlgItem
SetWindowTextA
SendMessageA
ShowWindow
UpdateWindow
MessageBoxA
GetWindowRect
GetMessageA

gdi32

CreateFontIndirectA
DeleteObject

advapi32

ControlService
ChangeServiceConfigA
CreateServiceA
QueryServiceConfigA
EnumDependentServicesA
StartServiceA
DeleteService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
EqualSid
LookupAccountNameA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

odbc32

ord9
ord31
ord24
ord75
ord41
ord35
ord36
ord11

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

997f8be932bbc686f5b13b8ab97060c6

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

odbc32

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 48KB - Virtual size: 45KB