3b3b5a6cb6cf2fc4deda40e198f7faf1a2108d0534f3c3d02c44a1d9c949eda4

Sharing

Copy URL Twitter E-mail

General

Target

3b3b5a6cb6cf2fc4deda40e198f7faf1a2108d0534f3c3d02c44a1d9c949eda4
Size

176KB
MD5

09291c5257d224b9419c25936281c4e0
SHA1

da231390f646fedd3dc3438105751e5948c49ffa
SHA256

3b3b5a6cb6cf2fc4deda40e198f7faf1a2108d0534f3c3d02c44a1d9c949eda4
SHA512

47e481b165a87c8886bccdf0cc0bce2964f31875e8eeb12c5a645c6135889702bf2fab59ef4e507ce424cdca9041491972c6dbfa442703b70b12a2190d6be6cf
SSDEEP

3072:orfwrhENoxy10ffV3KrgQr5ONj+HblDiTe7jWlYnRF3BBexHx:orsaN/yxiU+7l6EjjFqxHx

Score

N/A

Malware Config

Signatures

Files

3b3b5a6cb6cf2fc4deda40e198f7faf1a2108d0534f3c3d02c44a1d9c949eda4
.exe windows x86

cd3ee64df3acab1684158ae8dc5dd70a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GetFileTime
SetFileTime
SystemTimeToFileTime
Sleep
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryA
GetProcAddress
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessA
TerminateProcess
WriteProcessMemory
VirtualAllocEx
VirtualAlloc
GetFileAttributesA
CopyFileA
DeleteFileA
lstrlenA
SetLastError
LockResource
LoadResource
SizeofResource
FindResourceA
InitializeCriticalSection
DeleteCriticalSection
WinExec
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
GetCurrentDirectoryA
FileTimeToSystemTime
GetCurrentProcess
DeviceIoControl
CreateRemoteThread
OpenProcess
GetEnvironmentVariableA
ReadFile
QueryPerformanceCounter
GetCommandLineA
SetCurrentDirectoryA
FreeLibrary
FlushViewOfFile
GetLocalTime
GetExitCodeProcess
CompareStringW
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetFilePointer
GetFileType
GetStdHandle
GetLastError
GetCurrentProcessId
SetFileAttributesA
GetLongPathNameA
GetTempPathA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
GlobalFree
GlobalAlloc
CreateFileA
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
WriteFile
CloseHandle
WaitForSingleObject
SetHandleCount
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetVersion
GetStartupInfoA
ExitProcess
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
FindClose
FindNextFileA
FindFirstFileA

user32

PostQuitMessage
CallWindowProcA
KillTimer
DefWindowProcA
UnregisterClassA
wsprintfA
FindWindowExA
PostMessageA
SetTimer
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
LoadIconA
EndPaint
BeginPaint
DialogBoxParamA
EndDialog
DestroyWindow
GetClassNameA
GetWindowThreadProcessId
RegisterClassExA
CreateWindowExA
SendMessageA
LoadCursorA

advapi32

RegSetValueExA
QueryServiceStatus
RegFlushKey
RegCreateKeyExA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize

ws2_32

WSAGetLastError
closesocket
WSACleanup
ntohs
setsockopt
send
WSAAsyncSelect
listen
accept
bind
socket
WSAStartup
sendto
inet_addr
inet_ntoa
gethostbyname
gethostname
recv
htons
WSARecvFrom
ntohl
shutdown
ioctlsocket
connect
select
htonl
__WSAFDIsSet

iphlpapi

GetIpAddrTable
GetPerAdapterInfo
GetBestRoute
CreateIpNetEntry
GetAdaptersInfo

shlwapi

PathAppendA
PathFileExistsA
UrlUnescapeA
PathIsDirectoryA

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd3ee64df3acab1684158ae8dc5dd70a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

iphlpapi

shlwapi

wininet

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 32KB - Virtual size: 52KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 32KB - Virtual size: 52KB

.rsrc
Size: 24KB - Virtual size: 23KB