cd37b9e56a49cfae8e40e3317950270699f94a70b3be39365073cf97b4ade3fa

Sharing

Copy URL

Twitter E-mail

General

Target

cd37b9e56a49cfae8e40e3317950270699f94a70b3be39365073cf97b4ade3fa
Size

64KB
MD5

a2e6974898a15c0462fee8e10f16a745
SHA1

fc9e925758d53ce8f5ae94ce0950ec1689448cdc
SHA256

cd37b9e56a49cfae8e40e3317950270699f94a70b3be39365073cf97b4ade3fa
SHA512

1d666c786b25b5c4965a2d9fc821f803ffcd5e946b0346c7b5ae77561106458fdff5e2ab91f17d58dc2d22355f8793ec36c990d2353b75b6890f064a390fda9f
SSDEEP

768:uBVEmPwQdi0DLr4OCfCBFd0qX+l5/yo7X34zVwcQUpdPwaeWvJ+XCDDAihvESIXw:uUegaBFp0h7XoB7QUpFOWwXtiZyXGP

Score

N/A

Malware Config

Signatures

Files

cd37b9e56a49cfae8e40e3317950270699f94a70b3be39365073cf97b4ade3fa
.exe windows x86

5340fe5a444c0e3499903acd07a2444e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
WaitForSingleObject
ResumeThread
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetModuleHandleW
ExitThread
GetNumberFormatW
SetLastError
GetCurrentProcess

user32

CharLowerW

ws2_32

WSASetEvent
select
WSAIsBlocking
getservbyname
htons
WSAGetServiceClassNameByClassIdW
sendto
WSAGetServiceClassInfoW
listen
accept
inet_ntoa
getprotobyname
WSALookupServiceEnd
ioctlsocket
WSAAsyncGetServByPort
WSASend
setsockopt
WSAProviderConfigChange
getservbyport

rpcrt4

NdrFreeBuffer
NdrSimpleStructMarshall
IUnknown_AddRef_Proxy
I_RpcSessionStrictContextHandle
I_RpcFreeBuffer
RpcCancelThreadEx
DceErrorInqTextA
NdrComplexArrayUnmarshall
NdrUserMarshalBufferSize
I_RpcBindingIsClientLocal
RpcRevertToSelf
NdrServerContextUnmarshall
NdrClientContextUnmarshall

clusapi

DeleteClusterResource
CloseClusterResource
GetClusterFromNetInterface
ResumeClusterNode
GetClusterNetworkState
ClusterRegQueryValue
CloseClusterNotifyPort
FailClusterResource
OfflineClusterGroup
SetClusterGroupNodeList
GetClusterNetInterface
CreateClusterResourceType
GetClusterResourceState
ChangeClusterResourceGroup
GetClusterInformation
EvictClusterNode
SetClusterName
ClusterControl
ClusterOpenEnum
OfflineClusterResource
ClusterResourceCloseEnum
OnlineClusterResource
GetNodeClusterState
GetClusterResourceKey
ClusterRegCloseKey
ClusterRegDeleteValue
ClusterResourceOpenEnum
SetClusterNetworkPriorityOrder
GetClusterFromResource
ClusterRegEnumValue
ClusterNodeCloseEnum

rtm

RtmDeregisterFromChangeNotification
RtmDeleteNextHop
RtmCreateRouteListEnum
RtmDeregisterEntity
RtmGetMostSpecificDestination
RtmCreateRouteList
RtmReleaseDests
RtmInvokeMethod
RtmReleaseRouteInfo
RtmReleaseEntities
RtmReferenceHandles
RtmReleaseEntityInfo
RtmGetEntityMethods
RtmGetEnumRoutes
RtmRegisterEntity
RtmIgnoreChangedDests
RtmGetExactMatchRoute
RtmGetRouteInfo
RtmGetNextHopPointer

esent

JetGetCurrentIndex
JetRestore2
JetSetIndexRange
JetGetIndexInfo
JetRetrieveKey
JetGetDatabaseFileInfo
JetBeginSession
JetGetColumnInfo
JetSetCurrentIndex4
JetAttachDatabase
JetOpenFile
JetGetTableColumnInfo
JetIntersectIndexes
JetGetDatabaseInfo
JetSeek
JetDupCursor
JetOpenTempTable3
JetInit
JetSetColumnDefaultValue
JetGetRecordPosition
JetCompact
JetGetBookmark
JetTerm
JetCloseDatabase
JetGotoPosition
JetSetSessionContext
JetAddColumn
JetMakeKey
JetIndexRecordCount
JetGetAttachInfo
JetStopBackup
JetDeleteTable

mpr

WNetUseConnectionW
WNetDisconnectDialog1A
WNetConnectionDialog
WNetCancelConnectionA
WNetOpenEnumA
WNetGetNetworkInformationA

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5340fe5a444c0e3499903acd07a2444e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

rpcrt4

clusapi

rtm

esent

mpr

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.fdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.fdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 4KB