fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625

Sharing

Copy URL

Twitter E-mail

General

Target

fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
Size

180KB
MD5

3d34ad07ceef484203039b24c0afb130
SHA1

fe286a6c15d75f3cfafa8dc8a59486e5f124153e
SHA256

fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
SHA512

c663b2260846ac7c8b9cafcd4806426ce11df1a7be301a9c538a4bfb9a831ea30c3bcfa1372208aec2338f7adfe3a7868acb5bb576fdd0e7985b2c5a6f65e91d
SSDEEP

3072:Nl78Y88m4KKxLO7gB8JTV+M6COKOwY7rUJ0l:Tj88RKoLOs4/e7rUCl

Score

N/A

Malware Config

Signatures

Files

fa85bb8ee815de6e6912b39bfc5805681b89ca26b0d9087195c82c5a4f48b625
.exe windows x86

5f3dff87501b42361da3be97951c9a60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
_chkstk
RtlUnwind
memset
_alldiv
_snwprintf
wcsncpy
isprint
tolower
isspace
_vsnprintf
strncpy
strstr
strncmp
RtlTimeToSecondsSince1970
strrchr
_snprintf
NtQueryVirtualMemory

kernel32

GetTickCount
lstrlenW
SuspendThread
ExitProcess
lstrlenA
MoveFileExA
GetModuleHandleW
GetSystemDirectoryA
lstrcatA
GetEnvironmentVariableA
GetLastError
lstrcmpiA
CopyFileA
DeleteFileA
VirtualFree
GetProcAddress
VirtualAlloc
SystemTimeToFileTime
GetSystemTime
HeapFree
GetProcessHeap
GetSystemDefaultLangID
GetTempFileNameW
CreateFileA
lstrcmpA
MoveFileExW
WriteFile
GetVersionExW
CreateFileW
GetTempPathW
LocalAlloc
lstrcatW
CloseHandle
DeleteFileW
LocalFree
WaitForSingleObject
GetCurrentThreadId
CreateThread
HeapReAlloc
HeapAlloc
DeviceIoControl
CreateToolhelp32Snapshot
TerminateProcess
GetModuleHandleA
OpenProcess
Thread32First
Thread32Next
Process32FirstW
OpenThread
Process32NextW
lstrcmpiW

user32

ShowWindow
SetWindowPos
CloseDesktop
OpenInputDesktop
CreateDesktopA
GetThreadDesktop
SetTimer
CharUpperBuffA
GetClientRect
GetWindowRect
DispatchMessageW
GetWindow
DefWindowProcW
GetPropW
EnableWindow
SwitchDesktop
CreateWindowExW
IsWindow
TranslateMessage
SetPropW
LoadCursorW
UnregisterClassW
GetMessageW
DestroyWindow
UpdateWindow
FindWindowA
wsprintfA
SystemParametersInfoW
SetThreadDesktop
GetSystemMetrics
RegisterClassW
wsprintfW

ole32

OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleUninitialize

shlwapi

SHDeleteKeyA

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

ws2_32

send
gethostbyname
closesocket
socket
recv
htons
inet_addr
connect
WSAStartup

oleaut32

SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
VariantClear
SafeArrayCreateVector
SysFreeString
SafeArrayAccessData

advapi32

RegCreateKeyExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegSetValueExA
GetCurrentHwProfileW
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f3dff87501b42361da3be97951c9a60

Headers

File Characteristics

Imports

ntdll

kernel32

user32

ole32

shlwapi

wininet

ws2_32

oleaut32

advapi32

shell32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB