eeba431ae229cfe0d2390efba1477cf1394f14c979d09113ac3498e69b86d383

Sharing

Copy URL Twitter E-mail

General

Target

eeba431ae229cfe0d2390efba1477cf1394f14c979d09113ac3498e69b86d383
Size

26KB
MD5

b16ad5112021815fb15122e2794c20d6
SHA1

b5a4aedaec9a00e931fd0368e28c728800b71d58
SHA256

eeba431ae229cfe0d2390efba1477cf1394f14c979d09113ac3498e69b86d383
SHA512

c9ee6f3e0eeae91e7d23d7724701154506236987be6bb97c32c090bba0c6a3d6cf8d706b459f42ca8bd16941048055922e451bf7a4651a6efbb4893917319b20
SSDEEP

768:NAeZxVerG++bv3OLQ+ok5MJn84BJpoQ5n7:eYxoi++bPOcDyy7

Score

N/A

Malware Config

Signatures

Files

eeba431ae229cfe0d2390efba1477cf1394f14c979d09113ac3498e69b86d383
.exe windows x86

30c3b40035825083f35bf36f6ff692da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetTickCount
GetFileAttributesW
SetFileAttributesW
ExpandEnvironmentStringsW
GetVolumeNameForVolumeMountPointW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
ResetEvent
CreateProcessW
OpenProcess
CreateToolhelp32Snapshot
CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
CreateMutexW
ReleaseMutex
SetLastError
WaitForMultipleObjects
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSection
Sleep
GetSystemDirectoryW
CopyFileW
TerminateProcess
ExitThread
Process32FirstW
Module32FirstW
Process32NextW
SetEvent
WaitForSingleObject
TryEnterCriticalSection
CloseHandle
DeleteCriticalSection
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
EnterCriticalSection
GetLastError
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
GetQueuedCompletionStatus
InterlockedIncrement
GetModuleFileNameW

shlwapi

wvnsprintfW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW

ws2_32

WSAIoctl
connect
WSAStartup
WSARecv
WSASend
select
WSAGetLastError
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket
WSASetLastError
send
listen
accept
WSASocketW
closesocket

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
GetLengthSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CLSIDFromString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30c3b40035825083f35bf36f6ff692da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ws2_32

advapi32

shell32

ole32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 6KB