c3a320ab4ff47e996ba6022ce6000c05bfeada55c91a2f3414164c7a80562183

Sharing

Copy URL Twitter E-mail

General

Target

c3a320ab4ff47e996ba6022ce6000c05bfeada55c91a2f3414164c7a80562183
Size

26KB
MD5

a1f22433994cbe0df31eab62448c3953
SHA1

82625aca40e53175488ea4687d18da4b989f27ec
SHA256

c3a320ab4ff47e996ba6022ce6000c05bfeada55c91a2f3414164c7a80562183
SHA512

98cf220033e995b73d749c7d4338983a6b6f6fdd932926131a60bece1c030fabd7a00478ca850bdbe539d2a05bdf26e9cf1f71a9e53af661dd032d34124c6d0c
SSDEEP

768:H6V5hyfKeebv3OLQ+ok5MJYwlBJaCRzL/n7:Hg5ICeebPOc/P17

Score

N/A

Malware Config

Signatures

Files

c3a320ab4ff47e996ba6022ce6000c05bfeada55c91a2f3414164c7a80562183
.exe windows x86

30c3b40035825083f35bf36f6ff692da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetTickCount
GetFileAttributesW
SetFileAttributesW
ExpandEnvironmentStringsW
GetVolumeNameForVolumeMountPointW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
ResetEvent
CreateProcessW
OpenProcess
CreateToolhelp32Snapshot
CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
CreateMutexW
ReleaseMutex
SetLastError
WaitForMultipleObjects
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSection
Sleep
GetSystemDirectoryW
CopyFileW
TerminateProcess
ExitThread
Process32FirstW
Module32FirstW
Process32NextW
SetEvent
WaitForSingleObject
TryEnterCriticalSection
CloseHandle
DeleteCriticalSection
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
EnterCriticalSection
GetLastError
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
GetQueuedCompletionStatus
InterlockedIncrement
GetModuleFileNameW

shlwapi

wvnsprintfW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW

ws2_32

WSAIoctl
connect
WSAStartup
WSARecv
WSASend
select
WSAGetLastError
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket
WSASetLastError
send
listen
accept
WSASocketW
closesocket

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
GetLengthSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CLSIDFromString

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30c3b40035825083f35bf36f6ff692da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ws2_32

advapi32

shell32

ole32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 6KB