0fc1a56432130509333542eec91527df6365743e754c468292f2a039f2606d9a

Sharing

Copy URL Twitter E-mail

General

Target

0fc1a56432130509333542eec91527df6365743e754c468292f2a039f2606d9a
Size

79KB
MD5

9a7ec93daaf88d089bd8c3100e53a885
SHA1

03a64e7b4e935b9eac5a67ba41b2ec8b5774e942
SHA256

0fc1a56432130509333542eec91527df6365743e754c468292f2a039f2606d9a
SHA512

c4af656708c9a4829d41616b089a8b6731eb0835859e6ad588df3dbd0babdddb10a43bcd198c41ba8f9ffae71608cacbcffa25b44be4438ef762c9f9d27e5909
SSDEEP

768:UVO+Tcp1VaUir9bS2LqeFaXiYXctjPW8WVrb0s4r2IhBnINcH8Aq1XjEKNmeuFoc:Os1wDgIqqPudL4VhBZch1YKNGvtWfq

Score

N/A

Malware Config

Signatures

Files

0fc1a56432130509333542eec91527df6365743e754c468292f2a039f2606d9a
.exe windows x86

5a68b248b0e051c6ae599fa9a2597778

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
TerminateThread
Sleep
CreateThread
MultiByteToWideChar
lstrlenA
WinExec
CloseHandle
WaitForSingleObject
ExitProcess
GetLastError
CreateMutexA
CopyFileA
CreateDirectoryA
GetModuleFileNameA
GetCurrentProcess
GlobalMemoryStatusEx
GetVersionExA
GetComputerNameA
GetSystemDefaultUILanguage
SetStdHandle
SetFilePointer
FlushFileBuffers
InterlockedExchange
LocalAlloc
FreeLibrary
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
RtlUnwind
RaiseException
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
HeapAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
ReadFile

shell32

SHGetSpecialFolderPathA

ws2_32

__WSAFDIsSet
WSAIoctl
recv
WSASocketA
htonl
select
setsockopt
sendto
inet_addr
socket
htons
connect
closesocket
send
ntohs
WSAStartup

netapi32

NetUserAdd
NetLocalGroupAddMembers

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a68b248b0e051c6ae599fa9a2597778

Headers

File Characteristics

Imports

kernel32

shell32

ws2_32

netapi32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 17KB

.sxdata Size: 512B - Virtual size: 124B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 17KB

.sxdata
Size: 512B - Virtual size: 124B

.rsrc
Size: 3KB - Virtual size: 2KB