81d7266115d41fe66be221dbf3025df0f1250526dacf1e0b6c12f8a510fe532d

Sharing

Copy URL

Twitter E-mail

General

Target

81d7266115d41fe66be221dbf3025df0f1250526dacf1e0b6c12f8a510fe532d
Size

1.5MB
MD5

695b55ed6f29a1e8b1a54a62cc2725af
SHA1

142c1c47ad5ff4cdb5b1a22adf397dac80305782
SHA256

81d7266115d41fe66be221dbf3025df0f1250526dacf1e0b6c12f8a510fe532d
SHA512

b896d6d2dd2a676daca116e5b5ef27391cbe0a018d63e68f9a098d5bdd8d264b58006a9c99717a85d818610993dacd435e0ab2480456a497990f09bd35f2b448
SSDEEP

24576:nYm56PoIaCmLjVal1++ecvY+1rLpV9kHBbDAY9Elx/F6Dv8:YaValM+XB/9khbDBL8

Score

N/A

Malware Config

Signatures

Files

81d7266115d41fe66be221dbf3025df0f1250526dacf1e0b6c12f8a510fe532d
.exe windows x86

c70dd3927611f611233da0d00c16991a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
WSASend
WSACreateEvent
closesocket
ntohl
WSAEventSelect
connect
WSASocketA
WSAStartup
WSACleanup
ioctlsocket
socket
send
WSAEnumNetworkEvents
WSAGetLastError
htons
getservbyname
ntohs
WSASetLastError
inet_ntoa
gethostbyaddr
inet_addr
htonl
getservbyport
WSAGetOverlappedResult
gethostbyname

user32

MsgWaitForMultipleObjectsEx
KillTimer
SetTimer
DispatchMessageW
PeekMessageW
MessageBeep
SetWindowLongA
InvalidateRect
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
SetScrollRange
wsprintfW

advapi32

SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
CloseServiceHandle
SetServiceStatus
ControlService
OpenServiceA
CreateServiceA
RegCreateKeyA
ReportEventA
RegCloseKey
RegisterEventSourceA
RegSetValueExA
DeregisterEventSource
RegDeleteKeyA
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
OpenSCManagerA
AdjustTokenPrivileges
ChangeServiceConfig2A
QueryServiceStatus
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
DeleteService

iphlpapi

GetAdaptersAddresses

setupapi

CM_Disconnect_Machine
CM_Get_Sibling_Ex
SetupDiGetDriverInfoDetailW
SetupDiBuildDriverInfoList
SetupDiGetClassDevsW
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
CM_Get_DevNode_Status_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Device_ID_ExW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_Child_Ex

kernel32

GetLocaleInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
RtlUnwind
DeleteFileA
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
HeapFree
GetSystemDirectoryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
LoadLibraryA
GetLastError
SetLastError
LocalAlloc
GetModuleFileNameA
LocalFree
FormatMessageA
CloseHandle
CreateEventW
WaitForMultipleObjectsEx
InitializeCriticalSection
SetEvent
CreateMutexW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
ReleaseMutex
WaitForSingleObject
GetModuleHandleA
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateProcessW
WTSGetActiveConsoleSessionId
Process32Next
GetCurrentProcess
CreateToolhelp32Snapshot
Sleep
Process32First
SetCurrentDirectoryA
GetStartupInfoA
GetCurrentProcessId
GetTickCount
TerminateProcess
OpenProcess
GetEnvironmentVariableA
SetErrorMode
SetUnhandledExceptionFilter
ClearCommError
GetCommState
SetupComm
PurgeComm
ReadFile
CreateFileW
GetOverlappedResult
EscapeCommFunction
WriteFile
SetCommState
SetCommTimeouts
CreateThread
SetCommMask
Process32FirstW
ConnectNamedPipe
CreateNamedPipeW
Process32NextW
GetComputerNameW
lstrlenW
LoadLibraryW
HeapAlloc
GetFileSize
CreateNamedPipeA
DisconnectNamedPipe
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
MoveFileW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStdHandle
GetCPInfo
ResetEvent
GetSystemInfo
GetLocalTime
GetCurrentThreadId
CreateDirectoryW
GetTempPathW
GetTimeZoneInformation
QueryPerformanceFrequency
GetSystemTimeAsFileTime
CreateFileA
ReadFileEx
WaitNamedPipeA
CreateEventA
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
OpenFileMappingW
InterlockedExchange
CreateFileMappingW
GetVersionExW
InterlockedIncrement
SetThreadPriority
RaiseException
GetExitCodeThread
TerminateThread
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetFilePointer
SetEndOfFile
InterlockedDecrement

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

libeay32

ord641
ord653
ord657
ord585

ssleay32

ord74
ord78
ord130
ord108
ord87
ord12
ord61
ord43
ord75
ord183
ord127
ord111

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c70dd3927611f611233da0d00c16991a

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

iphlpapi

setupapi

kernel32

ole32

oleaut32

wtsapi32

userenv

libeay32

ssleay32

Sections

.text Size: 680KB - Virtual size: 679KB

.rdata Size: 856KB - Virtual size: 853KB

.data Size: 24KB - Virtual size: 65KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 680KB - Virtual size: 679KB

.rdata
Size: 856KB - Virtual size: 853KB

.data
Size: 24KB - Virtual size: 65KB

.rsrc
Size: 8KB - Virtual size: 4KB