1c2d21587eb949fe719ae9499e42381d4250a0be5c770ea707a362afdd171936

Sharing

Copy URL

Twitter E-mail

General

Target

1c2d21587eb949fe719ae9499e42381d4250a0be5c770ea707a362afdd171936
Size

275KB
MD5

d891cbbaf7fd229445a507bd8407fd96
SHA1

535501fbe60ff96890f46b1e2321c9bd0d25c4aa
SHA256

1c2d21587eb949fe719ae9499e42381d4250a0be5c770ea707a362afdd171936
SHA512

86de8aa1da926d1b50cf329dfbbf0d67bf033e73323421c399c80c502cd3e1f92091864c14f9e5bc14f89db9cbe85cd8c0ec7896c3c581b40d4efd09b9631d35
SSDEEP

6144:JBgedih3DLc2g4DEqXqAUTBqd/20dkMzTL7AQ05lmtLrD6LrD6deOHNHXE/Nn719:JSedyzLc8EqeTsdOHf7QlvrT6O2Bqnuq

Score

N/A

Malware Config

Signatures

Files

1c2d21587eb949fe719ae9499e42381d4250a0be5c770ea707a362afdd171936
.exe windows x86

a9ecd8859dca88dd54d1234073888fa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memset
_stricmp
strtoul
strchr
strrchr
atoi
_strnicmp
strncmp
memmove
tolower
isspace
isprint
_wcsicmp
strcmp
memcmp
wcslen
wcsstr
_chkstk
strlen
memcpy
_allrem
_alldiv
_vsnprintf
_allshr

ws2_32

bind
listen
select
htons
inet_addr
closesocket
__WSAFDIsSet
recv
send
gethostbyname
shutdown
socket
connect
ioctlsocket
accept
WSAGetLastError
WSAStartup

kernel32

WideCharToMultiByte
OpenProcess
GetProcessTimes
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetNativeSystemInfo
Sleep
GetCurrentThread
ExitProcess
ExpandEnvironmentStringsW
GetModuleHandleA
GetTickCount
CloseHandle
CreateThread
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
ExitThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
SetEvent
ResumeThread
CreateProcessW
CreateFileW
DeleteFileW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateEventA
GetCurrentProcessId
GetLastError
GetCurrentProcess
ReadProcessMemory
GetModuleHandleW
CreateRemoteThread
TerminateProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
Process32Next
Process32First
DeviceIoControl
CreateFileA
GetVersionExW
LocalFree
VirtualFree
VirtualAlloc
CreateProcessA
LocalAlloc
CopyFileW
SetFileAttributesW
RemoveDirectoryW
ReleaseMutex
OpenMutexW
CreateMutexW
UnregisterWait
LoadLibraryW
RegisterWaitForSingleObject
OpenEventA
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
GlobalAddAtomW
GetProcessHandleCount
VirtualProtectEx
DuplicateHandle
FreeLibrary
MultiByteToWideChar
WaitForMultipleObjects
CreateToolhelp32Snapshot
SetLastError

user32

OpenDesktopA
CreateDesktopA
CloseDesktop
CloseWindowStation
VkKeyScanA
SendInput
SetCursorPos
SetThreadDesktop
SetProcessWindowStation
IsWindow
CreateWindowStationW
CharNextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidA
GetTokenInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegNotifyChangeKeyValue
LookupPrivilegeValueW

shell32

SHFileOperationW

ole32

StringFromGUID2
CoCreateGuid

shlwapi

PathCombineA

psapi

GetPerformanceInfo

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9ecd8859dca88dd54d1234073888fa7

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 57KB - Virtual size: 68KB

.CRT Size: 512B - Virtual size: 16B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 57KB - Virtual size: 68KB

.CRT
Size: 512B - Virtual size: 16B

.reloc
Size: 5KB - Virtual size: 5KB