442ea661a252c1a36cbb94892529758bc53b306ba815b05f380ef24e513167f8

Sharing

Copy URL Twitter E-mail

General

Target

442ea661a252c1a36cbb94892529758bc53b306ba815b05f380ef24e513167f8
Size

160KB
MD5

5ebd231b36f77e13a35211dff41cf625
SHA1

b5a16c225835ccaefe7440e63be796054204da44
SHA256

442ea661a252c1a36cbb94892529758bc53b306ba815b05f380ef24e513167f8
SHA512

4b8764e98b541860451de8a7ff56ff7d2de00877640b330bb9bbee34b26b3be5db19071795fc63c546b4aa7d8ccfd99c6db9cde2595a5494e40be1b34bf7fc43
SSDEEP

3072:scyYQwLTq0sKX/zV4SH5dRI8U6uuZxLB8WqyWFetNN:scZs+/zFZnIujqyQw

Score

N/A

Malware Config

Signatures

Files

442ea661a252c1a36cbb94892529758bc53b306ba815b05f380ef24e513167f8
.exe windows x86

1ffd384fc78211e5a1241fa9e060bfa8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetNetworkParams

kernel32

GetProcAddress
GetCurrentProcessId
HeapAlloc
GetProcessHeap
GlobalFree
GlobalAlloc
CloseHandle
CreateThread
lstrcpyA
TerminateThread
DeleteFileA
lstrcatA
GetModuleFileNameA
ReleaseMutex
GetLastError
OpenMutexA
GetLocalTime
GlobalMemoryStatus
GetSystemInfo
SetErrorMode
CreateMutexA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTickCount
ResetEvent
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
CreateEventA
EnterCriticalSection
LeaveCriticalSection
Sleep
VirtualAlloc
VirtualFree
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
FreeLibrary
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
GetModuleHandleA
ExitProcess
ExitThread
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType

user32

wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
DeleteService
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ws2_32

htonl
sendto
inet_addr
socket
gethostbyname
ntohl
WSAIoctl
select
recv
send
setsockopt
closesocket
WSAStartup
inet_ntoa
ntohs
recvfrom
getsockname
connect
htons

wininet

InternetCloseHandle

Exports

Exports

PUTTY
WWW
dandan

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ffd384fc78211e5a1241fa9e060bfa8

Headers

File Characteristics

Imports

iphlpapi

kernel32

user32

advapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB