d478097b52d2dd1862cf31fd139b16a8dc1f6ce628aae376364323bab030cc6f

Sharing

Copy URL Twitter E-mail

General

Target

d478097b52d2dd1862cf31fd139b16a8dc1f6ce628aae376364323bab030cc6f
Size

712KB
MD5

855acc40b6bf3ebe7913dcf0c7f32b66
SHA1

c3fc572f07de7a553c26d9ed77790b26931d0f8e
SHA256

d478097b52d2dd1862cf31fd139b16a8dc1f6ce628aae376364323bab030cc6f
SHA512

1d9aa9154932f3ce9f7b3873cf0eb5ec60eb0b3d1fe54b10b9ddcaf9e429fd7de89bb37debad01868b4e01be0ee15c80b204184e5d339fa8409aab51c8af721a
SSDEEP

12288:GOlDOJjewaGhq9ZfOFYaJg3DJabtm2aOACM+SiFKDy5Aiqq9aIS3jn0lFYdMwYuM:GOYJjeogIaaxbr952q9aUBy2RobA/T4O

Score

N/A

Malware Config

Signatures

Files

d478097b52d2dd1862cf31fd139b16a8dc1f6ce628aae376364323bab030cc6f
.exe windows x86

ea767fcd832046f9e70f02b4b8f85663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

getpeername
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
gethostname
ioctlsocket
listen
accept
WSAIoctl
setsockopt
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getsockname
getsockopt
htons
bind
ntohs

wldap32

ord200
ord33
ord301
ord27
ord22
ord41
ord35
ord32
ord30
ord26
ord50
ord60
ord46
ord211
ord79
ord143

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

kernel32

LoadLibraryW
GetProcAddress
GetLocaleInfoA
GetTimeZoneInformation
GetCurrentProcess
OpenProcess
GetLastError
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
WaitForSingleObject
SetEvent
Sleep
CreateEventW
QueueUserWorkItem
GetFullPathNameW
GetTickCount
LocalAlloc
LocalFree
InterlockedCompareExchange
GetCurrentProcessId
CreateToolhelp32Snapshot
HeapSetInformation
SetUnhandledExceptionFilter
GetModuleHandleW
Process32NextW
Process32FirstW
GetModuleHandleExA
GetSystemInfo
TerminateProcess
ResumeThread
AssignProcessToJobObject
CreateProcessW
ReadFile
GetStdHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
CopyFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
CloseHandle
CreateDirectoryW
FindClose
GetTempPathW
GetCurrentDirectoryW
SetLastError
WriteFile
GetCommandLineW
InterlockedExchangeAdd
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GlobalMemoryStatusEx
GetNativeSystemInfo
GetVersionExW
GetCurrentThreadId
ReleaseMutex
CreateMutexW
SetFilePointer
OutputDebugStringA
FormatMessageA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
GetFileInformationByHandle
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemDirectoryW
GetWindowsDirectoryW
InterlockedExchange
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEnvironmentVariableA
WaitForMultipleObjects
RaiseException
CreateThread
IsDebuggerPresent
InterlockedIncrement
InitializeCriticalSection
SleepEx
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
GetFileType
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
CreateFileW
GetModuleFileNameW
SetEndOfFile
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
UnhandledExceptionFilter
ExitProcess
HeapReAlloc
GetProcessHeap
GetConsoleCP
GetConsoleMode
ExitThread
GetDriveTypeA
FindFirstFileExA
GetCPInfo
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
HeapSize
GetStringTypeW
GetFullPathNameA
CreateFileA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
RemoveDirectoryW
PostQueuedCompletionStatus

user32

DispatchMessageW
PostMessageW
KillTimer
PeekMessageW
SetTimer
TranslateMessage
GetSystemMetrics
EnumDisplaySettingsW
CreateWindowExW
RegisterClassExW
WaitMessage
CallMsgFilterW
PostQuitMessage
GetQueueStatus
DefWindowProcW
MsgWaitForMultipleObjectsEx
UnregisterClassW
DestroyWindow
MessageBoxW

advapi32

OpenServiceW
EnumDependentServicesW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
AdjustTokenPrivileges
GetLengthSid
InitializeSid
GetSidLengthRequired
IsValidSid
DuplicateTokenEx
LookupPrivilegeValueW
EqualSid
CopySid
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
ChangeServiceConfig2W
StartServiceW
QueryServiceStatusEx
ControlService
QueryServiceConfigW
EnumServicesStatusExW
CreateProcessAsUserW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
RegCreateKeyExW
RegSetValueExW
QueryServiceConfig2W

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoCreateGuid

netapi32

Netbios

shlwapi

PathRemoveExtensionA
PathFileExistsW
PathFindFileNameA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea767fcd832046f9e70f02b4b8f85663

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

wldap32

wtsapi32

kernel32

user32

advapi32

shell32

ole32

netapi32

shlwapi

userenv

winmm

Sections

.text Size: 571KB - Virtual size: 571KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 780B

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 571KB - Virtual size: 571KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 780B

.reloc
Size: 33KB - Virtual size: 32KB