eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec

Sharing

Copy URL

Twitter E-mail

General

Target

eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
Size

231KB
MD5

f780458c5331d4e58d09f9363e7f641d
SHA1

0781cb65e390dade1110d0fe3e27caadd1dfd5da
SHA256

eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
SHA512

0106e722ae70e519192008c348d3cedf245f05225a22fce37c45619f51a52a1f8f9f51db849ba619d58112c24d08caeaf6db2fa5b41110e7b12298d6e4bf8ca1
SSDEEP

6144:sa0eTLgMMHT7VTBqo0UxdgBzTLzAQ75lmIGLrDbLrDMdyFFNHe1/EhNzIjEfQqqb:sa00LIHTZTsaksh2EfVqnu

Score

N/A

Malware Config

Signatures

Files

eb1ec377b6809568adcbf2a32af82ce4ee9116328187c3e59180ea24106539ec
.exe windows x86

fe2f337526e216925b61f6331a0228b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strtoul
strchr
strrchr
_vsnprintf
_stricmp
atoi
_strnicmp
strncmp
memmove
tolower
isspace
isprint
_wcsicmp
strcmp
memcmp
wcslen
wcsstr
_chkstk
strlen
memcpy
_alldiv
memset
_allrem
_allshr

ws2_32

send
recv
htons
accept
listen
bind
inet_addr
closesocket
__WSAFDIsSet
gethostbyname
shutdown
select
connect
ioctlsocket
WSAGetLastError
socket
WSAStartup

kernel32

WideCharToMultiByte
OpenProcess
GetProcessTimes
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetNativeSystemInfo
UnregisterWait
CreateEventA
RegisterWaitForSingleObject
GetCurrentThread
ExitProcess
Sleep
ExpandEnvironmentStringsW
GetModuleHandleA
GetTickCount
CloseHandle
CreateThread
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
ExitThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
SetEvent
ResumeThread
CreateProcessW
CreateFileW
DeleteFileW
WriteFile
SetFilePointer
SetEndOfFile
OpenEventA
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLastError
GetCurrentProcess
ReadProcessMemory
GetModuleHandleW
CreateRemoteThread
TerminateProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
DeviceIoControl
CreateFileA
GetVersionExW
LocalFree
VirtualFree
VirtualAlloc
CreateMutexA
LocalAlloc
CopyFileW
SetFileAttributesW
RemoveDirectoryW
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
LoadLibraryW
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
GlobalAddAtomW
GetProcessHandleCount
VirtualProtectEx
DuplicateHandle
FreeLibrary
MultiByteToWideChar
WaitForMultipleObjects
ReadFile
CreateProcessA

user32

CharNextA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
ConvertSidToStringSidA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorGroup
RegNotifyChangeKeyValue

shell32

SHFileOperationW

ole32

StringFromGUID2
CoCreateGuid

shlwapi

PathCombineA

psapi

GetPerformanceInfo

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2f337526e216925b61f6331a0228b8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 45KB - Virtual size: 57KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 45KB - Virtual size: 57KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 5KB - Virtual size: 5KB