2c56374611bd73192bdc633ce6462ea36d9595fc5422f32c09f98f5cc60e5291

Sharing

Copy URL

Twitter E-mail

General

Target

2c56374611bd73192bdc633ce6462ea36d9595fc5422f32c09f98f5cc60e5291
Size

900KB
MD5

fae3f94ff17f7538f2ab37779067dec3
SHA1

556c2bb9dbc05fafe6ba1fd623eae20f291b851f
SHA256

2c56374611bd73192bdc633ce6462ea36d9595fc5422f32c09f98f5cc60e5291
SHA512

5418858accf3c3e1a8750b7c620c3c233b45391c0b386b3d52cbb1394549745817f013ae862d8638ec0dff7d70cfe134560f290b19d02fc1c6a0349a183ff227
SSDEEP

24576:atXR40eeU8n6FbklgNXhOpBj+AP+tKazFQIpzV0TO:AR40eknlcmRSrFpzV0T

Score

N/A

Malware Config

Signatures

Files

2c56374611bd73192bdc633ce6462ea36d9595fc5422f32c09f98f5cc60e5291
.exe windows x86

e16f5110a76497d22b74655450077065

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetOption

shell32

CommandLineToArgvW
SHFileOperationW
ShellExecuteW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

advapi32

DeleteService
RegSetValueExW
RegOpenKeyExA
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenServiceW
QueryServiceStatusEx
RegOpenKeyExW
ControlService
OpenSCManagerA
StartServiceA
CloseServiceHandle
RegCreateKeyExW
RegCloseKey

kernel32

LCMapStringW
GetConsoleCP
GetConsoleMode
HeapSize
RtlUnwind
GetStringTypeW
SetStdHandle
WriteConsoleW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
CreateDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
GetLastError
GetModuleHandleA
InterlockedDecrement
GetLocalTime
GetVersionExW
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
SetFilePointer
LocalFree
GetCurrentProcess
GetModuleHandleW
FlushFileBuffers
LockResource
LoadResource
FindResourceA
OpenProcess
GetTickCount
CreateFileW
SetLastError
HeapFree
HeapAlloc
GetProcessHeap
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
GetVolumeInformationW
GetSystemDirectoryW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
lstrcpyA
lstrlenA
HeapReAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetModuleFileNameW
CreateThread
GetWindowsDirectoryW
lstrcatW
RtlCaptureStackBackTrace
GetBinaryTypeW
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
HeapCreate
SizeofResource
lstrcpynW
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess

wininet

InternetSetOptionA

dbghelp

SymFromAddrW
SymInitialize

user32

wsprintfW

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e16f5110a76497d22b74655450077065

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shell32

psapi

advapi32

kernel32

wininet

dbghelp

user32

ole32

oleaut32

iphlpapi

version

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 756KB - Virtual size: 756KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 756KB - Virtual size: 756KB

.reloc
Size: 15KB - Virtual size: 15KB