4173d3f61bede0d97a9a882d912c83632c74a1f5f6a6072aedd485ff6f514abf

Sharing

Copy URL Twitter E-mail

General

Target

4173d3f61bede0d97a9a882d912c83632c74a1f5f6a6072aedd485ff6f514abf
Size

36KB
MD5

163a8d3a695903d42b3fa675dd1e02a5
SHA1

e0fd141dad390b1bee4cd77564821f2997484054
SHA256

4173d3f61bede0d97a9a882d912c83632c74a1f5f6a6072aedd485ff6f514abf
SHA512

0d19a13005fe65b27c6a2b296e5b6f879bd1bf631e8d5bfc08a8fbf369beaa2787c08ca9e7141867eefafd6774d620b8abb6046d10fbf6c3ad218e1ca43b4b5c
SSDEEP

768:lbIgJ6f3e792Suy1XOTRGBUibbCu1HWJ3ovoUwgqknb1i9rbb4:lsgJZ7Pt1eTqbbhIJ3IDwZ98

Score

N/A

Malware Config

Signatures

Files

4173d3f61bede0d97a9a882d912c83632c74a1f5f6a6072aedd485ff6f514abf
.exe windows x86

85f9b388d200a66c072576320cde1908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
htons
socket
connect
recv
gethostbyname
closesocket
WSACleanup
send

kernel32

HeapAlloc
GetProcessHeap
WriteFile
SetFilePointer
ExitProcess
ResumeThread
DeleteFileW
CreateProcessW
ReadFile
GetFileSize
CreateFileW
ExitThread
CreateThread
VirtualFree
ReleaseMutex
GetLastError
CreateMutexW
SetLastError
GetModuleHandleA
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
ExpandEnvironmentStringsW
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapFree
GetVersionExW
GetTickCount
MultiByteToWideChar
GetVolumeInformationW
WriteProcessMemory
ReadProcessMemory
VirtualAlloc
VirtualProtect
VirtualQuery
OpenProcess
GetExitCodeThread
WaitForSingleObject
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
CreateRemoteThread
CopyFileW
GetModuleFileNameW
SetFileAttributesW
CreateDirectoryW
Sleep
ResetEvent
RemoveDirectoryW
SetEvent
OpenEventW
CreateEventW
LocalAlloc
FindClose
FindNextFileW
GetFileAttributesW
FindFirstFileW
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
OpenMutexA
Process32NextW

ntdll

wcsstr
strncmp
wcsncat
strstr
_strnicmp
memset
_chkstk
memcpy
_wcsicmp

wininet

InternetQueryOptionA
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

shell32

SHGetFileInfoW

user32

DefWindowProcW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
MessageBoxA
CreateWindowExW
RegisterClassW
GetMessageW

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85f9b388d200a66c072576320cde1908

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

ntdll

wininet

shell32

user32

advapi32

ole32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 2KB