2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1

Sharing

Copy URL

Twitter E-mail

General

Target

2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
Size

304KB
MD5

9a1174fb32ed8aa6e98cde6b7be2fc30
SHA1

0319ff3cc7a4da50dc92bad93d523dc3410cb0dc
SHA256

2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
SHA512

cf367545fbc1831dff45d15604178eac77b052960d294ca9d077f4834467932311b86aed2a2f437300c9603eb8c3d85a8ac36a1fc8148db865942974c976c069
SSDEEP

6144:5zty2epNT3bn7B/ZdgP8COz1BEKa4kXdU8i2:5ztMnrj7BZdgrOz1BEKwXd02

Score

N/A

Malware Config

Signatures

Files

2057616af9b56bc5f4c7e4ab1c33a2be5c092121af622b87f1468a722fc04ad1
.exe windows x86

af88a34abf3c78bbdb281122794e7f99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAStartup
inet_ntoa
gethostbyname
WSACleanup
inet_addr
ntohl
send
recv
gethostname
htons
closesocket
connect

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
CreateThread
QueryPerformanceCounter
CreateDirectoryW
GetCurrentThreadId
WaitForSingleObject
OpenThread
CloseHandle
GetLastError
GetTickCount
CreateMutexW
GetFileSize
CreateFileW
lstrlenA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
RaiseException
InterlockedDecrement
GetVersionExW
GetSystemDirectoryW
ReadFile
DeleteFileW
GetFileAttributesW
QueryPerformanceFrequency
SetFilePointer
MoveFileW
VirtualQuery
Sleep
FindClose
SetStdHandle
GetCurrentProcess
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GetSystemTimeAsFileTime
WriteFile
GetModuleHandleA
GetProcessTimes
FindFirstFileW
SetProcessAffinityMask
GetProcessAffinityMask
DeviceIoControl
CreatePipe
GetStdHandle
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
SetLastError
TlsFree
VirtualFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
WriteConsoleA
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
CreateFileA
GetCurrentProcessId
GetThreadLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
InterlockedExchange

user32

GetDesktopWindow
IsWindow
RegisterClassExW
GetClassInfoExW
SendMessageW
PostThreadMessageW
SetForegroundWindow
GetCursorPos
DestroyWindow
TrackPopupMenu
LoadMenuW
GetSubMenu
CharLowerW
CharNextW
CharLowerA
SetTimer
GetMessageW
SetWindowLongW
DefWindowProcW
ShowWindow
DispatchMessageW
KillTimer
CreateWindowExW
RegisterClassW
UpdateWindow
GetWindowLongW
LoadImageW
PostMessageW
DestroyMenu
TranslateMessage

gdi32

GetStockObject

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

ole32

CoFreeLibrary
CoLoadLibrary

oleaut32

SysFreeString
SysStringLen

shlwapi

PathFileExistsW

wintrust

CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetNameStringW

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af88a34abf3c78bbdb281122794e7f99

Headers

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 76KB - Virtual size: 76KB