676d2faa9882fbaa949ad6ecbaa98cc2236e893783f0ab051f0cfcbe7804ccac

Sharing

Copy URL Twitter E-mail

General

Target

676d2faa9882fbaa949ad6ecbaa98cc2236e893783f0ab051f0cfcbe7804ccac
Size

547KB
MD5

8c0a8aeb489fd2e4ad458b4de143a8dc
SHA1

ea0e4d75bb9a8f32a631bb49c4976698f47c34b8
SHA256

676d2faa9882fbaa949ad6ecbaa98cc2236e893783f0ab051f0cfcbe7804ccac
SHA512

e8bb150d12af7807a495f60d9ce1f366145f8b11e0d92da541893d94eeaafecc79296d8a70f0a9033b8c54924f48692e261d9d47a9d8eb5cc5287fccc6764c07
SSDEEP

12288:ctAdyQCxx1MJepfxVLKtusBS88Z2sl0v0A8QR1:yAdyQY1MJevg9clZbSv0

Score

N/A

Malware Config

Signatures

Files

676d2faa9882fbaa949ad6ecbaa98cc2236e893783f0ab051f0cfcbe7804ccac
.exe windows x86

d1b1fe2372f00c8b624bb7b662550de4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
GetModuleFileNameW
GetLastError
FindClose
GetModuleFileNameA
DeleteFileW
GetCurrentProcess
CreateThread
SystemTimeToFileTime
SetFileTime
ReadFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
GetDriveTypeW
GetTimeZoneInformation
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
GetTempPathW
CreateProcessW
CloseHandle
OutputDebugStringA
CreateFileW
WriteFile
WaitForSingleObject
SetEndOfFile
SetFilePointer
GetFileInformationByHandle
FileTimeToLocalFileTime
LocalFree
OutputDebugStringW
LocalSize
lstrlenW
LocalAlloc
FormatMessageW
MultiByteToWideChar
GetFileAttributesW
WideCharToMultiByte
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
SleepEx
FormatMessageA
lstrcatA
lstrcpyA
ResumeThread
SuspendThread
GetLocalTime
ReleaseSemaphore
FileTimeToSystemTime
CreateSemaphoreA
CreateEventA
TerminateThread
InitializeCriticalSection
SetEvent
lstrlenA
GetFileSize
CreateFileA
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
GetStringTypeW
GetConsoleMode
GetConsoleCP
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetFileAttributesA
Sleep
LCMapStringW
RaiseException
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP

user32

wsprintfW
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
CreateDialogParamW
PostMessageW
LoadStringA
PostMessageA

advapi32

CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCloseKey
RegCreateKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptEncrypt

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

ws2_32

getaddrinfo
select
WSAGetLastError
htons
ntohs
getsockname
shutdown
htonl
sendto
WSACleanup
recv
bind
socket
freeaddrinfo
__WSAFDIsSet
closesocket
gethostbyname
inet_addr
send
listen
accept
recvfrom
gethostname
ioctlsocket
WSAStartup
inet_ntoa
WSASetLastError
WSAIoctl
getsockopt
getpeername
setsockopt
connect

wldap32

ord33
ord301
ord27
ord41
ord46
ord60
ord143
ord50
ord26
ord30
ord200
ord79
ord32
ord22
ord35
ord211

dbghelp

MakeSureDirectoryPathExists

shlwapi

PathFileExistsW

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCloseHandle

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1b1fe2372f00c8b624bb7b662550de4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

wldap32

dbghelp

shlwapi

winhttp

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 6KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 6KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB