b311fecda65a48b507e5eeed5b1b1dcb11d0366ee2633becbc80266aad490344

Sharing

Copy URL Twitter E-mail

General

Target

b311fecda65a48b507e5eeed5b1b1dcb11d0366ee2633becbc80266aad490344
Size

332KB
MD5

2a5e8b9f4c230dde04523f257641968d
SHA1

414df1dcc57ff7aca1aa7d0082fe1593af4d4f1d
SHA256

b311fecda65a48b507e5eeed5b1b1dcb11d0366ee2633becbc80266aad490344
SHA512

0eb6c9ed3eb630b57caa5c295ccc069538334f1b2aa3d52b73e55a6571026311b420f47e0b35e44c250cbf16c90cdaf403109042faa257298d633e965723bfbe
SSDEEP

6144:RltB0Drhp80IvlxyRYcoukbRXmgK0hJlne+L38LFtHVbYACzG:RltBo80IvlxyickbRRfefBBC

Score

N/A

Malware Config

Signatures

Files

b311fecda65a48b507e5eeed5b1b1dcb11d0366ee2633becbc80266aad490344
.exe windows x86

2b7cc41489e8d5de73bc4172c5104d29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingSetAuthInfoA
NdrClientCall

ole32

CoImpersonateClient
CoQueryProxyBlanket
CoSetProxyBlanket
StringFromGUID2
CoDisconnectObject
StringFromCLSID
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoInitializeSecurity
CoGetCallContext
CoCreateGuid
CoRevertToSelf

oleaut32

SysStringByteLen
SysAllocString
SysAllocStringLen
VarBstrCat
SysFreeString
VarUI4FromStr
SysStringLen

user32

CharUpperA
UnregisterClassA
CharNextA
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowLongA
GetWindowLongA
SendMessageA
GetWindowTextA
GetDC
IsWindowEnabled
EnableWindow
CheckDlgButton
IsDlgButtonChecked
wsprintfA
wsprintfW
GetProcessWindowStation
GetUserObjectInformationA
PostThreadMessageA
EnumWindows
LoadStringA
GetWindowThreadProcessId
IsWindowVisible
RegisterWindowMessageA
SetForegroundWindow
MessageBoxW
DialogBoxParamA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
MessageBoxA
GetDlgItem
SetDlgItemTextA

wsock32

socket
closesocket
setsockopt
send
bind
connect
recv
gethostbyname
ioctlsocket
WSAGetLastError
WSAStartup
htonl
ntohl
htons

advapi32

LookupAccountSidA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueA
PrivilegeCheck
RegQueryValueExW
LookupAccountSidW
IsValidSecurityDescriptor
EqualSid
GetUserNameW
GetSecurityDescriptorLength
GetUserNameA
SetSecurityDescriptorSacl
MakeSelfRelativeSD
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountNameA
RegOpenKeyExW
RegConnectRegistryA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
CopySid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
IsValidSid
GetLengthSid
OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

VirtualProtect
GetStartupInfoA
FindFirstFileA
FindClose
ReadProcessMemory
SetFilePointer
ReadFile
LocalSize
GetModuleHandleW
Sleep
SetPriorityClass
CreateProcessW
GetExitCodeProcess
ReleaseMutex
CreateMutexA
CreateFileMappingA
MapViewOfFile
GetModuleFileNameW
UnmapViewOfFile
GetSystemDirectoryA
SetEnvironmentVariableA
InterlockedCompareExchange
FormatMessageW
FormatMessageA
CreateFileA
GetFileType
SetErrorMode
CreateThread
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
VirtualAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
LocalAlloc
GetTickCount
GetCurrentProcessId
GetProcAddress
GetCommandLineA
OpenProcess
DuplicateHandle
GetShortPathNameA
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
TlsAlloc
ExitThread
LocalFree
GetProfileStringA
ResumeThread
HeapAlloc
GetProcessHeap
HeapFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CompareStringA
CompareStringW
TerminateProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
LoadLibraryA
CloseHandle
GetCurrentThread
WaitForSingleObject
CreateEventA
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
SetEvent
GetCurrentThreadId
SetUnhandledExceptionFilter
FlushInstructionCache
GetCurrentProcess
GetFileAttributesA

gdi32

GetTextExtentPoint32A

icmp

IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b7cc41489e8d5de73bc4172c5104d29

Headers

File Characteristics

Imports

rpcrt4

ole32

oleaut32

user32

wsock32

advapi32

kernel32

gdi32

icmp

Sections

.text Size: 172KB - Virtual size: 170KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 172KB - Virtual size: 170KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB

PACK
Size: 144KB - Virtual size: 380KB