ff5b70dfed424ed81c53fb619dbcd053c0d9c10e56c9e0bd65d7c6f27c5d9efd

Sharing

Copy URL Twitter E-mail

General

Target

ff5b70dfed424ed81c53fb619dbcd053c0d9c10e56c9e0bd65d7c6f27c5d9efd
Size

500KB
MD5

bcf6744febc8cc70d2b88ca12df9a620
SHA1

68ae47d8afad9ad4283a29551fab86d148e62a3e
SHA256

ff5b70dfed424ed81c53fb619dbcd053c0d9c10e56c9e0bd65d7c6f27c5d9efd
SHA512

a58df3b2722e967742fcd21875b431f0ecb325eda0b6e2fbffac7bd6032259e3c266140b8f507f6f65a4b1f537265dbff630d42636588953662e53922e0180ff
SSDEEP

6144:FvaITnG3tOO/1AEuTn+K2ZaAO6L+J/q4WlycK2bok0XTifXzcOYobASI9xdZjEBH:FvFKxKH2Zs6L+JqE2bJfX8dSUZQTt

Score

N/A

Malware Config

Signatures

Files

ff5b70dfed424ed81c53fb619dbcd053c0d9c10e56c9e0bd65d7c6f27c5d9efd
.dll windows x86

fdf68051898829dda9880be9649c6f42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
accept
listen
inet_ntoa
setsockopt
htons
bind
recvfrom
recv
inet_addr
ntohs
send
WSAGetLastError
socket
ioctlsocket
gethostbyname

kernel32

GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
SetStdHandle
InitializeCriticalSection
GetOEMCP
GetACP
LoadLibraryA
FreeLibrary
GetProcAddress
GetTickCount
ReadProcessMemory
GetVersionExA
GetCurrentProcessId
GetCurrentThreadId
GetSystemInfo
VirtualQueryEx
VirtualQuery
GetLastError
CreateDirectoryA
DeleteFileA
ExitProcess
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
SetFileAttributesA
GetFileAttributesA
MoveFileA
RtlUnwind
GetCommandLineA
QueryPerformanceCounter
GetModuleFileNameA
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
GetFullPathNameA
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
CloseHandle
WriteFile
FlushFileBuffers
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
TerminateProcess
GetCurrentProcess
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
InterlockedExchange
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetStringTypeA
GetStringTypeW

user32

EnumWindows

Exports

Exports

sa
sb

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdf68051898829dda9880be9649c6f42

Headers

File Characteristics

Imports

wsock32

kernel32

user32

Exports

Exports

Sections

.text Size: 352KB - Virtual size: 348KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 547KB

.reloc Size: 36KB - Virtual size: 34KB

.rmnet Size: 44KB - Virtual size: 44KB

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 547KB

.reloc
Size: 36KB - Virtual size: 34KB

.rmnet
Size: 44KB - Virtual size: 44KB