c506b4df116f82aef2650b5c0ceee9c34536790a947675bb8cb231805ba9d292

Sharing

Copy URL Twitter E-mail

General

Target

c506b4df116f82aef2650b5c0ceee9c34536790a947675bb8cb231805ba9d292
Size

668KB
MD5

bee4086abbf38afb1f6483d0316487fb
SHA1

ade45f553d354b9bc2dd1085aaa830f7acdf3d06
SHA256

c506b4df116f82aef2650b5c0ceee9c34536790a947675bb8cb231805ba9d292
SHA512

7a4844810a6896346e6e24ff9bdc29dbd71f0bd4db528d9487b49623c2930438a7a0ff5201c898f4de1e8d05d80f678acb25ccd567e9908e7f0cdcb719559849
SSDEEP

12288:9M1vb9OyPyrkmggSdLhWO6xdrKj3cwVV:9M5bQ2yrkm0PgOj3cw

Score

N/A

Malware Config

Signatures

Files

c506b4df116f82aef2650b5c0ceee9c34536790a947675bb8cb231805ba9d292
.exe windows x86

1818fb9ec2aa06267bff29d068b816ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
accept
htonl
htons
WSACleanup
listen
send
WSAStartup
shutdown
socket
recv
select
gethostname
ntohs
getpeername
closesocket
WSAGetLastError

kernel32

SetLastError
OpenMutexW
GetVersion
GetVersionExW
GetVersionExA
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLocalTime
lstrlenA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcessId
GetCurrentProcess
WaitForMultipleObjects
GetCurrentThreadId
OpenEventW
GetShortPathNameW
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineW
GetTickCount
ResumeThread
Sleep
CreateMutexW
CreateEventW
SetEvent
ReleaseMutex
LocalFree
FormatMessageW
GetLastError
WaitForSingleObject
PulseEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleFileNameW
FreeLibrary
LoadLibraryW
SetFilePointer
CloseHandle
CreateFileW
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
ExitThread
CreateThread
HeapReAlloc
GetFileType
CreateFileA
GetProcessHeap
GetStartupInfoW
RaiseException
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle

user32

wsprintfW

advapi32

InitializeSid
GetAclInformation
AddAce
InitializeAcl
MakeAbsoluteSD
IsValidSid
GetSecurityDescriptorControl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
CopySid
GetSidSubAuthority
GetSecurityDescriptorDacl
GetSidLengthRequired
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegEnumValueW
RegFlushKey
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
QueryServiceLockStatusW
ControlService
UnlockServiceDatabase
QueryServiceStatus
StartServiceW
LockServiceDatabase
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathUnquoteSpacesW
PathFindFileNameW
PathFindFileNameA
PathQuoteSpacesW
HashData

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 496KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1818fb9ec2aa06267bff29d068b816ce

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

version

shlwapi

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 276KB - Virtual size: 275KB

.vmp0 Size: 192KB - Virtual size: 496KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 276KB - Virtual size: 275KB

.vmp0
Size: 192KB - Virtual size: 496KB