9f47eb3a5fac004354a9d4dcd3efffb3f8f0377c52b49833abd2c0fb1b68db9c

Sharing

Copy URL Twitter E-mail

General

Target

9f47eb3a5fac004354a9d4dcd3efffb3f8f0377c52b49833abd2c0fb1b68db9c
Size

137KB
MD5

09464bae35b1c59f0e7b1d3535a8ef12
SHA1

4fc936e3d3ec03477d416ef5b12bb79cc4b1a29b
SHA256

9f47eb3a5fac004354a9d4dcd3efffb3f8f0377c52b49833abd2c0fb1b68db9c
SHA512

67c9186519b7e4ec90c727892c1f389626b74aada4377de5cb38c4181605a2e56ebc73b7da4fa6fe1aac5a32742cd11a9bcd19cda7959f97c8fe9393da140c3f
SSDEEP

3072:Hs9lUUlHUiVmqUm9CxMsvSt9FfQQbT/AJ2znp3+6JyIf:Mo4o4tt9VnbT/AJEnpzJ3f

Score

N/A

Malware Config

Signatures

Files

9f47eb3a5fac004354a9d4dcd3efffb3f8f0377c52b49833abd2c0fb1b68db9c
.exe windows x86

27b0e8a09046afb973e6ee2cb88f46e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtutils

TraceRegisterExW
RouterLogRegisterW
TracePrintfExW
TraceDeregisterW
RouterLogDeregisterW

advapi32

CryptReleaseContext
RegOpenKeyExW
SetServiceStatus
CryptAcquireContextW
RegCloseKey
RegEnumKeyExW
RegisterServiceCtrlHandlerW
RegEnumValueW
CryptGenRandom
RegQueryValueExW

msvcrt

memcmp
wcscmp
_wcsicmp
_adjust_fdiv
memmove
free
wcslen
_except_handler3
wcsncpy
malloc
_initterm
strlen
wcschr
memcpy
swprintf
wcscpy
wcscat
memset

wmi

WmiNotificationRegistrationW

ws2_32

WSALookupServiceEnd
WSAAddressToStringA
WSASocketW
WSALookupServiceNextW
WSAAddressToStringW
getaddrinfo
WSASendTo
WSAIoctl
freeaddrinfo
WSARecvFrom
WSAEventSelect
WSAStringToAddressA
getnameinfo
WSALookupServiceBeginW

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

RtlInitUnicodeString
NtAllocateVirtualMemory
NtAddAtom

kernel32

CloseHandle
SetLastError
DeviceIoControl
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentProcess
InterlockedIncrement
WaitForSingleObject
GetComputerNameExW
DeleteCriticalSection
WriteFile
DisableThreadLibraryCalls
GetLastError
HeapFree
HeapCreate
QueueUserWorkItem
GetProcAddress
TerminateProcess
LeaveCriticalSection
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
EnterCriticalSection
BindIoCompletionCallback
CreateFileW
GetCurrentThreadId
ReadFile
GetACP
UnregisterWait
CreateTimerQueueTimer
QueryPerformanceCounter
ReleaseMutex
ChangeTimerQueueTimer
InterlockedExchange
LoadLibraryW
CreateMutexW
CreateTimerQueue
DeleteTimerQueue
UnregisterWaitEx
UnhandledExceptionFilter
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapAlloc
GetTickCount
InterlockedDecrement
HeapDestroy
Sleep
DeleteTimerQueueTimer
FreeLibrary
WideCharToMultiByte
InitializeCriticalSection
SetEvent
HeapReAlloc

iphlpapi

NotifyAddrChange
GetAdaptersInfo
GetAdaptersAddresses
NotifyRouteChange

dnsapi

DnsReplaceRecordSetW

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27b0e8a09046afb973e6ee2cb88f46e2

Headers

File Characteristics

Imports

rtutils

advapi32

msvcrt

wmi

ws2_32

mswsock

ntdll

kernel32

iphlpapi

dnsapi

ole32

Sections

.text Size: 13KB - Virtual size: 12KB

.rsrc Size: 10KB - Virtual size: 9KB

.data Size: 45KB - Virtual size: 968KB

.rdata Size: 388KB - Virtual size: 388KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 10KB - Virtual size: 9KB

.data
Size: 45KB - Virtual size: 968KB

.rdata
Size: 388KB - Virtual size: 388KB

.reloc
Size: 512B - Virtual size: 20B