e5ae0d4078dad0f7d8c520c8706be3cb709cc4cc66e192222e3868abe3c3e67c

General

Target

e5ae0d4078dad0f7d8c520c8706be3cb709cc4cc66e192222e3868abe3c3e67c
Size

40KB
MD5

3144410a37dd4c29d004a814a294ea26
SHA1

0aafdf078c8aed03e60969d7af1dd0f55bdc7276
SHA256

e5ae0d4078dad0f7d8c520c8706be3cb709cc4cc66e192222e3868abe3c3e67c
SHA512

9794ad2390f6088e7da57b0848de03846c70a25400f3fe729e0687394aa730b1b66cd3293c7703912f63123401d7e58cda9fa6f9a62000a9d5fb028443787dfa
SSDEEP

384:gZeJAPDKLz/Ps0AWJpG0ans65hNiNiTYUf/A9ChQytP831DdxRYx0Do7zIB:LCPGLzHs0AyG0ansRiMEuUPEDTRA0Do

Score

N/A

Malware Config

Signatures

Files

e5ae0d4078dad0f7d8c520c8706be3cb709cc4cc66e192222e3868abe3c3e67c
.exe windows x86

b4294a2c1ced6885a9485b6ccc5bda0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
DuplicateHandle
GetLastError
Sleep
ReadFile
PeekNamedPipe
TerminateThread
OpenProcess
GetModuleHandleA
WinExec
GetModuleFileNameA
LCMapStringA
GetOEMCP
TerminateProcess
DisconnectNamedPipe
CreatePipe
CloseHandle
ExitThread
CreateThread
WaitForMultipleObjects
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
GetCurrentDirectoryA
WriteFile
lstrlenA
LCMapStringW
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ExitProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter

user32

ExitWindowsEx

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
OpenServiceA
DeleteService
RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA

ws2_32

WSAStartup
socket
htonl
htons
bind
send
select
recv
WSACleanup
accept
closesocket
listen

urlmon

URLDownloadToFileA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4294a2c1ced6885a9485b6ccc5bda0e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

urlmon

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 15KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 15KB