802e98c0dee39ce11e109a106e15bcfc2ec1a3331325c6c6f2a5ca9c8b7c3d3a

Sharing

Copy URL

Twitter E-mail

General

Target

802e98c0dee39ce11e109a106e15bcfc2ec1a3331325c6c6f2a5ca9c8b7c3d3a
Size

131KB
MD5

efe68ceab5e2994f122752822b565ab8
SHA1

3021bc55db79bf6509425ba4b6934087a330dacb
SHA256

802e98c0dee39ce11e109a106e15bcfc2ec1a3331325c6c6f2a5ca9c8b7c3d3a
SHA512

8fc8281dbc54a7b5f9133bd7790c5eb06ba41178bf115a21b536994b07ffc60ffcb2ef159c011c98ef63e6c9fb707137135e1e7ce6968428cbf3ad2a71b4a80c
SSDEEP

3072:8ElG0/FGuSM0zU9Sk5+mqS1q+ETN7uF9vT0Drv7U1ZYxn:8ElG0dhSMV5MOq+ETN7w9bwrv7U1at

Score

N/A

Malware Config

Signatures

Files

802e98c0dee39ce11e109a106e15bcfc2ec1a3331325c6c6f2a5ca9c8b7c3d3a
.exe windows x86

f797e21c1913be9202cea7d91ee7b282

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatA
GetShortPathNameW
GetProcAddress
OpenSemaphoreA
LoadLibraryA
QueryPerformanceCounter
MoveFileA
GetEnvironmentVariableW
GetCurrentThread
IsBadWritePtr
ExpandEnvironmentStringsW
GetLocalTime
GetFileAttributesW
GetShortPathNameA
ExpandEnvironmentStringsA
GetCurrentProcess
lstrcmpiA
GetVersion
GetSystemDirectoryW
IsBadCodePtr
Beep
SetLocaleInfoA
WaitForMultipleObjects
GetModuleHandleA
GetLocaleInfoW
RemoveDirectoryW
GetCurrentThreadId
CreateDirectoryW
GetEnvironmentStringsA
LoadResource
FindAtomW
EnumTimeFormatsA

user32

LoadMenuA
TrackPopupMenu
LoadMenuIndirectA
IsWindow
GetTopWindow
CharPrevW
DialogBoxParamA
SetWindowTextW
CreateDialogIndirectParamW
SendMessageW
mouse_event
LoadImageW
CreatePopupMenu
UpdateLayeredWindow
RegisterClassA
FindWindowA
SetFocus
GetAsyncKeyState
TrackPopupMenuEx
MessageBoxIndirectA
DefWindowProcA
RegisterWindowMessageA
CharUpperW
MessageBoxA
IsIconic
LoadCursorA
InvalidateRgn
CopyIcon
SetDlgItemInt
SetParent
PostMessageW
PostQuitMessage
MonitorFromWindow
OffsetRect
EnumWindowStationsW
CreateDialogIndirectParamA
SetActiveWindow
GetClassInfoW
LoadIconA
GetMenuItemInfoW
LoadMenuW
EndMenu
GetClassInfoExA
EnableWindow
GetSysColor
GetMenu
SetDlgItemTextA
EmptyClipboard
GetKeyboardType
GetSysColorBrush
CharLowerA
GetActiveWindow
CharNextW
CreateWindowExA

advapi32

RegOpenKeyW
RegEnumValueW
RegSaveKeyW
RegRestoreKeyW
RegQueryValueA
RegQueryInfoKeyA
RegRestoreKeyA
RegQueryValueW
RegDeleteKeyW
RegQueryMultipleValuesA
RegOpenKeyExA
RegReplaceKeyA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueW

shlwapi

SHRegEnumUSValueW
ChrCmpIW
StrSpnA
SHGetValueA
StrToInt64ExW
PathIsSystemFolderW

oleaut32

OleLoadPicture

ws2_32

getsockopt
send
WSASend
accept
WSAConnect
WSAIoctl
WSARecvDisconnect
recv

winmm

midiInGetErrorTextW
auxSetVolume
WOW32DriverCallback
midiStreamPosition
mixerOpen
midiInClose
waveOutMessage
waveOutWrite
midiOutGetNumDevs
mmioGetInfo
midiStreamStop
waveOutGetNumDevs

winspool.drv

SetFormW
EnumJobsA
EnumPrinterDataExW
ConvertAnsiDevModeToUnicodeDevmode
SetJobA
EnumPrintersA
AddPortW
GetSpoolFileHandle

inetcomm

MimeOleSetPropW
MimeOleSMimeCapsFromDlg
MimeOleGetDefaultCharset
MimeOleGetBodyPropW
CreatePOP3Transport
EssSecurityLabelDecodeEx
MimeOleCreateBody
MimeEditIsSafeToRun
DllGetClassObject

sqlunirl

_CreateFile@28
_RegEnumValue_@32
_IsCharLower_@4
_GetProfileSection_@12
_SetICMProfile_@8
_EnumResourceNames_@16
_GetTempPath_@8
_CallWindowProc@20
_CreateColorSpace_@4
_DialogBoxIndirectParam_@20

wsock32

WSAAsyncGetHostByAddr
select
setsockopt
ntohl
WSAUnhookBlockingHook
getsockname
inet_addr
GetServiceW
inet_network
getsockopt
NPLoadNameSpaces
__WSAFDIsSet
WSASetBlockingHook
WSAAsyncGetServByPort

Sections

.FEkycu
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fN
Size: 88KB - Virtual size: 138KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f797e21c1913be9202cea7d91ee7b282

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

oleaut32

ws2_32

winmm

winspool.drv

inetcomm

sqlunirl

wsock32

Sections

.FEkycu Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 7KB - Virtual size: 10KB

.fN Size: 88KB - Virtual size: 138KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 4KB

.FEkycu
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 7KB - Virtual size: 10KB

.fN
Size: 88KB - Virtual size: 138KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 4KB