563c0ea499295b7fd2103c6550165ccb942ff509d68c1917f700d729587c2739

Sharing

Copy URL Twitter E-mail

General

Target

563c0ea499295b7fd2103c6550165ccb942ff509d68c1917f700d729587c2739
Size

43KB
MD5

fb55a5d163cd07fe725ee2094360fa40
SHA1

562833de1868e8581d98cc22006adb09a2eb90e2
SHA256

563c0ea499295b7fd2103c6550165ccb942ff509d68c1917f700d729587c2739
SHA512

dbf71417629fb030502bd84d896f785cde0c3730fe42062af2cb9f2b95a9485825bfb6dcbfb689e13c0d60da81a0835a7e4b89cf92613ff6436d408beb9489f6
SSDEEP

768:zl7kukbfIbMu9CeN7hsAUNBnozdOucyy7L/dlxvzupXgPsbJ0ucroGVYGu:J7ku+f1CCeNVsZnauxBvzutR0uE/Y7

Score

N/A

Malware Config

Signatures

Files

563c0ea499295b7fd2103c6550165ccb942ff509d68c1917f700d729587c2739
.exe windows x86

0b8b89557b1fd22edcb366cd95e898f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasSetSubEntryPropertiesW
RasEditPhonebookEntryA
RasDialW
RasGetAutodialEnableA
RasGetAutodialParamA
DwEnumEntryDetails
RasGetConnectionStatistics
RasRenameEntryA
RasScriptInit
RasScriptTerm
RasGetSubEntryPropertiesA
RasSetOldPassword
RasSetAutodialParamW
RasGetCountryInfoW
RasEnumEntriesA
RasGetErrorStringA
RasGetProjectionInfoW
RasConnectionNotificationA

ws2_32

connect
WSALookupServiceNextW
ntohs
WSALookupServiceNextA
getservbyport
WSARecvDisconnect
inet_addr
WSARemoveServiceClass
WSAAsyncGetHostByAddr
gethostbyname
WSAProviderConfigChange
__WSAFDIsSet
WSAWaitForMultipleEvents
WSAGetServiceClassNameByClassIdA
sendto
WSASetLastError

kernel32

GetVersionExW
LocalAlloc
GetACP
IsWow64Process
GlobalAlloc
CreateMailslotA
GetSystemTimeAsFileTime
EscapeCommFunction
OpenFileMappingW
DeleteTimerQueueTimer
BeginUpdateResourceW
GetLargestConsoleWindowSize
FindFirstVolumeMountPointW
GetCalendarInfoW
Beep
GetStartupInfoA
FillConsoleOutputAttribute
WriteConsoleOutputA
VirtualAlloc
GetFileAttributesW
SetVolumeLabelA
WriteConsoleInputW
IsValidLocale
GlobalUnlock
InitAtomTable
WriteConsoleInputVDMA
lstrcmpiW
CreateRemoteThread
IsBadStringPtrA
LoadLibraryA
GetPrivateProfileIntW

rtm

RtmLockRoute
RtmCreateRouteListEnum
RtmCreateEnumerationHandle
RtmDequeueRouteChangeMessage
MgmGetNextMfeStats
CreateTable
RtmReleaseDests
RtmGetDestInfo
RtmUpdateAndUnlockRoute
RtmGetInstances
RtmLockNextHop
RtmGetNextHopPointer
RtmWriteAddressFamilyConfig
RtmDeregisterEntity
RtmGetEntityInfo
RtmReleaseRoutes
MgmGetNextMfe
RtmCreateRouteEnum
MgmGetMfeStats
RtmDeleteRouteList

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b8b89557b1fd22edcb366cd95e898f9

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

ws2_32

kernel32

rtm

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 35KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 35KB

.rsrc
Size: 1KB - Virtual size: 1KB