0e0b0b50efc3a1585f5dc29386159c3cffcaa1668e88ef80ecfa082a7bb0a9fd

Sharing

Copy URL

Twitter E-mail

General

Target

0e0b0b50efc3a1585f5dc29386159c3cffcaa1668e88ef80ecfa082a7bb0a9fd
Size

665KB
MD5

31b40951ec7ff4b6c2621133c6a8e830
SHA1

317a00aa6d13e7d9694732f4e3c2036a945323ed
SHA256

0e0b0b50efc3a1585f5dc29386159c3cffcaa1668e88ef80ecfa082a7bb0a9fd
SHA512

49f171acd0954b29d192693e13e4e2c18bade2fa6b1a35aab22e34665c9a197b5be5c2929df24829c8dca3d7dbec663555b0353cb6da74b6e941e4b46cb0646c
SSDEEP

12288:tTthTBbSeQbOtCqpOEeaE76iFFT4HfbJbLckW2VwiuN3QQc2rU5s/FV:JtFBbSettlpY76ET4/bJbgklwiogDHQ

Score

N/A

Malware Config

Signatures

Files

0e0b0b50efc3a1585f5dc29386159c3cffcaa1668e88ef80ecfa082a7bb0a9fd
.exe windows x86

7e2026b6944fbbf44a29e8b1273a908b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsFlushResolverCache

ws2_32

socket
WSACloseEvent
connect
WSAStartup
inet_addr
WSAWaitForMultipleEvents
send
gethostbyname
closesocket
WSACreateEvent
recv
WSACleanup
shutdown
WSAEventSelect
htons
WSAGetLastError

wininet

HttpOpenRequestA
DeleteUrlCacheEntryW
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle

msvcrt

sscanf
sprintf
isspace
strncmp
fprintf
remove
fscanf
_errno
strstr
feof
free
wcsstr
malloc
_stricmp
fopen
fread
ftell
fseek
_wcsnicmp
_close
_lseek
_read
_open
strrchr
printf
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
memcpy
srand
strchr
strncpy
isprint
tolower
fclose
isalnum
_snwprintf
memset
_except_handler3

iphlpapi

GetAdaptersInfo

kernel32

GetTickCount
SetFilePointer
GetFileSize
SetEndOfFile
InterlockedDecrement
WriteProcessMemory
LocalFree
ProcessIdToSessionId
VirtualAllocEx
OpenProcess
CreateRemoteThread
LocalAlloc
GetProcessHeap
HeapFree
HeapAlloc
GetVolumeInformationW
GetLocaleInfoA
GetTempPathW
CreateFileW
ReadFile
WriteFile
MoveFileExW
GetTempFileNameW
lstrcatW
WaitForSingleObjectEx
GetComputerNameA
Process32First
GetCurrentThread
Module32First
Process32Next
GetSystemInfo
GetModuleFileNameA
IsDebuggerPresent
CreateToolhelp32Snapshot
SetThreadAffinityMask
Module32Next
GetVersionExA
CloseHandle
GetCurrentProcessId
ExitProcess
GetCommandLineW
FindResourceA
FreeResource
LoadResource
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
SetFileTime
GlobalAlloc
TerminateThread
Sleep
CopyFileW
SizeofResource
GetExitCodeProcess
TerminateProcess
GetModuleFileNameW
GetLastError
GetProcAddress
GlobalFree
LockResource
CreateEventW
GetModuleHandleA
VirtualProtect
GetFileTime
DeleteFileW
CreateThread
ExpandEnvironmentStringsW
CreateFileA
MoveFileExA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
DeleteFileA
FindFirstFileW
GetVolumeInformationA
GetVersionExW
FindClose
DeviceIoControl
ExpandEnvironmentStringsA
CopyFileA
FindFirstFileA
FindNextFileA

user32

wsprintfA
EndPaint
DestroyWindow
SetTimer
GetMessageW
PostQuitMessage
KillTimer
SendMessageA
BeginPaint
wsprintfW
GetDC
TranslateMessage
IsDialogMessageW
MessageBoxA
ReleaseDC
EndDialog
ShowWindow
CreateDialogParamW
DispatchMessageW
FindWindowA

gdi32

BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetObjectA

advapi32

RegSetValueExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
StartServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
SetFileSecurityA
RegEnumValueA
AddAccessAllowedAce
InitializeAcl
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyA
CheckTokenMembership
FreeSid
RegEnumValueW
AllocateAndInitializeSid
RegCreateKeyExW
RegCloseKey
GetUserNameA
RegSetValueExA

shell32

CommandLineToArgvW
SHChangeNotify
ShellExecuteW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
OleLoadPicture
SysAllocString

ntdll

NtConnectPort
NtRequestWaitReplyPort
RtlNtStatusToDosError
NtClose
NtDelayExecution
NtCreateSection
NtQuerySystemTime

psapi

EnumProcesses
GetProcessImageFileNameW

urlmon

URLDownloadToFileW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.driver
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfgbin
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uac64
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mcp
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uacdll
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.userm
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.abk
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e2026b6944fbbf44a29e8b1273a908b

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

ws2_32

wininet

msvcrt

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

psapi

urlmon

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 117KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 4KB - Virtual size: 3KB

.driver Size: 107KB - Virtual size: 107KB

.cfgbin Size: 9KB - Virtual size: 9KB

.uac64 Size: 57KB - Virtual size: 57KB

.mcp Size: 9KB - Virtual size: 9KB

.uacdll Size: 89KB - Virtual size: 89KB

.userm Size: 74KB - Virtual size: 74KB

.abk Size: 201KB - Virtual size: 201KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 117KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 4KB - Virtual size: 3KB

.driver
Size: 107KB - Virtual size: 107KB

.cfgbin
Size: 9KB - Virtual size: 9KB

.uac64
Size: 57KB - Virtual size: 57KB

.mcp
Size: 9KB - Virtual size: 9KB

.uacdll
Size: 89KB - Virtual size: 89KB

.userm
Size: 74KB - Virtual size: 74KB

.abk
Size: 201KB - Virtual size: 201KB