850e33157775b05b74da5ace406400e060b13b2455c941d2c52a0def635a87a6

General

Target

850e33157775b05b74da5ace406400e060b13b2455c941d2c52a0def635a87a6
Size

35KB
MD5

bf40f5817d488eba6c6e599ea64df750
SHA1

4d82812ba552cffd0da8f21ef28d9e39fabae9d5
SHA256

850e33157775b05b74da5ace406400e060b13b2455c941d2c52a0def635a87a6
SHA512

5bf9668d9306da7fe89bed5cc88c0c5de8938a8fd2e220a7cc7a403d4e93d6231368a06489bd51d23003b87d834b3f25648f97d26a57dda8e6942fd183422754
SSDEEP

384:VgV/tEJFbPJ+qoW66AZLw5NgMgiCiky19LaoiOX6+acG0F7:moJBkqcZQNgMgiJko1aoJpXF

Score

N/A

Malware Config

Signatures

Files

850e33157775b05b74da5ace406400e060b13b2455c941d2c52a0def635a87a6
.exe windows x86

1d7c3fae161cb8a07cd65736429cd8b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
GetTickCount
ExitThread
Sleep
CreateThread
GetCurrentProcessId
VirtualFree
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
VirtualAlloc
ResumeThread
SetThreadContext
GetThreadContext
CreateProcessA
ReleaseMutex
WaitForSingleObject
DeleteFileA
TerminateProcess
WinExec
GetStartupInfoA
ExitProcess
lstrcmpA
GetComputerNameA
GetVolumeInformationA
TerminateThread
CreateMutexA
LoadLibraryA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetCurrentProcess
GetEnvironmentVariableA
lstrcatA
lstrcpyA
CopyFileA
MultiByteToWideChar
MoveFileExA
DeviceIoControl
GetVersion
CreateFileW
CreateFileA
WriteFile
lstrlenA
CloseHandle

user32

wsprintfA

advapi32

RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ws2_32

gethostbyname
gethostname
inet_ntoa
WSAStartup
setsockopt
sendto
htons
connect
send
inet_addr
htonl
closesocket
socket

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

dnsapi

DnsQuery_A
DnsRecordListFree

ntdll

NtLoadDriver
RtlInitUnicodeString
NtQuerySystemInformation
NtUnloadDriver

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d7c3fae161cb8a07cd65736429cd8b1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

dnsapi

ntdll

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 3KB - Virtual size: 5KB

.bdata Size: 512B - Virtual size: 128B

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 5KB

.bdata
Size: 512B - Virtual size: 128B