2f42cdc71b59b67ad912e7dfb617d6f0a88fccc5fa0dd377b33a247049402087

Sharing

Copy URL Twitter E-mail

General

Target

2f42cdc71b59b67ad912e7dfb617d6f0a88fccc5fa0dd377b33a247049402087
Size

210KB
MD5

de418fe1b9485e70c1c470b75a0860e8
SHA1

be909eed6602e12dc9007613d878a3386f6102b0
SHA256

2f42cdc71b59b67ad912e7dfb617d6f0a88fccc5fa0dd377b33a247049402087
SHA512

a5340c0da15724b997beee36eb94be1a2b228bb0ccce8d302578f93b6e689c56319a6492eb9a08544450c1245b3261490b57d49a28ba701d056dae2df1692f26
SSDEEP

3072:XYUyjEPBqLhTUEVJK2xL88NwPUu0OaV4KuyMJyNNHiNKchh8rbKdMi4XfGTVYil8:XNyjBLqEVJ4fF8w4XKiE4KaiRd

Score

N/A

Malware Config

Signatures

Files

2f42cdc71b59b67ad912e7dfb617d6f0a88fccc5fa0dd377b33a247049402087
.exe windows x86

417d87ea22777d5a149f0b8bf20aea1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

RevokeBindStatusCallback
CopyBindInfo
RegisterBindStatusCallback

wininet

GopherFindFirstFileW
FtpFindFirstFileA
InternetConnectA
DeleteUrlCacheEntry
InternetCloseHandle
FtpPutFileW
GopherFindFirstFileA

gdi32

CreateBitmapIndirect
CreateBitmap
AnimatePalette
ColorMatchToTarget
AddFontMemResourceEx
AddFontResourceW
AbortPath

crypt32

CryptStringToBinaryW
CertAddCTLContextToStore
CertGetValidUsages
CryptVerifyMessageSignatureWithKey
CryptUnregisterDefaultOIDFunction
CertCreateSelfSignCertificate

mpr

WNetEnumResourceW
WNetCancelConnectionW
WNetAddConnection3A
WNetCancelConnectionA
WNetGetProviderNameW

kernel32

HeapAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
SetStdHandle
WriteConsoleW
CloseHandle
CreateFileW
TlsSetValue
LoadLibraryW
RtlUnwind
WriteFileGather
GetModuleFileNameA
GlobalGetAtomNameW
GetTapePosition
CallNamedPipeA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapFree
Sleep

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

417d87ea22777d5a149f0b8bf20aea1a

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

wininet

gdi32

crypt32

mpr

kernel32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 155KB - Virtual size: 156KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 155KB - Virtual size: 156KB