2797596f3631aa75e9b1a05bd3e6d96eaa14c2160ff99c60a8800668f8f9e39f

Sharing

Copy URL

Twitter E-mail

General

Target

2797596f3631aa75e9b1a05bd3e6d96eaa14c2160ff99c60a8800668f8f9e39f
Size

157KB
MD5

a0bdc4e5d16d46e3601571af16499370
SHA1

4f85b3453da01cbb9ae715b791a4abccc9893e3a
SHA256

2797596f3631aa75e9b1a05bd3e6d96eaa14c2160ff99c60a8800668f8f9e39f
SHA512

a63587be287460f65f8c8a8b9d114e277530f94d7baf6aa69bb42285a86f1a3724221c35677b42879b43f8f3dda9fce98728f80ffa05286e632662eb85708ea8
SSDEEP

3072:4jSE59SMoO9rYVsxZ/wZ9vJ6wc4UYJlMDQFeJjsBwS:qTSMzEZ9vJL2Y2oECw

Score

N/A

Malware Config

Signatures

Files

2797596f3631aa75e9b1a05bd3e6d96eaa14c2160ff99c60a8800668f8f9e39f
.dll windows x86

27a5bfb045f24f39df3316188b110b0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcschr
_vsnwprintf
_ftol
strstr
_atoi64
strchr
strtok
strncpy
_except_handler3
wcslen
isdigit
strtoul
_strcmpi
_strnicmp
rand
strncmp
atol
_purecall
_vsnprintf
_stricmp
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
free

advapi32

CryptGenRandom
CryptAcquireContextW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid
CheckTokenMembership
SetServiceStatus
RegisterServiceCtrlHandlerExA
CryptReleaseContext

kernel32

InterlockedCompareExchange
LoadLibraryA
DisableThreadLibraryCalls
InterlockedExchangeAdd
GetSystemInfo
FreeLibrary
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
lstrcatA
GetProcAddress
DelayLoadFailureHook
MultiByteToWideChar
lstrcpyW
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
lstrcpyA
CreateTimerQueueTimer
GetTickCount
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateSemaphoreA
CloseHandle
WaitForMultipleObjects
GetLastError
ReleaseSemaphore
SetEvent
InterlockedIncrement
RegisterWaitForSingleObject
CreateEventA
UnregisterWait
InterlockedDecrement
WaitForSingleObject
lstrcmpA
UnregisterWaitEx
Sleep
VirtualProtect
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcmpiA
WideCharToMultiByte
lstrlenW
lstrcpynA
IsBadReadPtr
PulseEvent
ResetEvent
CreateThread
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
InterlockedExchange
CancelIo
VirtualAlloc
GetCurrentThreadId
CreateEventW
QueueUserWorkItem
LoadLibraryW
QueryPerformanceCounter

rpcrt4

RpcEpRegisterA
RpcServerInqBindings
RpcServerRegisterIfEx
RpcBindingVectorFree
RpcServerUseProtseqA
NdrServerCall2
RpcServerUnregisterIfEx
I_RpcBindingInqTransportType
RpcBindingInqAuthClientA
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoA
UuidFromStringW

user32

wsprintfA

ws2_32

inet_ntoa
inet_addr
WSAEventSelect
freeaddrinfo
WSAIoctl
closesocket
getaddrinfo
socket
getsockname
htons
WSACleanup
WSAStartup
sendto
recvfrom
ioctlsocket
bind
setsockopt
ntohs
htonl
WSAEnumNetworkEvents

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

ServiceMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27a5bfb045f24f39df3316188b110b0f

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

rpcrt4

user32

ws2_32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 4KB - Virtual size: 3KB