cbd8d65c55f3f74d05717776e77fd733121eeb6b9b98c715f89007b834b23636

Sharing

Copy URL Twitter E-mail

General

Target

cbd8d65c55f3f74d05717776e77fd733121eeb6b9b98c715f89007b834b23636
Size

824KB
MD5

b9edced95fcb7a1e8919126684fc35d2
SHA1

16b6eb04a43aa8193a6a807e58d1ce0d63091629
SHA256

cbd8d65c55f3f74d05717776e77fd733121eeb6b9b98c715f89007b834b23636
SHA512

2a049f4804714577dc6d4ff10a1bfeef7eb3be08577cc7003a759de1948bf0ebec2646682ef3e413c706f924d96488e8fc4e111d340df24bb62476bdeeb2d8e0
SSDEEP

24576:GQ39aY0twPDGQXyoBLBV1TncrE3bnyBJlcbVb8r:IwrF4E7bh+

Score

N/A

Malware Config

Signatures

Files

cbd8d65c55f3f74d05717776e77fd733121eeb6b9b98c715f89007b834b23636
.exe windows x86

3d7bf0815105aad18db2b6a30f826d6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GdiQueryTable
GetHFONT
GdiEntry10
GdiConvertDC
SetBitmapAttributes
EnumFontFamiliesExA
DdEntry38
EndFormPage
GdiGetLocalDC
GetLayout
ExtSelectClipRgn
PATHOBJ_vGetBounds
GdiEntry3
SetTextCharacterExtra
EudcLoadLinkW
EngWideCharToMultiByte
ResetDCW
CreatePenIndirect
EngFillPath
GetTextExtentExPointWPri
STROBJ_bEnum
DeleteObject
GetDIBColorTable
DdEntry15
GetTextExtentExPointW
RemoveFontResourceExA
ScaleViewportExtEx
DdEntry11

crtdll

iswlower
_fileno
_getdrive
_CIatan2
fread
strlen
wcsstr
_mbscpy
tmpnam
_memicmp

ntdll

NtRemoveProcessDebug
NtWaitForMultipleObjects
RtlDeleteAce
NtQuerySystemEnvironmentValueEx
ceil
RtlIpv4AddressToStringW
RtlFindActivationContextSectionGuid
RtlRunEncodeUnicodeString
NtReadFile
RtlGetNativeSystemInformation
NtOpenJobObject
ZwSetValueKey
RtlOemToUnicodeN
ZwSetLdtEntries
ZwSetQuotaInformationFile
NtQueryInformationPort
_strlwr
NtQueryInformationThread
NtAccessCheck
ZwMapUserPhysicalPages
NtFlushWriteBuffer
RtlGetUserInfoHeap

kernel32

WritePrivateProfileStringA
SetFileValidData
GetModuleHandleA
AddRefActCtx
CallNamedPipeW
FindResourceW
SetDefaultCommConfigA
ResetEvent
GetPrivateProfileStringA
VirtualFreeEx
RemoveDirectoryA
GetLocaleInfoA
GetCurrentThread
LoadLibraryW
CreateMemoryResourceNotification

ws2_32

WSARecv
WSAEnumProtocolsA
getprotobynumber
WSAInstallServiceClassW
WSACloseEvent
WSAUnhookBlockingHook
accept
getsockname
WSASocketA
WPUCompleteOverlappedRequest
WSCInstallNameSpace
gethostbyaddr

scecli

SceGetSecurityProfileInfo
SceFreeProfileMemory
SceIsSystemDatabase
SceCloseProfile
DeltaNotify
SceSetDatabaseSetting
SceProcessSecurityPolicyGPOEx
SceProcessSecurityPolicyGPO
SceAddToObjectList
SceLookupPrivRightName
SceSetupSystemByInfName
SceSetupUpdateSecurityKey
DllRegisterServer
InitializeChangeNotify
SceSetupGenerateTemplate

Sections

.text
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d7bf0815105aad18db2b6a30f826d6f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

crtdll

ntdll

kernel32

ws2_32

scecli

Sections

.text Size: 373KB - Virtual size: 372KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 373KB - Virtual size: 372KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 1024B - Virtual size: 836B