b50c496193e3068e054b0a3bc84b1cb7642f850887cb267c190e9d71398d4b41

Sharing

Copy URL Twitter E-mail

General

Target

b50c496193e3068e054b0a3bc84b1cb7642f850887cb267c190e9d71398d4b41
Size

324KB
MD5

b62b03c2d340797264933e6cc0cc195b
SHA1

5a79d0042506cdc592d2c6e34986df798ff3483d
SHA256

b50c496193e3068e054b0a3bc84b1cb7642f850887cb267c190e9d71398d4b41
SHA512

20e7f1d2bbef306e906f173446468d1eb4b68224721b87e39ba9f938e6be160196cb815c9336c1573c0c85ca0028cd4303a4d7a853de144a283b419615c70c17
SSDEEP

6144:0oT+wu5JGSur+TpH09TWCKfZL8ws9lZu58K6w:0oT+wu5JGSur+Td09TWC4fs9lM58k

Score

N/A

Malware Config

Signatures

Files

b50c496193e3068e054b0a3bc84b1cb7642f850887cb267c190e9d71398d4b41
.exe windows x86

62dbe720f2c4a0b6d33593deb6355c67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

kernel32

HeapFree
HeapAlloc
GetSystemInfo
GetVersionExA
GetStartupInfoA
OpenProcess
LCMapStringW
LCMapStringA
SetFilePointer
FlushFileBuffers
MultiByteToWideChar
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CloseHandle
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
EnterCriticalSection
DeleteCriticalSection
Sleep
GetOEMCP
GetVersion
LocalAlloc
LocalFree
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
InterlockedExchange
lstrcpyA
ResetEvent
WideCharToMultiByte
VirtualAlloc
VirtualFree
LeaveCriticalSection
LoadLibraryA
GetProcAddress
SetStdHandle
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
RaiseException
SetLastError
TlsAlloc
GetCommandLineA
GetModuleHandleA
ExitThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
CreateThread
GetLastError
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
BlockInput
SetRect
PostMessageA
OpenInputDesktop
SetThreadDesktop
GetDC
WindowFromPoint
MapVirtualKeyA
CloseDesktop
wsprintfA

gdi32

BitBlt
DeleteDC
DeleteObject

advapi32

LookupAccountNameA
LsaClose
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
IsValidSid

shell32

SHGetSpecialFolderPathA

ws2_32

bind
WSACleanup
WSAIoctl
setsockopt
ntohs
closesocket
send
gethostname
select
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
WSAStartup
getsockname
htons
socket
connect
inet_addr
inet_ntoa
gethostbyname
recv

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62dbe720f2c4a0b6d33593deb6355c67

Headers

File Characteristics

Imports

avicap32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wtsapi32

Sections

.text Size: 240KB - Virtual size: 236KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 24KB - Virtual size: 233KB

.rsrc Size: 4KB - Virtual size: 424B

.text
Size: 240KB - Virtual size: 236KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 233KB

.rsrc
Size: 4KB - Virtual size: 424B