613bee2c64bb9e800fd9616f27c7ffe4e48e71bf41666075ca7ddf6752474621

Sharing

Copy URL Twitter E-mail

General

Target

613bee2c64bb9e800fd9616f27c7ffe4e48e71bf41666075ca7ddf6752474621
Size

96KB
MD5

3d399ae52d70c45d9cd839d8553289f6
SHA1

c85f91ec41fb9b7e80c91456879a435e91d20c8c
SHA256

613bee2c64bb9e800fd9616f27c7ffe4e48e71bf41666075ca7ddf6752474621
SHA512

d06aa61d4b8cca38d7bd744e16e1e7a667df41d2eded755f499ec2ad9ae2b7925e14bc2f2cf1abf532bbcecb4f1c417fe816d58ff269d1ddbd278dbfacda4181
SSDEEP

1536:efJKV2NYJiv++wCvJ5vLsINMmHbug4n+65Ow8YTOs8G7uSWaPLrccZkKgFts:qJKENYJv+RvJ1ug4+65ObhBOujGrcSMW

Score

N/A

Malware Config

Signatures

Files

613bee2c64bb9e800fd9616f27c7ffe4e48e71bf41666075ca7ddf6752474621
.exe windows x86

859d816c861a3ee53299a5fe14369190

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetWindowsDirectoryA
CloseHandle
ResumeThread
ExitProcess
CreateMutexA
GetCurrentThreadId
lstrlenA
SetFileAttributesA
CopyFileA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
LoadLibraryA
GetTempPathA
GetProcAddress
WinExec
CreateThread
GetVersionExA
GetSystemTimes
GetLastError
GetCurrentProcessId
ExitThread
Sleep
GetLocalTime
WaitForSingleObject
GetTickCount
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
SetEnvironmentVariableA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
WideCharToMultiByte
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
RaiseException
RtlUnwind
GetTimeZoneInformation
GetSystemTime
HeapFree
HeapAlloc
TerminateProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion

user32

wsprintfA
GetMessageA
PostThreadMessageA
GetInputState

advapi32

CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

WSASocketA
gethostbyname
inet_addr
inet_ntoa
gethostname
select
__WSAFDIsSet
recv
WSAIoctl
send
connect
socket
WSAStartup
WSAGetLastError
setsockopt
htons
htonl
sendto
closesocket
WSACleanup

pdh

PdhCollectQueryData
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery

iphlpapi

GetIfTable
GetAdaptersInfo

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

859d816c861a3ee53299a5fe14369190

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

pdh

iphlpapi

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.sxdata Size: 4KB - Virtual size: 24B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.sxdata
Size: 4KB - Virtual size: 24B