cc2e2d8998c74adbc8ebf5a8bb425beaf679da0072f3b975acbbe812ac7982a7

Sharing

Copy URL Twitter E-mail

General

Target

cc2e2d8998c74adbc8ebf5a8bb425beaf679da0072f3b975acbbe812ac7982a7
Size

103KB
MD5

87a42d3295a5b5c7ee1874dacd9a7412
SHA1

cd33efe35687a33854201a7ae1e2e4da27897ee0
SHA256

cc2e2d8998c74adbc8ebf5a8bb425beaf679da0072f3b975acbbe812ac7982a7
SHA512

3f64bc63423c1902cb585cfa84d8b19d9fe0c8b1cc1cb9801e4833c6e7b5beb78a2424712ae2cb1e3da686ad3ff391a47a3a45d1accc2ccf174a8725ef5c4d55
SSDEEP

3072:sdD2zNc31I3tgt89I51cvDYaQHK3HEEooV:szCdgtR56vsaQuHEcV

Score

N/A

Malware Config

Signatures

Files

cc2e2d8998c74adbc8ebf5a8bb425beaf679da0072f3b975acbbe812ac7982a7
.exe windows x86

1a0c80a6846f231839a5de1d12b8ad78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetComputerNameW
GetTickCount
GetCurrentThread
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
GetVersionExW
HeapDestroy
HeapCreate
GetFileAttributesW
Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
FreeLibrary
GetEnvironmentVariableW
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetSystemTime
SetFileAttributesW
CreateThread
CreateRemoteThread
Process32FirstW
Process32NextW
lstrcmpiA
WTSGetActiveConsoleSessionId
SetThreadPriority
GetLocalTime
GlobalLock
GlobalUnlock
ResetEvent
MoveFileExW
GetUserDefaultUILanguage
SetEndOfFile
GetNativeSystemInfo
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
OpenMutexW
FileTimeToDosDateTime
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
SetThreadContext
GetThreadContext
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
WriteProcessMemory
LocalFree
GetCurrentProcessId
CloseHandle
ExitProcess
DuplicateHandle
OpenEventW
GetFileAttributesExW
lstrcmpiW
WaitForMultipleObjects
CreateEventW
GetProcAddress
GetModuleFileNameW
Sleep
VirtualFreeEx
VirtualFree
GetModuleHandleW
SetEvent
WaitForSingleObject
SetErrorMode
GetCommandLineW
GetLastError

user32

DrawIcon
LoadImageW
CharLowerBuffA
CharLowerW
ToUnicode
GetClipboardData
GetKeyboardState
ExitWindowsEx
GetIconInfo
DispatchMessageW
CharUpperW
PeekMessageW
CharLowerA
TranslateMessage
CharToOemW
MsgWaitForMultipleObjects
GetCursorPos

advapi32

RegCloseKey
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
RegEnumKeyExW
RegOpenKeyExW
GetLengthSid
IsWellKnownSid
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
ConvertSidToStringSidW
RegSetValueExW
CryptHashData
EqualSid
InitiateSystemShutdownExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shlwapi

wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathRemoveBackslashW
UrlUnescapeA
PathRenameExtensionW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathUnquoteSpacesW
PathQuoteSpacesW
PathIsURLW
StrStrIW
PathRemoveFileSpecW
PathAddExtensionW
StrStrIA
PathCombineW
StrCmpNIW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

WSASetLastError
closesocket
freeaddrinfo
listen
socket
recv
sendto
WSASend
WSAEventSelect
getpeername
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
recvfrom
getaddrinfo
select
WSAGetLastError
getsockname
shutdown
setsockopt
send
accept
bind

crypt32

CertDeleteCertificateFromStore
CertCloseStore
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CertOpenSystemStoreW

wininet

InternetCrackUrlA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
HttpAddRequestHeadersA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a0c80a6846f231839a5de1d12b8ad78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB