81d5dc48545ef3db1614bbb730cb052cbdc504f6bb32e5bbdb939ebc8daa5fe8

Sharing

Copy URL Twitter E-mail

General

Target

81d5dc48545ef3db1614bbb730cb052cbdc504f6bb32e5bbdb939ebc8daa5fe8
Size

3.4MB
MD5

c35be1b88b3c54476eb00e166313174e
SHA1

741b143577fe0fe73282e612296a43d6a6874fde
SHA256

81d5dc48545ef3db1614bbb730cb052cbdc504f6bb32e5bbdb939ebc8daa5fe8
SHA512

2e387109f0f484309751b7e5e244391f59f0a7c19b5104d4ec2de7a68d334d1267438df85ead3e1c3e0a885c1d3b36112bc24861be3806b10f13509909d06b77
SSDEEP

98304:qCT42ZgF/aNkExUNv6RVVVmrehel0MqbeNYps:9ZgF/a2AVsehDA

Score

N/A

Malware Config

Signatures

Files

81d5dc48545ef3db1614bbb730cb052cbdc504f6bb32e5bbdb939ebc8daa5fe8
.exe windows x86

898bdd584463cbf7b4e0b5936cae4abc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rpcrt4

RpcBindingFree
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcStringFreeW
RpcEpResolveBinding
RpcBindingFromStringBindingW
I_RpcExceptionFilter

kernel32

LoadResource
SetErrorMode
GetProcAddress
GlobalReAlloc
GlobalUnlock
WideCharToMultiByte
GetFileAttributesW
LoadLibraryA
GetModuleHandleW
DisableThreadLibraryCalls
TlsFree
lstrcmpiW
GetCurrentProcess
LocalSize
QueryPerformanceCounter
TlsSetValue
GetACP
LeaveCriticalSection
InterlockedIncrement
GetCurrentThreadId
MulDiv
SizeofResource
ExpandEnvironmentStringsW
lstrcpyA
lstrcpyW
LoadLibraryW
GlobalAlloc
GetVersionExA
GetLocaleInfoW
GetCurrentDirectoryW
GetProfileStringW
CloseHandle
LocalReAlloc
lstrcpynW
GetProcessVersion
TlsAlloc
GetTickCount
FindResourceW
GetCurrentProcessId
LockResource
SetLastError
lstrlenA
UnhandledExceptionFilter
GetFullPathNameW
InterlockedCompareExchange
GetTempFileNameW
LocalFree
DeleteFileW
GetDriveTypeW
DelayLoadFailureHook
ResetEvent
InterlockedExchange
SetEvent
FreeLibrary
InterlockedDecrement
EnterCriticalSection
GetLastError
CreateFileW
GetModuleFileNameW
FreeLibraryAndExitThread
FreeResource
lstrcmpW
FindClose
TerminateProcess
FormatMessageW
SetCurrentDirectoryW
MultiByteToWideChar
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsGetValue
WaitForSingleObject
GetSystemTimeAsFileTime
GetSystemDefaultUILanguage
FindResourceA
FindFirstFileW
CreateEventW
FindNextFileW
GetModuleHandleA
GetUserDefaultLCID
FindResourceExW
CreateThread
GlobalFree
GetVolumeInformationW
GlobalLock
LocalAlloc
lstrlenW
GetShortPathNameW

ntdll

RtlIsNameLegalDOS8Dot3
RtlUnicodeStringToAnsiString
strlen
NtAllocateVirtualMemory
_wcsicmp
_chkstk
wcslen
RtlUnicodeToMultiByteSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
_vsnwprintf
RtlUnwind

mswsock

AcceptEx
GetAcceptExSockaddrs

userenv

RsopSetPolicySettingStatus

dnsapi

DnsReplaceRecordSetW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

898bdd584463cbf7b4e0b5936cae4abc

Headers

File Characteristics

Imports

rpcrt4

kernel32

ntdll

mswsock

userenv

dnsapi

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 2.5MB - Virtual size: 15.4MB

.rdata Size: 174KB - Virtual size: 173KB

.rsrc Size: 606KB - Virtual size: 606KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 2.5MB - Virtual size: 15.4MB

.rdata
Size: 174KB - Virtual size: 173KB

.rsrc
Size: 606KB - Virtual size: 606KB

.tls
Size: 512B - Virtual size: 4KB