996e75e1ac75af44934817528d16013983472bc30dcd7eb677ea026ab553a714

Sharing

Copy URL

Twitter E-mail

General

Target

996e75e1ac75af44934817528d16013983472bc30dcd7eb677ea026ab553a714
Size

384KB
MD5

46d60aa0978b1069754d4b03d5962627
SHA1

dc74be2703b9c515d8c090c061f4b81ee2ae33b3
SHA256

996e75e1ac75af44934817528d16013983472bc30dcd7eb677ea026ab553a714
SHA512

712c2a15af6d845c3120ad06d4484ed91d7a45d52830b0186a93472a732b0f52c9db563cb75319193a2d89befbbc059ea3b8f5e5687ff6fccce7e3c554b2137f
SSDEEP

12288:8m5lzKsYnU+V7+9txv5/vA6O8EOJsnV02:8m5lzT+axh/vAVwKV5

Score

N/A

Malware Config

Signatures

Files

996e75e1ac75af44934817528d16013983472bc30dcd7eb677ea026ab553a714
.exe windows x86

8e3950d05572491c3493bdcf177d20c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrcpyA
lstrcmpiA
CloseHandle
CreateRemoteThread
WaitForSingleObject
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
lstrlenA
GetExitCodeThread
VirtualProtect
VirtualAlloc
SuspendThread
VirtualFree
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
Sleep
GetCurrentDirectoryA
CreateThread
InterlockedDecrement
GetSystemTime
ExitProcess
LocalFree
WideCharToMultiByte
FlushFileBuffers
LCMapStringW
LCMapStringA
GetSystemInfo
GetLocaleInfoA
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
Process32First
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
SetFilePointer
SetUnhandledExceptionFilter
HeapSize
VirtualQuery
InterlockedExchange
GetFileType
MultiByteToWideChar
HeapFree
TerminateProcess
GetCurrentProcess
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RaiseException
GetVersionExA
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapAlloc

user32

PostQuitMessage
UpdateWindow
wsprintfW
DialogBoxParamA
CreateDialogParamA
MessageBoxA
TranslateMessage
DispatchMessageA
GetMessageA
EnableWindow
FindWindowA
GetDlgItem
SendMessageA
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
SendDlgItemMessageA

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
CryptAcquireContextA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

urlmon

URLOpenBlockingStreamA

ws2_32

gethostbyname
WSAGetLastError
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSAStartup
WSACleanup
select
recv
send
closesocket
connect
socket
inet_addr

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ub2k9
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e3950d05572491c3493bdcf177d20c0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

urlmon

ws2_32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.ub2k9 Size: 308KB - Virtual size: 308KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.ub2k9
Size: 308KB - Virtual size: 308KB