9ef11bec01ad5e6c76a03772381c7595954033b68b52f37f6e28a9c98cd89428

Sharing

Copy URL Twitter E-mail

General

Target

9ef11bec01ad5e6c76a03772381c7595954033b68b52f37f6e28a9c98cd89428
Size

255KB
MD5

6e8886252a8a32fdfdb84c5c17d2b082
SHA1

f42e23690ab321b40805ce8ed1706db7da93ed51
SHA256

9ef11bec01ad5e6c76a03772381c7595954033b68b52f37f6e28a9c98cd89428
SHA512

208c4fa29c2168519aaeaab8ac5da6314075ace2d0987cabdb93c28af7b85b8eb938ce0c994545a64a66056561526d2c7ba38cdac3735069ac953584fddde935
SSDEEP

6144:C/z6Hz/CIR1WAXhDhCs8C1ZznbNKLW7Mh5urYvi8V2IVO2Mjx6s+:DHz/CIvWAtEsrLjbNF7Mh50MMjcs+

Score

N/A

Malware Config

Signatures

Files

9ef11bec01ad5e6c76a03772381c7595954033b68b52f37f6e28a9c98cd89428
.exe windows x86

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSASetLastError
setsockopt
getsockopt
bind
getsockname
WSAStartup
WSACleanup
gethostbyname
ntohs
inet_addr
select
recv
__WSAFDIsSet
ntohl
socket
connect
WSAGetLastError
inet_ntoa
htons
htonl
gethostname
ioctlsocket
closesocket
send

kernel32

GetEnvironmentStringsW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetLastError
FreeLibrary
LoadLibraryA
Sleep
WaitForSingleObject
InitializeCriticalSection
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateMutexA
CreateEventA
SetEvent
SleepEx
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
GetExitCodeThread
ExpandEnvironmentStringsA
GetSystemTime
CreateSemaphoreA
GetProcessHeap
GetLocaleInfoW
QueryPerformanceFrequency
GetStringTypeW
GetStringTypeA
IsValidLocale
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RemoveDirectoryA
GetModuleHandleW
ExitProcess
MoveFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
Beep
CreateDirectoryA
CreatePipe
TlsAlloc
GetCurrentThread
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA
FatalAppExitA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileAttributesA
GetExitCodeProcess
GetUserDefaultLCID
GetLocaleInfoA
lstrcmpA
GetProcAddress

advapi32

DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ReportEventA

mapistub

MAPIInitialize
FixMAPI
MAPILogon
ScMAPIXFromCMC
BMAPISendMail
PRProviderInit
MAPISendDocuments
MAPILogonEx
BMAPIGetReadMail

kbdbu

KbdLayerDescriptor

Sections

.icode
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 93KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 124KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

mapistub

kbdbu

Sections

.icode Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 151KB

.text Size: 11KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 26KB

.edata Size: 93KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 203KB

.edata Size: 124KB - Virtual size: 138KB

.rsrc Size: 7KB - Virtual size: 6KB

.icode
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 151KB

.text
Size: 11KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 26KB

.edata
Size: 93KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 203KB

.edata
Size: 124KB - Virtual size: 138KB

.rsrc
Size: 7KB - Virtual size: 6KB