3b54eda8dba79fb8abf139451688361c36db4123bc9136a473e61d4f0bca0000

Sharing

Copy URL

Twitter E-mail

General

Target

3b54eda8dba79fb8abf139451688361c36db4123bc9136a473e61d4f0bca0000
Size

64KB
MD5

4e37c6b1dd41cd453328fd676ba1eb20
SHA1

2f6f211bfa4479ddd56a695b1ff93ce778589862
SHA256

3b54eda8dba79fb8abf139451688361c36db4123bc9136a473e61d4f0bca0000
SHA512

3d8d7924db36c251d2ae34b3fde5053b0c73ed0ce748f4180747a91616589345f898c3605c7747a2f73ef407ca39aea93df123d7fdae588c097770b25dbc068c
SSDEEP

768:2oA1+HYEZvCXNRx0Z9TMkr7V6ugxRYNzhPpfsuuWW:tzYSvU1QTMkrx7gUVhPxsEW

Score

N/A

Malware Config

Signatures

Files

3b54eda8dba79fb8abf139451688361c36db4123bc9136a473e61d4f0bca0000
.exe windows x86

9aa0471d688cb014f08f13312a15e8bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
IsBadReadPtr
HeapFree
CreateFileA
DuplicateHandle
GetCurrentThread
GetCurrentProcess
lstrcatA
HeapAlloc
GetProcessHeap
GetTickCount
lstrcmpiA
lstrcpyA
lstrlenA
WaitForSingleObject
Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForMultipleObjects
CreateMutexA
GetWindowsDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetVersionExA
GetExitCodeProcess
CreateProcessA
ResetEvent
SetEvent
CreateEventA
GetLastError
OpenProcess
CloseHandle
GetStartupInfoA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
exit
_initterm
_cexit
_XcptFilter
_exit
_c_exit
_beginthread
_endthread
__getmainargs
_acmdln
__setusermatherr

shlwapi

StrStrIA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsExA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiOpenDevRegKey

user32

PostQuitMessage
GetWindowLongA
DispatchMessageA
TranslateMessage
IsDialogMessageA
IsWindow
GetMessageA
CreateDialogParamA
BroadcastSystemMessageA
RegisterWindowMessageA
DestroyWindow
PostMessageA
SetWindowLongA

advapi32

RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa0471d688cb014f08f13312a15e8bc

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

setupapi

user32

advapi32

ksproxy.ax

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 468B

.sxdata Size: 4KB - Virtual size: 4B

PAGECONS Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 468B

.sxdata
Size: 4KB - Virtual size: 4B

PAGECONS
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 952B