ab1fba92537e813602b22b1bd2715b871cb61a8ae984ccd8e1509f2dba8d270a

Sharing

Copy URL Twitter E-mail

General

Target

ab1fba92537e813602b22b1bd2715b871cb61a8ae984ccd8e1509f2dba8d270a
Size

585KB
MD5

f72998212df56878b207eab00775a40e
SHA1

d37c7104041dcff48e8d13fdb09f65c2bdd03e1f
SHA256

ab1fba92537e813602b22b1bd2715b871cb61a8ae984ccd8e1509f2dba8d270a
SHA512

026674916fe3a35db60421862366080400bc2d44a0d68fe82b55f86a309e3ed58550d1fc40d3db5d6b689f08813cfea5cdeedd2245aa91ce56cb35e7977d5251
SSDEEP

12288:0GG7bKj3+ZuqjgFu67d1NsJWTLr32LuQe:PgGzu61sYTL72C

Score

N/A

Malware Config

Signatures

Files

ab1fba92537e813602b22b1bd2715b871cb61a8ae984ccd8e1509f2dba8d270a
.exe windows x86

6f34beafc6d8891a16d87268132773ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GetLocalTime
GlobalMemoryStatus
GetVolumeInformationA
Thread32First
Thread32Next
CreateToolhelp32Snapshot
GetWindowsDirectoryA
FreeLibrary
FlushConsoleInputBuffer
GetCurrentProcessId
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
SetLastError
OpenProcess
Toolhelp32ReadProcessMemory
GetCurrentThreadId
lstrcpyA
GetSystemTime
SystemTimeToFileTime
CloseHandle
GetVersionExA
GetCurrentProcess
GetTickCount
LocalAlloc
LocalFree
Heap32ListFirst
Heap32ListNext
Process32Next
Process32First
VirtualAllocEx
VirtualFreeEx
TerminateProcess
Module32First
CompareFileTime
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
ResetEvent
RemoveDirectoryA
GetLastError
FindClose
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
CreatePipe
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
Module32Next

user32

ReleaseDC
CloseWindowStation
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
OpenInputDesktop
GetUserObjectInformationA
OpenDesktopA
SetThreadDesktop
CloseDesktop
SetCursorPos
mouse_event
keybd_event
PostMessageA
wsprintfA
ExitWindowsEx
GetDC

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

DeleteService
QueryServiceStatus
ControlService
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusExA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenSCManagerA
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
StartServiceA

ws2_32

WSAStartup
WSACleanup
select
WSAGetLastError
ntohl
connect
socket
htons
htonl
gethostbyname
inet_addr
closesocket
shutdown
recv
WSASetLastError
send

msvcrt

_XcptFilter
strtoul
gmtime
sscanf
isupper
_stat
isxdigit
strchr
fgets
_setmode
getenv
memchr
isdigit
isspace
tolower
abort
_iob
signal
_getch
strcpy
_mbsnbcat
strlen
fclose
fwrite
fseek
fread
fopen
_beginthreadex
strncmp
free
memset
malloc
__CxxFrameHandler
_EH_prolog
_except_handler3
_mbscmp
memcpy
strcat
strcmp
_itoa
ftell
atoi
strstr
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_vsnprintf
ceil
_ftol
_ui64toa
_mbsrchr
fprintf
_fdopen
_errno
sprintf
fflush
fputc
time
memmove
_exit
vfprintf
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsstr
qsort
realloc
_stricmp
_wcsnicmp
fputs

psapi

EnumProcessModules
GetModuleFileNameExA

netapi32

Netbios

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6f34beafc6d8891a16d87268132773ea

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

msvcrt

psapi

netapi32

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 50KB - Virtual size: 53KB

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 50KB - Virtual size: 53KB