f13d90bf65a02117c1284a068d43f4e7382ed3effa4166961b74ce6e249701b2

Sharing

Copy URL Twitter E-mail

General

Target

f13d90bf65a02117c1284a068d43f4e7382ed3effa4166961b74ce6e249701b2
Size

459KB
MD5

1db609a8b309e5d069b75e10c6dce3fd
SHA1

916e20b19fea5824a1c2b230e2d24095c17bc39e
SHA256

f13d90bf65a02117c1284a068d43f4e7382ed3effa4166961b74ce6e249701b2
SHA512

816dd16940232e52e3b4bd6b7bc8be13debb8d03cf73f028c465b614b3512ceea9d80851b6d13b7d9c7051be0b6da2ddfbf8b78711fdfad24c07d92c4126dfcc
SSDEEP

12288:g7xYscggYJ+XCeSDtzUu+Egy3ATCRvGfahYD+zT1o+:gdYWw87p32WmahYD

Score

N/A

Malware Config

Signatures

Files

f13d90bf65a02117c1284a068d43f4e7382ed3effa4166961b74ce6e249701b2
.exe windows x86

cc4f387a891d677eb10be57e0a52b08f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
LeaveCriticalSection
GetLocaleInfoW
SetErrorMode
LocalSize
lstrcmpW
LocalFree
DisableThreadLibraryCalls
GetProcAddress
GetFullPathNameW
TlsFree
GetProfileStringW
InterlockedCompareExchange
GetModuleHandleA
FreeLibrary
CreateEventW
TerminateProcess
GetProcessVersion
GetCurrentProcessId
WideCharToMultiByte
ExpandEnvironmentStringsW
GetVolumeInformationW
GetFileAttributesW
FreeLibraryAndExitThread
GetLastError
GetVersionExA
DelayLoadFailureHook
GetSystemDefaultUILanguage
GlobalAlloc
MultiByteToWideChar
GetACP
TlsSetValue
GlobalLock
FindFirstFileW
GetModuleFileNameW
LockResource
GetCurrentProcess
TlsAlloc
GlobalReAlloc
WaitForSingleObject
SetEvent
GetCurrentDirectoryW
GetDriveTypeW
MulDiv
LocalReAlloc
GetShortPathNameW
QueryPerformanceCounter
LoadLibraryW
GetUserDefaultLCID
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
FormatMessageW
LocalAlloc
SetUnhandledExceptionFilter
GlobalFree
CreateThread
GetTempFileNameW
InterlockedExchange
InterlockedDecrement
lstrlenW
LoadResource
SetLastError
lstrcpyW
SetCurrentDirectoryW
SizeofResource
GetTickCount
FindResourceA
FreeResource
DeleteFileW
DeleteCriticalSection
lstrcmpiW
FindResourceW
FindClose
GlobalUnlock
lstrlenA
UnhandledExceptionFilter
FindNextFileW
InterlockedIncrement
FindResourceExW
lstrcpynW
CloseHandle
lstrcpyA
GetModuleHandleW
CreateFileW
LoadLibraryA
TlsGetValue
EnterCriticalSection
ResetEvent

dnsapi

DnsReplaceRecordSetW

userenv

RsopSetPolicySettingStatus

ntdll

_chkstk
_vsnwprintf
RtlAnsiStringToUnicodeString
_wcsicmp
NtQueryVirtualMemory
RtlUnicodeStringToAnsiString
strlen
NtAllocateVirtualMemory
RtlUnicodeToMultiByteSize
wcslen
RtlInitUnicodeStringEx
RtlUnwind

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc4f387a891d677eb10be57e0a52b08f

Headers

File Characteristics

Imports

kernel32

dnsapi

userenv

ntdll

ole32

mswsock

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 37KB - Virtual size: 37KB

.rdata Size: 403KB - Virtual size: 402KB

.data Size: 9KB - Virtual size: 968KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 37KB - Virtual size: 37KB

.rdata
Size: 403KB - Virtual size: 402KB

.data
Size: 9KB - Virtual size: 968KB