9785da77d86e82149333fa20ed47f787516724e2a6563f917f245a90186ea16d

Sharing

Copy URL Twitter E-mail

General

Target

9785da77d86e82149333fa20ed47f787516724e2a6563f917f245a90186ea16d
Size

255KB
MD5

05804ce43c30b3f9f2324941e58969b1
SHA1

7b97a104646a56157f0576e48f04d00637cb206b
SHA256

9785da77d86e82149333fa20ed47f787516724e2a6563f917f245a90186ea16d
SHA512

cad741498851f4376c2166a2796076988788a1e606c5e07bcbafc315b8c45061abdee63f128178f5508fbe69b0b5cf736f486e4828e0877453c6056f446fcf80
SSDEEP

6144:W/z6Hz/CIR1WAXhDhCs8C1ZznbNKLW7Mh5urYvi8V2IVO2Mjx6s+:/Hz/CIvWAtEsrLjbNF7Mh50MMjcs+

Score

N/A

Malware Config

Signatures

Files

9785da77d86e82149333fa20ed47f787516724e2a6563f917f245a90186ea16d
.exe windows x86

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSASetLastError
setsockopt
getsockopt
bind
getsockname
WSAStartup
WSACleanup
gethostbyname
ntohs
inet_addr
select
recv
__WSAFDIsSet
ntohl
socket
connect
WSAGetLastError
inet_ntoa
htons
htonl
gethostname
ioctlsocket
closesocket
send

kernel32

GetEnvironmentStringsW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetLastError
FreeLibrary
LoadLibraryA
Sleep
WaitForSingleObject
InitializeCriticalSection
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateMutexA
CreateEventA
SetEvent
SleepEx
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
GetExitCodeThread
ExpandEnvironmentStringsA
GetSystemTime
CreateSemaphoreA
GetProcessHeap
GetLocaleInfoW
QueryPerformanceFrequency
GetStringTypeW
GetStringTypeA
IsValidLocale
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RemoveDirectoryA
GetModuleHandleW
ExitProcess
MoveFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
Beep
CreateDirectoryA
CreatePipe
TlsAlloc
GetCurrentThread
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA
FatalAppExitA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileAttributesA
GetExitCodeProcess
GetUserDefaultLCID
GetLocaleInfoA
lstrcmpA
GetProcAddress

advapi32

DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ReportEventA

mapistub

MAPIInitialize
FixMAPI
MAPILogon
ScMAPIXFromCMC
BMAPISendMail
PRProviderInit
MAPISendDocuments
MAPILogonEx
BMAPIGetReadMail

kbdbu

KbdLayerDescriptor

Sections

.icode
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 93KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 124KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

mapistub

kbdbu

Sections

.icode Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 151KB

.text Size: 11KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 26KB

.edata Size: 93KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 203KB

.edata Size: 124KB - Virtual size: 138KB

.rsrc Size: 7KB - Virtual size: 6KB

.icode
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 151KB

.text
Size: 11KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 26KB

.edata
Size: 93KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 203KB

.edata
Size: 124KB - Virtual size: 138KB

.rsrc
Size: 7KB - Virtual size: 6KB