95a47bc63544f02a2618bf7f652a3a65e3cfc826f56aa57925d2d011a93bf55f

Sharing

Copy URL

Twitter E-mail

General

Target

95a47bc63544f02a2618bf7f652a3a65e3cfc826f56aa57925d2d011a93bf55f
Size

255KB
MD5

cdd240329af33761056f302b73fc79b1
SHA1

c89ecc7ffd06ce3c84d3e2410ed4c7035800227d
SHA256

95a47bc63544f02a2618bf7f652a3a65e3cfc826f56aa57925d2d011a93bf55f
SHA512

cf0d8ad2e1d1cba596f51657a40da766e281019073ea189a14693c4b66bb2cd2ee005789adaa50a341864e89a76afb8a058017638c9a928cd5c93e72708e8670
SSDEEP

6144:L/z6Hz/CIR1WAXhDhCs8C1ZznbNKLW7Mh5urYvi8V2IVO2Mjx6s+:CHz/CIvWAtEsrLjbNF7Mh50MMjcs+

Score

N/A

Malware Config

Signatures

Files

95a47bc63544f02a2618bf7f652a3a65e3cfc826f56aa57925d2d011a93bf55f
.exe windows x86

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSASetLastError
setsockopt
getsockopt
bind
getsockname
WSAStartup
WSACleanup
gethostbyname
ntohs
inet_addr
select
recv
__WSAFDIsSet
ntohl
socket
connect
WSAGetLastError
inet_ntoa
htons
htonl
gethostname
ioctlsocket
closesocket
send

kernel32

GetEnvironmentStringsW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetLastError
FreeLibrary
LoadLibraryA
Sleep
WaitForSingleObject
InitializeCriticalSection
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateMutexA
CreateEventA
SetEvent
SleepEx
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
GetExitCodeThread
ExpandEnvironmentStringsA
GetSystemTime
CreateSemaphoreA
GetProcessHeap
GetLocaleInfoW
QueryPerformanceFrequency
GetStringTypeW
GetStringTypeA
IsValidLocale
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RemoveDirectoryA
GetModuleHandleW
ExitProcess
MoveFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
Beep
CreateDirectoryA
CreatePipe
TlsAlloc
GetCurrentThread
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA
FatalAppExitA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileAttributesA
GetExitCodeProcess
GetUserDefaultLCID
GetLocaleInfoA
lstrcmpA
GetProcAddress

advapi32

DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ReportEventA

mapistub

MAPIInitialize
FixMAPI
MAPILogon
ScMAPIXFromCMC
BMAPISendMail
PRProviderInit
MAPISendDocuments
MAPILogonEx
BMAPIGetReadMail

kbdbu

KbdLayerDescriptor

Sections

.icode
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 93KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 124KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

mapistub

kbdbu

Sections

.icode Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 151KB

.text Size: 11KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 26KB

.edata Size: 93KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 203KB

.edata Size: 124KB - Virtual size: 138KB

.rsrc Size: 7KB - Virtual size: 6KB

.icode
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 151KB

.text
Size: 11KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 26KB

.edata
Size: 93KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 203KB

.edata
Size: 124KB - Virtual size: 138KB

.rsrc
Size: 7KB - Virtual size: 6KB