c71bf5cbe8a50bb9912041a7878b825fcc8eafe081b6ae13c16ac82b5640c1b5

Sharing

Copy URL Twitter E-mail

General

Target

c71bf5cbe8a50bb9912041a7878b825fcc8eafe081b6ae13c16ac82b5640c1b5
Size

532KB
MD5

eb76294b34e90c5d82e922840e7676ea
SHA1

a52891ca8d256242feabe729daf66e2d2f9a6781
SHA256

c71bf5cbe8a50bb9912041a7878b825fcc8eafe081b6ae13c16ac82b5640c1b5
SHA512

30ddf95e872479d55b91680a5f023ab69f0da2906646fdc718d1887897f8db7900a72364af993ece4614af6920a3b9dacb75c5019be95d06d4b320f61c171630
SSDEEP

12288:CMMnMMMMMUV8HnDIH/utbS1jN3OL7PEx5XbzU3g1ctGdUAZYeo9M:CMMnMMMMMJHnDIHFOHszLzU3VtGdUAZC

Score

N/A

Malware Config

Signatures

Files

c71bf5cbe8a50bb9912041a7878b825fcc8eafe081b6ae13c16ac82b5640c1b5
.exe windows x86

ead08c4f3d6b5d240d6fb53e8ac0247a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mswsock

AcceptEx
GetAcceptExSockaddrs

ntdll

RtlInitUnicodeString
NtWaitForSingleObject
RtlAdjustPrivilege

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

ddraw

DirectDrawCreate

advapi32

RegCloseKey
CryptGenRandom
RegEnumValueW
SetServiceStatus
RegQueryValueExW
RegEnumKeyExW
CryptAcquireContextW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
CryptReleaseContext

msvcrt

wcscmp
wcscat
memcpy
wcschr
memset
wcslen
malloc
_wcsicmp
_except_handler3
wcsncpy
strlen
swprintf
_initterm
wcscpy
memmove
memcmp
free
_adjust_fdiv

iphlpapi

GetAdaptersAddresses
NotifyRouteChange
NotifyAddrChange
GetAdaptersInfo

dnsapi

DnsReplaceRecordSetW

kernel32

CloseHandle
VirtualAlloc
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
LeaveCriticalSection
HeapReAlloc
GetCurrentThreadId
Sleep
CreateEventW
SetUnhandledExceptionFilter
WaitForSingleObject
DeleteTimerQueue
HeapAlloc
ExpandEnvironmentStringsW
RegisterWaitForSingleObject
DisableThreadLibraryCalls
CreateMutexA
GetComputerNameExW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
ChangeTimerQueueTimer
CreateMutexW
CreateTimerQueueTimer
GetTickCount
InterlockedDecrement
MultiByteToWideChar
HeapCreate
HeapFree
InterlockedIncrement
UnregisterWait
EnterCriticalSection
BindIoCompletionCallback
SetLastError
UnregisterWaitEx
QueueUserWorkItem
ReleaseMutex
GetCurrentProcessId
SetEvent
WriteFile
DeleteTimerQueueTimer
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange
CreateTimerQueue
WideCharToMultiByte
DeleteCriticalSection
ReadFile
HeapDestroy
InitializeCriticalSection

ws2_32

WSASendTo
WSAStringToAddressA
getnameinfo
WSASocketW
WSAAddressToStringA
getaddrinfo
WSAAddressToStringW
WSAEventSelect
freeaddrinfo
WSALookupServiceNextW
WSAIoctl
WSARecvFrom
WSALookupServiceEnd
WSALookupServiceBeginW

Sections

.text
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ead08c4f3d6b5d240d6fb53e8ac0247a

Headers

File Characteristics

Imports

mswsock

ntdll

ole32

ddraw

advapi32

msvcrt

iphlpapi

dnsapi

kernel32

ws2_32

Sections

.text Size: 4KB - Virtual size: 876B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 2.0MB

.rdata Size: 424KB - Virtual size: 422KB

.text
Size: 4KB - Virtual size: 876B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 2.0MB

.rdata
Size: 424KB - Virtual size: 422KB