def123f6c444728a8fa2e44e386f32cf3aacae27a85b7101046fc4aff78ee7ea

Sharing

Copy URL Twitter E-mail

General

Target

def123f6c444728a8fa2e44e386f32cf3aacae27a85b7101046fc4aff78ee7ea
Size

468KB
MD5

a58bb77631e242e3307815bbf7691bb8
SHA1

320bf364a82cb348c8b833c8aac3f7ea8db84c09
SHA256

def123f6c444728a8fa2e44e386f32cf3aacae27a85b7101046fc4aff78ee7ea
SHA512

1e27722fdc1f04a7530ff2ffd4e5838c32ee5a3401a3776e6fead9a2509a57f8620be703449fadcafe0817042f918c9b6203cabdfa0e8e2b954e29b8785217da
SSDEEP

12288:6GIRYtIUcnileDX2n5kxLb808d42mS8X6lqEspSQTrE:sYtsi82n5WLzQ42mX4qTU2E

Score

N/A

Malware Config

Signatures

Files

def123f6c444728a8fa2e44e386f32cf3aacae27a85b7101046fc4aff78ee7ea
.exe windows x86

0d081b7f180829c80f95dd3c76af9bc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtutils

TracePrintfExW
RouterLogRegisterW
TraceRegisterExW
RouterLogDeregisterW
TraceDeregisterW

ddraw

DirectDrawCreate

advapi32

RegCloseKey
RegEnumValueW
CryptGenRandom
SetServiceStatus
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
CryptAcquireContextW
RegQueryValueExW
CryptReleaseContext

ntdll

RtlStringFromGUID
NtTerminateThread
RtlAdjustPrivilege

dnsapi

DnsReplaceRecordSetW

wmi

WmiNotificationRegistrationW

mswsock

GetAcceptExSockaddrs
AcceptEx

kernel32

DeviceIoControl
CloseHandle
SetLastError
QueueUserWorkItem
HeapAlloc
CreateMutexW
EnterCriticalSection
WriteFile
HeapDestroy
ReleaseMutex
GetCurrentProcessId
DisableThreadLibraryCalls
LeaveCriticalSection
UnhandledExceptionFilter
DeleteTimerQueue
VirtualAlloc
BindIoCompletionCallback
RegisterWaitForSingleObject
GetLastError
CreateEventW
InterlockedDecrement
CreateTimerQueue
FreeLibrary
LoadLibraryW
InterlockedExchange
GetCurrentProcess
CreateTimerQueueTimer
SetEvent
InitializeCriticalSection
ChangeTimerQueueTimer
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
UnregisterWaitEx
HeapReAlloc
GetProcAddress
ReadFile
HeapFree
CreateFileW
HeapCreate
QueryPerformanceCounter
DeleteCriticalSection
Sleep
SetUnhandledExceptionFilter
InterlockedIncrement
ExpandEnvironmentStringsW
GetComputerNameExW
WaitForSingleObject
GetTickCount
MultiByteToWideChar
UnregisterWait
DeleteTimerQueueTimer

msvcrt

_wcsicmp
memcmp
wcsncpy
malloc
wcscat
wcscmp
swprintf
wcslen
_initterm
wcschr
free
_adjust_fdiv
memcpy
memset
memmove
wcscpy
strlen
_except_handler3

iphlpapi

NotifyRouteChange
GetAdaptersAddresses
GetAdaptersInfo
NotifyAddrChange

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

ws2_32

WSASendTo
WSAIoctl
WSALookupServiceNextW
WSALookupServiceEnd
WSAEventSelect
freeaddrinfo
WSAAddressToStringA
getnameinfo
getaddrinfo
WSAStringToAddressA
WSASocketW
WSAAddressToStringW
WSALookupServiceBeginW
WSARecvFrom

Sections

.text
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d081b7f180829c80f95dd3c76af9bc6

Headers

File Characteristics

Imports

rtutils

ddraw

advapi32

ntdll

dnsapi

wmi

mswsock

kernel32

msvcrt

iphlpapi

ole32

ws2_32

Sections

.text Size: 4KB - Virtual size: 892B

.rsrc Size: 104KB - Virtual size: 101KB

.data Size: 76KB - Virtual size: 2.4MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 272KB - Virtual size: 268KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 892B

.rsrc
Size: 104KB - Virtual size: 101KB

.data
Size: 76KB - Virtual size: 2.4MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 272KB - Virtual size: 268KB

.idata
Size: 4KB - Virtual size: 3KB