c6227e84aa3efc40a5143331f79c0f77c0636af797a27d80b789aa80fdc152af

Sharing

Copy URL Twitter E-mail

General

Target

c6227e84aa3efc40a5143331f79c0f77c0636af797a27d80b789aa80fdc152af
Size

15KB
MD5

3bf4e0f5fe2195f57165cec2d1353f41
SHA1

ebb7bfbc75330e67355f77bff2c5c55c851d050d
SHA256

c6227e84aa3efc40a5143331f79c0f77c0636af797a27d80b789aa80fdc152af
SHA512

c290545bde7825da4aafb99a9e98b387b8b2810eaa6abb43bf860ac80167fa599509abf73a7336df7d95f2c99bb965f82672dba0c262594c594d4bb4eff07010
SSDEEP

384:GUfYUmO7gn+5qjBVEGmshsK7N8M9lftmDWn8O:LfcOh5q/E7RK7FlVQO

Score

N/A

Malware Config

Signatures

Files

c6227e84aa3efc40a5143331f79c0f77c0636af797a27d80b789aa80fdc152af
.exe windows x86

243afc458840f7d518e591ecf255ea82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
shutdown
inet_addr
ntohl
connect
getpeername
WSACleanup
WSAStartup
bind
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
accept
WSAIoctl
inet_ntoa
select
WSAGetLastError
ntohs
htonl
htons

winmm

timeKillEvent
timeSetEvent

kernel32

DeviceIoControl
Sleep
FindClose
lstrcpyA
GetModuleFileNameA
GetShortPathNameA
SetThreadPriority
GetEnvironmentVariableA
lstrcatA
SetProcessPriorityBoost
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ExitProcess
GetModuleHandleA
CreatePipe
GetLocalTime
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateEventA
ResetEvent
CloseHandle
CreateThread
InitializeCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
lstrcmpA
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
CreateFileA
InterlockedIncrement
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
CreateSemaphoreA
ReadFile
ReleaseSemaphore
FindNextFileA

user32

AttachThreadInput
GetKeyboardLayout
SetWindowsHookExA
DestroyWindow
GetMessageA
TranslateMessage
CreateWindowExA
DispatchMessageA
PostMessageA
ToAsciiEx
UnhookWindowsHookEx
CallNextHookEx
GetKeyboardState
GetForegroundWindow
wvsprintfA
GetWindowThreadProcessId
GetWindowTextA

advapi32

CryptDecrypt
CryptReleaseContext
CryptAcquireContextA
CryptExportKey
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

243afc458840f7d518e591ecf255ea82

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

advapi32

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 20B

.config Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 20B

.config
Size: 1KB - Virtual size: 1KB