7eba20a5fd5b50fab4924ef4b98b56023cb2b584f3b20a9d4b0fc10a04de0358

Sharing

Copy URL Twitter E-mail

General

Target

7eba20a5fd5b50fab4924ef4b98b56023cb2b584f3b20a9d4b0fc10a04de0358
Size

30KB
MD5

b86127e90efc5e05e197ad815b1035a0
SHA1

ce601d0caa794734bec65e2faff6d1b2e8486cfe
SHA256

7eba20a5fd5b50fab4924ef4b98b56023cb2b584f3b20a9d4b0fc10a04de0358
SHA512

139c5cd48526db162f172a03251afca49f0c3e2bc329b96495c25b9494fb1851d93b6e6ca1bae5f171a6533bb5d2e959bfaa286587da9b8466dbd5fbc5533f61
SSDEEP

768:5BHAICfmwMKAxBfSKwGhPjeCESQwniVoXABsQ5c6BZ:50fiVXfS7kPLtiVUQ7Z

Score

N/A

Malware Config

Signatures

Files

7eba20a5fd5b50fab4924ef4b98b56023cb2b584f3b20a9d4b0fc10a04de0358
.dll windows x86

bedebed959b54e650676de97a8a90278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
lstrlenA
lstrcatA
lstrcpyA
GetVersionExA
GetLogicalDriveStringsA
MoveFileExA
GetSystemDirectoryA
DisableThreadLibraryCalls
GetModuleFileNameA
CreateProcessA
FileTimeToSystemTime
CreateDirectoryA
WideCharToMultiByte
lstrlenW
GetDiskFreeSpaceExA
GetDriveTypeA
MultiByteToWideChar
FileTimeToLocalFileTime
GetTempFileNameA
GetTempPathA
lstrcmpiA
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
DeleteFileA
GetVersion
GetLocalTime
SystemTimeToFileTime
GetWindowsDirectoryA
Process32Next
Process32First
FreeLibrary
GetProcAddress
LoadLibraryA
OpenProcess
LocalFree
OpenThread
GetCurrentThreadId
Sleep
CompareFileTime
CreateSemaphoreA
GetCurrentDirectoryA
ReleaseSemaphore
CopyFileA
VirtualAlloc
VirtualFree
OpenEventA
WinExec
GetSystemTime
WriteFile
WaitForSingleObject
CreateThread
ExitThread
CreateFileA
GetLastError
GetFileSize
SetFilePointer
lstrcpynA
ReadFile
CloseHandle

advapi32

RegQueryValueExA
OpenThreadToken
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
CreateProcessAsUserA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
GetUserNameA
RegSetValueExA

ws2_32

WSACleanup
WSAGetLastError
htons
socket
connect
send
recv
inet_addr
closesocket
WSAStartup
gethostname
gethostbyname
inet_ntoa

msvcrt

strrchr
_adjust_fdiv
malloc
_initterm
free
_strlwr
memcmp
__CxxFrameHandler
rand
_itoa
time
srand
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
memcpy
memset
_except_handler3
_snprintf
strchr
atoi
strstr
sprintf
isalpha
strlen
memmove

Exports

Exports

ServiceMain
TStartUp

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedebed959b54e650676de97a8a90278

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 52KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 52KB

.reloc
Size: 2KB - Virtual size: 2KB