a9ef984c72c92811989d806f64a83458893c0ae6aa2fb25aca5d32d7249af808

Sharing

Copy URL Twitter E-mail

General

Target

a9ef984c72c92811989d806f64a83458893c0ae6aa2fb25aca5d32d7249af808
Size

184KB
MD5

7dd573d095e378dfeb7920723ad170c9
SHA1

345e19462d11cb57ffead804d2d9b3a71ba0ddef
SHA256

a9ef984c72c92811989d806f64a83458893c0ae6aa2fb25aca5d32d7249af808
SHA512

6366da68ae3a7afbfc257ee4f6b98f0f9f62b9c45d19c7f7f03c78a3968056da3949403923e3fad58fe0a61be0f1e0c52f7b89a4ff53c34fa8f180a0d3c4b4c3
SSDEEP

3072:ce6cAFUMMnMMMMMX7I7DvmXqXPlw6ZfVydeqt15J9/tAMw+0RAiazdPOsy3aOY8y:P9pMMnMMMMMavaqXdTydeqt15P3wTA7T

Score

N/A

Malware Config

Signatures

Files

a9ef984c72c92811989d806f64a83458893c0ae6aa2fb25aca5d32d7249af808
.exe windows x86

d06dd7f419c921ee2d631d569ce75762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtUnlockVirtualMemory
RtlGUIDFromString
RtlAdjustPrivilege

ws2_32

freeaddrinfo
WSAIoctl
WSALookupServiceBeginW
getnameinfo
getaddrinfo
WSAAddressToStringW
WSARecvFrom
WSAEventSelect
WSAAddressToStringA
WSASendTo
WSASocketW
WSALookupServiceEnd
WSAStringToAddressA
WSALookupServiceNextW

advapi32

CryptAcquireContextW
SetServiceStatus
RegOpenKeyExW
CryptReleaseContext
RegisterServiceCtrlHandlerW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW
CryptGenRandom

dnsapi

DnsReplaceRecordSetW

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

ddraw

DirectDrawCreate

iphlpapi

NotifyAddrChange
GetAdaptersAddresses
NotifyRouteChange
GetAdaptersInfo

rtutils

RouterLogDeregisterW
TraceDeregisterW
TracePrintfExW
RouterLogRegisterW
TraceRegisterExW

wmi

WmiNotificationRegistrationW

msvcrt

_except_handler3
_wcsicmp
malloc
memcmp
wcscpy
wcschr
memset
wcslen
wcscat
memcpy
_adjust_fdiv
wcsncpy
wcscmp
strlen
memmove
_initterm
free
swprintf

kernel32

WriteFile
CreateFileW
HeapAlloc
RegisterWaitForSingleObject
ReadFile
ReleaseMutex
GetCurrentProcess
BindIoCompletionCallback
GetSystemTimeAsFileTime
InterlockedIncrement
WideCharToMultiByte
GetProcAddress
VirtualAlloc
LeaveCriticalSection
InterlockedExchange
InterlockedDecrement
CreateTimerQueueTimer
GetCurrentThreadId
CloseHandle
WaitForSingleObject
DeleteTimerQueue
DeleteTimerQueueTimer
DeviceIoControl
UnregisterWaitEx
GetLastError
CreateMutexW
ExpandEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
GetTickCount
HeapCreate
DisableThreadLibraryCalls
QueueUserWorkItem
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetLastError
EnterCriticalSection
ChangeTimerQueueTimer
HeapReAlloc
Sleep
DeleteCriticalSection
CreateEventW
UnregisterWait
CreateTimerQueue
MultiByteToWideChar
InitializeCriticalSection
SetUnhandledExceptionFilter
FreeLibrary
SetEvent
GetCurrentProcessId
HeapFree

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d06dd7f419c921ee2d631d569ce75762

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

advapi32

dnsapi

ole32

ddraw

iphlpapi

rtutils

wmi

msvcrt

kernel32

mswsock

Sections

.text Size: 4KB - Virtual size: 892B

.rsrc Size: 120KB - Virtual size: 116KB

.data Size: 32KB - Virtual size: 352KB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 16KB - Virtual size: 15KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 892B

.rsrc
Size: 120KB - Virtual size: 116KB

.data
Size: 32KB - Virtual size: 352KB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 16KB - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 3KB