a20569566bc3ee7d78d77819ac07adfb8629030a01a54ed700875dacfeceafbf

Sharing

Copy URL Twitter E-mail

General

Target

a20569566bc3ee7d78d77819ac07adfb8629030a01a54ed700875dacfeceafbf
Size

148KB
MD5

081dc322339fad4432b6628b789b8130
SHA1

668e835cee0e8769bd605581ea19711cab632c8f
SHA256

a20569566bc3ee7d78d77819ac07adfb8629030a01a54ed700875dacfeceafbf
SHA512

f4504206b4e788ffaf03bbf6cc44deb3b3c980813fc79b6275f2828ea735ff9bd159b7c16bec02beaea49454b9dab0dedd38be316366c00a0ac0dc4599efccf3
SSDEEP

3072:CGuhP6amSyWL+5FZ7QC0of4NY4rpKqx44tnhEd5a:PIZyM+aBNQO2

Score

N/A

Malware Config

Signatures

Files

a20569566bc3ee7d78d77819ac07adfb8629030a01a54ed700875dacfeceafbf
.exe windows x86

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
send
recv
htons
getservbyport
getprotobynumber
socket
setsockopt
getservbyname
htonl

wtsapi32

WTSOpenServerA
WTSQueryUserToken
WTSCloseServer

uxtheme

GetThemeFont
GetThemeTextExtent
CloseThemeData

netapi32

NetWkstaGetInfo
NetWkstaSetInfo
NetGetAnyDCName
NetApiBufferFree

setupapi

SetupAddToDiskSpaceListA
SetupGetInfFileListA
SetupScanFileQueueA
SetupInstallFileA
SetupInstallFilesFromInfSectionA
SetupOpenAppendInfFileA
SetupOpenFileQueue
SetupCreateDiskSpaceListA
SetupGetSourceFileSizeA
SetupCloseFileQueue
SetupCloseInfFile
SetupCommitFileQueueA
SetupDecompressOrCopyFileA
SetupOpenInfFileA
SetupDestroyDiskSpaceList
SetupQueryDrivesInDiskSpaceListA
SetupRemoveFromDiskSpaceListA
SetupGetSourceFileLocationA

kernel32

FindNextChangeNotification
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetTickCount
LoadLibraryA
GetProcAddress
WriteConsoleW
FindFirstChangeNotificationA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

uxtheme

netapi32

setupapi

kernel32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 56KB - Virtual size: 684KB

.rsrc Size: 4KB - Virtual size: 760B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 56KB - Virtual size: 684KB

.rsrc
Size: 4KB - Virtual size: 760B