66f60dd25ed517c41e5828f82dcb57ac1a637c99812d3f53e6adcc4621ebcf3a

Sharing

Copy URL Twitter E-mail

General

Target

66f60dd25ed517c41e5828f82dcb57ac1a637c99812d3f53e6adcc4621ebcf3a
Size

266KB
MD5

3a3e12a1a02920c32418902913f644e0
SHA1

1972fc73d3ff6d450a94ff0483a715b9f33b6e4b
SHA256

66f60dd25ed517c41e5828f82dcb57ac1a637c99812d3f53e6adcc4621ebcf3a
SHA512

010ca94e52b7324a856f0e6506e5b02f8d0ff09c0573b47a5567a883de0b41b5be566cc50970bb4c70f1f1a90b254e2c369439ed8a215a7686b94ab6e9aabf6a
SSDEEP

6144:UlC6puInn+SkP48QOne1pkcarL7dpyy0VxcUK0v7:UlC6puIn+SktZLVpFexJK0D

Score

N/A

Malware Config

Signatures

Files

66f60dd25ed517c41e5828f82dcb57ac1a637c99812d3f53e6adcc4621ebcf3a
.exe windows x86

acf24c925542e4272e679e2ce3add5d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

wsock32

WSAGetLastError
closesocket
setsockopt
getsockname
getpeername
WSACleanup
WSAStartup
WSASetLastError
listen
bind
ioctlsocket
accept
connect
__WSAFDIsSet
send
shutdown
select
recv
sendto
socket
inet_ntoa
htonl
htons

advapi32

InitializeAcl
RegQueryValueExA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
FreeSid
GetLengthSid
AddAccessAllowedAce
InitializeSecurityDescriptor
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
OpenProcessToken
MakeSelfRelativeSD
SetSecurityDescriptorDacl
AllocateAndInitializeSid

kernel32

OpenMutexW
CreateMutexW
MapViewOfFile
GetLastError
CreateFileMappingW
CreateFileW
OutputDebugStringW
MultiByteToWideChar
ReleaseSemaphore
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
CreateEventW
Sleep
CreateThread
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
GetModuleHandleA
GetModuleHandleW
ReleaseMutex
GetFileAttributesW
GetVersion
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
WaitForMultipleObjects
WideCharToMultiByte
FlushViewOfFile
ProcessIdToSessionId
GetCurrentProcessId
CreateProcessW
CreateSemaphoreW
OpenSemaphoreW
FreeLibrary
LocalFree
GetProcessHeap
HeapFree
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
WaitForSingleObject
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
WriteFile
UnhandledExceptionFilter
SetEndOfFile
SetFilePointer
GetLocalTime
GetTickCount
ReadFile
GetFileSize
ExpandEnvironmentStringsW
GetCurrentProcess
GetModuleFileNameA
CloseHandle
lstrlenW
UnmapViewOfFile
TerminateProcess
GetStartupInfoA
HeapSize
HeapReAlloc
HeapDestroy
GetProcAddress

ole32

CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoRegisterClassObject
StringFromGUID2
CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

ws2_32

WSAIoctl
WSALookupServiceEnd
WSALookupServiceBeginW
WSALookupServiceNextW
WSACloseEvent
WSASetEvent
WSAAddressToStringW
WSAWaitForMultipleEvents
WSASocketW
WSAEnumNetworkEvents
WSAAccept
WSAEventSelect
WSAEnumProtocolsW
WSADuplicateSocketW
WSACreateEvent

iphlpapi

GetBestInterface
GetAdaptersInfo

ceutil

CeSvcGetDwordW
CeSvcOpenW
CeSvcGetDword
CeSvcOpen
CeSvcSetDword
CeSvcSetString
CeSvcSetDwordW
CeSvcSetBinary
CeSvcDeleteVal
CeSvcGetBinary
CeSvcClose

crypt32

CryptUnprotectData
CryptProtectData

userenv

ExpandEnvironmentStringsForUserW

setupapi

SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

msvcr80

memcpy
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_vsnwprintf_s
strncpy
memset
??3@YAXPAX@Z
_CxxThrowException
??_V@YAXPAX@Z
_acmdln
memcpy_s
??2@YAPAXI@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
_strnicmp
isspace
free
malloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_purecall
??0exception@std@@QAE@ABV01@@Z
wprintf
_invalid_parameter_noinfo
memmove
strncmp
wcsncpy
_vsnprintf_s
_wcsicmp
_except_handler4_common
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
?terminate@@YAXXZ

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdi32

GetDeviceCaps
GetStockObject

user32

CreateWindowExW
RegisterClassW
TranslateMessage
DispatchMessageW
GetMessageW
LoadIconW
LoadCursorW
DefWindowProcW
PostMessageW
SetWindowPos
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
DialogBoxParamW
SetTimer
SetForegroundWindow
EnableMenuItem
GetSystemMenu
GetWindow
MessageBoxW
LoadStringW
EndDialog
KillTimer
ShowWindow
SetFocus
GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
FindWindowW
DestroyWindow
PostQuitMessage

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

acf24c925542e4272e679e2ce3add5d4

Headers

DLL Characteristics

File Characteristics

Imports

shell32

wsock32

advapi32

kernel32

ole32

oleaut32

ws2_32

iphlpapi

ceutil

crypt32

userenv

setupapi

msvcr80

msvcp80

gdi32

user32

Sections

.text Size: 148KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

.rdata Size: 72KB - Virtual size: 72KB

.text
Size: 148KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.rdata
Size: 72KB - Virtual size: 72KB