d00928e93c6e5725de34833ad6f5091bfe47ce2251ef56c13b38501b6917bca2

Sharing

Copy URL Twitter E-mail

General

Target

d00928e93c6e5725de34833ad6f5091bfe47ce2251ef56c13b38501b6917bca2
Size

601KB
MD5

751a0a44da40df5574ceac6a10696805
SHA1

9489251037735d2580669bbf376d44d9cf0d7725
SHA256

d00928e93c6e5725de34833ad6f5091bfe47ce2251ef56c13b38501b6917bca2
SHA512

18268ba14fdd461c9b45d9afffd78541d67d723b728fde9b6d7e9b4489aa353c048259a8f38676d18dc5f1da00a3146c13af642e92a8f1f68ce85733ad7fae0d
SSDEEP

12288:iDnyf0ZQaMhypDbK4QnMatWdA6O42rJYu9fCfhfdousmN8HiYMmMGZ/tziZ:iT1psHnjEqHCkfSfR3N8HiZop

Score

N/A

Malware Config

Signatures

Files

d00928e93c6e5725de34833ad6f5091bfe47ce2251ef56c13b38501b6917bca2
.exe windows x86

6ff586da7d79eea0ffd98e12a78352ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

ws2_32

closesocket
WSAStartup
WSACleanup
WSAGetLastError
recv
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
listen
accept
recvfrom
sendto
gethostname
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send

wldap32

ord200
ord41
ord27
ord301
ord33
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord46

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
RaiseException
FindFirstFileExA
GetDriveTypeA
FindClose
CreateThread
GetCurrentThreadId
ExitThread
SetFilePointer
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCPInfo
CreateProcessW
QueryPerformanceCounter
GetCurrentProcess
LoadLibraryW
GetProcAddress
CloseHandle
GetEnvironmentVariableW
GlobalLock
WaitForSingleObject
OpenProcess
GlobalAlloc
Sleep
GetExitCodeProcess
TerminateProcess
GetModuleFileNameW
GlobalUnlock
GetLastError
GlobalFree
GetSystemTime
SetLastError
FormatMessageW
GetTickCount
MultiByteToWideChar
GetCommandLineW
SleepEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCurrentProcessId
GetTimeZoneInformation
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
SetStdHandle
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
FreeLibrary
CreateFileW

advapi32

RegQueryValueExW
RegCloseKey
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegSetValueExW
RegDeleteValueW
GetLengthSid
RegEnumKeyW
RegEnumValueW
AllocateAndInitializeSid
RegCreateKeyExW
RegOpenKeyExW
InitializeAcl

shell32

SHFileOperationW
ShellExecuteW
FindExecutableW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

shlwapi

UrlEscapeW

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ff586da7d79eea0ffd98e12a78352ff

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

wldap32

kernel32

advapi32

shell32

ole32

rpcrt4

shlwapi

Sections

.text Size: 319KB - Virtual size: 318KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 21KB - Virtual size: 21KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 319KB - Virtual size: 318KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 21KB - Virtual size: 21KB

.vmp0
Size: 192KB - Virtual size: 1.3MB