9ef1123838a882396b8001fce47d10f77371c3f1743327bad6f1760b8b500571

Sharing

Copy URL

Twitter E-mail

General

Target

9ef1123838a882396b8001fce47d10f77371c3f1743327bad6f1760b8b500571
Size

17KB
MD5

42e29826d6a1f1b8981d60446ded8e37
SHA1

852d5bf0faaa847654b4a83ee7e23b7a7f8d27d3
SHA256

9ef1123838a882396b8001fce47d10f77371c3f1743327bad6f1760b8b500571
SHA512

ce3c98614b41fa56832a2389873ce4e5abbf48bbb8a0ce13d2fbc0941c0d7f8379e600b7952476bd683d7d7d11da7846f385aa8ab8c0097d0d2d8d04d6ba4b56
SSDEEP

384:LoVcoC8ZCFmWKzWR1eXBekfPxR1zQ1zDpn8S:Lo1iFmLzWR1eRvFS

Score

N/A

Malware Config

Signatures

Files

9ef1123838a882396b8001fce47d10f77371c3f1743327bad6f1760b8b500571
.exe windows x86

ae38504d1421cf2721ec1a98666b1812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
getpeername
send
listen
accept
htons
WSAIoctl
inet_ntoa
select
WSAGetLastError
ntohs
htonl
connect
ntohl
inet_addr
shutdown
recv
bind
socket
__WSAFDIsSet
closesocket
gethostbyname

winmm

timeKillEvent
timeSetEvent

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipCreateBitmapFromGdiDib
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup

kernel32

ReleaseSemaphore
GetDriveTypeA
ReadFile
lstrcpyA
GetModuleFileNameA
GetShortPathNameA
SetThreadPriority
GetEnvironmentVariableA
lstrcatA
SetProcessPriorityBoost
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ExitProcess
GetModuleHandleA
CreatePipe
GetLocalTime
WriteFile
FindNextFileA
DeviceIoControl
FindClose
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateEventA
ResetEvent
CloseHandle
CreateThread
InitializeCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
lstrcmpA
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
CreateFileA
InterlockedIncrement
GetLogicalDrives
CreateSemaphoreA
Sleep
FindFirstFileA

user32

PostMessageA
DestroyWindow
GetMessageA
TranslateMessage
CreateWindowExA
DispatchMessageA
ToAsciiEx
AttachThreadInput
CallNextHookEx
GetKeyboardState
GetForegroundWindow
GetWindowTextA
GetKeyboardLayout
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetDC
wvsprintfA

gdi32

SelectObject
DeleteObject
CreateCompatibleDC
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps

advapi32

CryptImportKey
CryptReleaseContext
CryptAcquireContextA
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptExportKey

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae38504d1421cf2721ec1a98666b1812

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

gdiplus

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 176B

.config Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 176B

.config
Size: 1KB - Virtual size: 1KB