31ed2ee200da9a35ab3868b3d2977e6b18bc49772d39c27d57a53b49b6e6fa4a

Resubmissions

30/05/2025, 10:04

250530-l4bwradj3v 10

06/12/2022, 22:19

221206-18mw5she68 6

Sharing

Copy URL Twitter E-mail

General

Target

31ed2ee200da9a35ab3868b3d2977e6b18bc49772d39c27d57a53b49b6e6fa4a
Size

511KB
MD5

4f544e2d32f53e49e0c57913a1fd0d94
SHA1

7499ca1f2e8aa20b1e858a6bdd073099dbd64b64
SHA256

31ed2ee200da9a35ab3868b3d2977e6b18bc49772d39c27d57a53b49b6e6fa4a
SHA512

388291b2d4c107b94b7672df7d5ea61b5e942cba9ad0e90314fb8d2263560dbddfce9423547de8e0f659b7eb459cd7a9da893ca354e1f7e2ba60df4caa78deb1
SSDEEP

12288:ds3BPkuQYGduAHhlykTje/SA/q0U0S+rhJqnu:uMDYGduAXTYSA/q30S+rhJ+u

Score

N/A

Malware Config

Signatures

Files

31ed2ee200da9a35ab3868b3d2977e6b18bc49772d39c27d57a53b49b6e6fa4a
.exe windows x86

2a844b2fc96fe110304d8d60742101e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_wcsnicmp
memmove
strchr
strncmp
_strnicmp
tolower
isspace
_wcsicmp
isprint
_chkstk
strstr
strncpy
atoi
_stricmp
memset
memcpy
_memccpy
atol
sprintf
strtoul
RtlUnwind
NtQueryVirtualMemory
_vsnprintf
wcsstr

kernel32

SetFileAttributesW
CreateDirectoryW
ExpandEnvironmentStringsW
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
GetCurrentProcess
CloseHandle
ReadFile
GetFileSize
CreateFileW
WriteFile
DeviceIoControl
CreateFileA
GetVersionExW
LocalFree
GetLastError
FindNextFileA
CopyFileA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
InitializeCriticalSection
ExitThread
ResetEvent
WaitForSingleObject
CreateThread
CreateEventW
SetEvent
DeleteFileW
GetTickCount
CopyFileW
GetModuleHandleW
ReleaseMutex
OpenMutexW
CreateMutexW
SetLastError
LocalAlloc
RemoveDirectoryW
GetCurrentThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
lstrcatW
lstrcpynW
UnregisterWait
GetNativeSystemInfo
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetProcessTimes
OpenProcess
CreateEventA
TerminateProcess
RegisterWaitForSingleObject
OpenEventA
lstrcmpiW
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
Process32Next
Process32First
VirtualFree
CreateRemoteThread
VirtualQueryEx
ReadProcessMemory
GetProcessHandleCount
VirtualAlloc
VirtualProtectEx
DuplicateHandle
GlobalFindAtomW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
CreateProcessW
TerminateThread
CreateProcessA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalUnlock
lstrlenA
GlobalLock
IsWow64Process
IsDebuggerPresent
Wow64DisableWow64FsRedirection
GetFileAttributesW
Sleep
ExitProcess
GetConsoleWindow
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TryEnterCriticalSection
Wow64RevertWow64FsRedirection

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenW
InternetReadFile

shlwapi

PathCombineA

ws2_32

htonl
getsockopt
ntohs
inet_pton
ioctlsocket
sendto
shutdown
bind
listen
accept
getaddrinfo
freeaddrinfo
recvfrom
getsockname
inet_ntoa
WSAGetLastError
gethostname
inet_addr
closesocket
__WSAFDIsSet
socket
recv
htons
gethostbyname
select
WSAStartup
connect
send

user32

EnumWindows
PostMessageW
OpenDesktopA
CreateDesktopA
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
WindowFromPoint
SendMessageA
PostMessageA
ShowWindow
GetLastInputInfo
PostThreadMessageW
CallNextHookEx
ToAscii
MapVirtualKeyW
GetWindowTextA
GetWindowThreadProcessId
GetForegroundWindow
DispatchMessageW
TranslateMessage
UnhookWindowsHookEx
GetMessageW
SetWindowsHookExA
CharNextA
PrintWindow
GetWindowRect
GetWindow
GetTopWindow
SetWindowLongA
GetWindowLongA
IsWindowVisible
ReleaseDC
GetDC
GetDesktopWindow
SetThreadDesktop
ChildWindowFromPoint
ScreenToClient
MoveWindow
GetMenuItemID
MenuItemFromPoint
RealGetWindowClassA
PtInRect
FindWindowA
GetWindowPlacement

gdi32

BitBlt
DeleteDC
SelectObject
SetStretchBltMode
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
StretchBlt
DeleteObject

advapi32

RegNotifyChangeKeyValue
CheckTokenMembership
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
FreeSid
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA

shell32

SHGetFolderPathAndSubDirW
SHFileOperationW
SHGetFolderPathW
SHGetFolderPathA

ole32

StringFromGUID2
CoCreateGuid

msvcr90

_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
strftime
_mktime64
strtok

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 80.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

2a844b2fc96fe110304d8d60742101e7

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

wininet

shlwapi

ws2_32

user32

gdi32

advapi32

shell32

ole32

msvcr90

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 17KB - Virtual size: 80.2MB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 17KB - Virtual size: 80.2MB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 58KB - Virtual size: 58KB