8f6e4dc7fdae76b8d52a29374e2c4b264fc32a19e16c867ad1e399830b0b9deb

Sharing

Copy URL Twitter E-mail

General

Target

8f6e4dc7fdae76b8d52a29374e2c4b264fc32a19e16c867ad1e399830b0b9deb
Size

76KB
MD5

558f79564cf0a24df0d1d5646f53a550
SHA1

f3b923fd341aaac120e9a193826a19edaa3d6f91
SHA256

8f6e4dc7fdae76b8d52a29374e2c4b264fc32a19e16c867ad1e399830b0b9deb
SHA512

9a53f2874d1bc8f194504e0ca77f6afa1e23c0ec98be98e66da9c321d62801349b70bf809dfb1ce457be8f3529210ac607496c5d7b87848c9d96a7eb940fada4
SSDEEP

1536:SeRWUhCVHTnYVigGxa3C7t/Ci0fr6X9+UzoPybx8am:UUhCBnVy0CYMUzoPybx8am

Score

N/A

Malware Config

Signatures

Files

8f6e4dc7fdae76b8d52a29374e2c4b264fc32a19e16c867ad1e399830b0b9deb
.exe windows x86

cea6998d2a58447a5ed9551acd410ba6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
getsockname
gethostbyname
inet_ntoa
ntohl
htonl
ioctlsocket
setsockopt
bind
listen
accept
inet_addr
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

wsprintfA
FindWindowA
IsWindow
SendMessageA
FindWindowExA

advapi32

ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeleteService

shfolder

SHGetFolderPathA

kernel32

GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileType
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
WideCharToMultiByte
GetModuleFileNameA
HeapReAlloc
CloseHandle
CreateProcessA
ExitThread
ExitProcess
GetTempPathA
GetSystemDefaultLangID
Sleep
lstrcmpiA
ReleaseMutex
GetTickCount
CreateMutexA
SetFileAttributesA
GetLastError
CreateDirectoryA
GetModuleHandleA
CreateThread
OpenMutexA
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
DeleteFileA
LocalFree
LocalAlloc
GetVersionExA
GetLocaleInfoA
TerminateThread
WaitForSingleObject
WritePrivateProfileStringA
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
WriteFile
ReadFile
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cea6998d2a58447a5ed9551acd410ba6

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

shfolder

kernel32

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 26KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 26KB