d0517cc77c13bf028581546e4e0b2b6da3cd77cfda15304ae7cd38f272f55690

Sharing

Copy URL

Twitter E-mail

General

Target

d0517cc77c13bf028581546e4e0b2b6da3cd77cfda15304ae7cd38f272f55690
Size

255KB
MD5

1812ccb3493b0cff7e6dbc00473479cd
SHA1

7dce639b5ab57bf9b66688b3b29a0f7691c6ccc6
SHA256

d0517cc77c13bf028581546e4e0b2b6da3cd77cfda15304ae7cd38f272f55690
SHA512

9cef473327154e622a0d44afe36acb95b298fba15295f9448df30837b27bcafcddaad9da63f4ab3a44095e011c9ccfa5a79253aab6af9bbad11be65500c6e352
SSDEEP

6144:p/z6Hz/CIR1WAXhDhCs8C1ZznbNKLW7Mh5urYvi8V2IVO2Mjx6s+:UHz/CIvWAtEsrLjbNF7Mh50MMjcs+

Score

N/A

Malware Config

Signatures

Files

d0517cc77c13bf028581546e4e0b2b6da3cd77cfda15304ae7cd38f272f55690
.exe windows x86

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSASetLastError
setsockopt
getsockopt
bind
getsockname
WSAStartup
WSACleanup
gethostbyname
ntohs
inet_addr
select
recv
__WSAFDIsSet
ntohl
socket
connect
WSAGetLastError
inet_ntoa
htons
htonl
gethostname
ioctlsocket
closesocket
send

kernel32

GetEnvironmentStringsW
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetModuleFileNameA
GetLastError
FreeLibrary
LoadLibraryA
Sleep
WaitForSingleObject
InitializeCriticalSection
GetVersion
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateMutexA
CreateEventA
SetEvent
SleepEx
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
GetExitCodeThread
ExpandEnvironmentStringsA
GetSystemTime
CreateSemaphoreA
GetProcessHeap
GetLocaleInfoW
QueryPerformanceFrequency
GetStringTypeW
GetStringTypeA
IsValidLocale
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RemoveDirectoryA
GetModuleHandleW
ExitProcess
MoveFileA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcessId
Beep
CreateDirectoryA
CreatePipe
TlsAlloc
GetCurrentThread
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA
FatalAppExitA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileAttributesA
GetExitCodeProcess
GetUserDefaultLCID
GetLocaleInfoA
lstrcmpA
GetProcAddress

advapi32

DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ReportEventA

mapistub

MAPIInitialize
FixMAPI
MAPILogon
ScMAPIXFromCMC
BMAPISendMail
PRProviderInit
MAPISendDocuments
MAPILogonEx
BMAPIGetReadMail

kbdbu

KbdLayerDescriptor

Sections

.icode
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 93KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 124KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca2c03a3148d228cc6256590c3ae5144

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

mapistub

kbdbu

Sections

.icode Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 151KB

.text Size: 11KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 26KB

.edata Size: 93KB - Virtual size: 107KB

.data Size: 6KB - Virtual size: 203KB

.edata Size: 124KB - Virtual size: 138KB

.rsrc Size: 7KB - Virtual size: 6KB

.icode
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 151KB

.text
Size: 11KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 26KB

.edata
Size: 93KB - Virtual size: 107KB

.data
Size: 6KB - Virtual size: 203KB

.edata
Size: 124KB - Virtual size: 138KB

.rsrc
Size: 7KB - Virtual size: 6KB