c63ade85231062916b086703fefe3d047a17695dae4c186d5fc8adfd67ed8f47

Sharing

Copy URL Twitter E-mail

General

Target

c63ade85231062916b086703fefe3d047a17695dae4c186d5fc8adfd67ed8f47
Size

532KB
MD5

3b57c2676ab6c5d3d5fd2b4d98b5d270
SHA1

21dc6ea515b6cdfc9cece91ab9d2dcc0fd39b1ce
SHA256

c63ade85231062916b086703fefe3d047a17695dae4c186d5fc8adfd67ed8f47
SHA512

1c031cbbe7bbc414907e3a7339a9ad58c443cf3ee8d2ca06e120a0f26c0c7bcf214580120060444b76bf5c1f877eed45f76cd27a88c81916143e968f027ec5b5
SSDEEP

12288:2MMnMMMMMUsEsZS3zKyu7RHy7+aMCIlu+Wg11Ecm/bBjFgtENJ5FtI:2MMnMMMMMBEHKXVc+Jlmg11Ecm/bBJgG

Score

N/A

Malware Config

Signatures

Files

c63ade85231062916b086703fefe3d047a17695dae4c186d5fc8adfd67ed8f47
.exe windows x86

64341d97fe54b917468dd35719e9b138

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtWaitForSingleObject
RtlAdjustPrivilege
RtlStringFromGUID

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

NotifyRouteChange
NotifyAddrChange
GetAdaptersInfo
GetAdaptersAddresses

dnsapi

DnsReplaceRecordSetW

advapi32

CryptGenRandom
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegisterServiceCtrlHandlerW
SetServiceStatus
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextW

ddraw

DirectDrawCreate

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnregisterWaitEx
GetSystemTimeAsFileTime
InterlockedDecrement
CreateTimerQueueTimer
DeleteTimerQueueTimer
WaitForSingleObject
GetProcAddress
DeleteTimerQueue
GetLastError
HeapDestroy
ChangeTimerQueueTimer
WideCharToMultiByte
RegisterWaitForSingleObject
CreateEventW
GetComputerNameExW
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
QueueUserWorkItem
CreateMutexW
InterlockedIncrement
CreateFileW
CreateMutexA
ReleaseMutex
UnhandledExceptionFilter
HeapFree
SetLastError
UnregisterWait
LeaveCriticalSection
GetTickCount
HeapReAlloc
CreateTimerQueue
GetCurrentProcessId
GetCurrentProcess
CloseHandle
WriteFile
SetEvent
VirtualAlloc
LoadLibraryW
HeapCreate
TerminateProcess
ExpandEnvironmentStringsW
BindIoCompletionCallback
Sleep
DeviceIoControl
GetCurrentThreadId
HeapAlloc
FreeLibrary
MultiByteToWideChar

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

msvcrt

_except_handler3
wcschr
wcsncpy
wcslen
wcscpy
memmove
memcpy
malloc
memcmp
wcscat
_adjust_fdiv
strlen
wcscmp
memset
free
swprintf
_wcsicmp
_initterm

ws2_32

getaddrinfo
WSALookupServiceBeginW
WSARecvFrom
WSAStringToAddressA
WSAAddressToStringW
getnameinfo
WSASocketW
WSAAddressToStringA
WSALookupServiceEnd
WSAEventSelect
WSAIoctl
WSALookupServiceNextW
WSASendTo
freeaddrinfo

Sections

.text
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64341d97fe54b917468dd35719e9b138

Headers

File Characteristics

Imports

ntdll

mswsock

iphlpapi

dnsapi

advapi32

ddraw

kernel32

ole32

msvcrt

ws2_32

Sections

.text Size: 4KB - Virtual size: 876B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 2.0MB

.rdata Size: 424KB - Virtual size: 422KB

.text
Size: 4KB - Virtual size: 876B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 2.0MB

.rdata
Size: 424KB - Virtual size: 422KB