cf068e9ea0a286f9a1cf44ec8e85c601b5538e849042f7e101934a10b3f26f81

Sharing

Copy URL Twitter E-mail

General

Target

cf068e9ea0a286f9a1cf44ec8e85c601b5538e849042f7e101934a10b3f26f81
Size

180KB
MD5

b2a7d7b99ac72ac340f3bb3faa3ef858
SHA1

72a1ade520a05437b5e999a8af8a60438c337a92
SHA256

cf068e9ea0a286f9a1cf44ec8e85c601b5538e849042f7e101934a10b3f26f81
SHA512

93c56165ea9448d3474e981879c676211a4abafd3f98de3072daf182de8b9429768f2dede1ee41ffde59d873b7095037297767a926a2d8d74293056cb7787a58
SSDEEP

1536:2A03uEO4LuAeADVOvOgxMOhvbTCvfJG+0lz5uveojkCshhBjMdpo:2V3xOvOgS6PWJG9lz58jip0po

Score

N/A

Malware Config

Signatures

Files

cf068e9ea0a286f9a1cf44ec8e85c601b5538e849042f7e101934a10b3f26f81
.exe windows x86

93923bea6619e27fbe80cc0d61aef359

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
CreateProcessA
Sleep
CreateThread
TerminateThread
GetExitCodeThread
CreateToolhelp32Snapshot
LCMapStringW
LCMapStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
Process32First
Process32Next
OpenProcess
GetLastError
GetProcAddress
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentDirectoryA
lstrcatA
CopyFileA
SetFileAttributesA
GetCPInfo
SetFilePointer
SetConsoleCtrlHandler
VirtualAlloc
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapFree
FlushFileBuffers
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings

user32

GetDesktopWindow
GetMessageA
GetDC
ExitWindowsEx
GetSystemMetrics
PostQuitMessage
GetKeyState

gdi32

CreateCompatibleBitmap
BitBlt
CreateDIBSection
SelectObject
CreateCompatibleDC

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExA
RegCloseKey
RegSetValueExA
GetUserNameA

system32

StopKeyKnock
StartKeyKnock

wsock32

gethostbyname
recvfrom
bind
htons
WSAStartup
gethostname
sendto
socket

ws2_32

WSAEventSelect
WSACreateEvent
WSAWaitForMultipleEvents
WSACloseEvent

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Risonic
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93923bea6619e27fbe80cc0d61aef359

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

system32

wsock32

ws2_32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.Risonic Size: 4KB - Virtual size: 260B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.Risonic
Size: 4KB - Virtual size: 260B

.reloc
Size: 4KB - Virtual size: 3KB