c0e2ad6c91de0247ae54f13475c5f701afc4a80b41a8ab6c9e4451ad803006f7

Sharing

Copy URL Twitter E-mail

General

Target

c0e2ad6c91de0247ae54f13475c5f701afc4a80b41a8ab6c9e4451ad803006f7
Size

324KB
MD5

7163fa6651bee38de95dd2a551700126
SHA1

4779ad6dc7118cf743eb0b0d2af72c9abfc6c799
SHA256

c0e2ad6c91de0247ae54f13475c5f701afc4a80b41a8ab6c9e4451ad803006f7
SHA512

f660bd468bbaa1a1f7b9b046be524c5daf5ebc6aac676d252ab1cad940f216cbfb0f462006416e566bc6c820c11a52d7a229fbf3c7c0432c117190f9d09413b3
SSDEEP

6144:iEd+x66i4oxpp/Qb8beiy+5Sq0yX9uoKMRiJ5Ghs+6Q2r7W32IpuMX:ldR62ppIwS8hNuo1mZ+6hY2GuMX

Score

N/A

Malware Config

Signatures

Files

c0e2ad6c91de0247ae54f13475c5f701afc4a80b41a8ab6c9e4451ad803006f7
.exe windows x86

9c74cb6df11d1c7a43dde88bd83de810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

mswsock

GetAcceptExSockaddrs
AcceptEx

dnsapi

DnsReplaceRecordSetW

kernel32

MultiByteToWideChar
FreeLibraryAndExitThread
GetFullPathNameW
TlsSetValue
TlsFree
FreeResource
EnterCriticalSection
FreeLibrary
GetProcAddress
TlsAlloc
DelayLoadFailureHook
LocalAlloc
FormatMessageW
GetVolumeInformationW
GetSystemTimeAsFileTime
LocalSize
InterlockedIncrement
FindResourceW
GetDriveTypeW
InterlockedExchange
InterlockedCompareExchange
LoadLibraryW
LoadLibraryA
FindFirstFileW
WaitForSingleObject
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetFileAttributesW
QueryPerformanceCounter
CreateFileW
SetLastError
LocalFree
GetModuleFileNameW
LeaveCriticalSection
InterlockedDecrement
GlobalAlloc
DisableThreadLibraryCalls
GetShortPathNameW
LoadResource
GlobalLock
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
lstrlenW
FindResourceExW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetTickCount
SizeofResource
TerminateProcess
SetErrorMode
FindNextFileW
GetTempFileNameW
GlobalReAlloc
UnhandledExceptionFilter
CreateEventW
GetVersionExA
lstrcpynW
CloseHandle
FindResourceA
GetCurrentProcess
MulDiv
GetProfileStringW
GetACP
GetProcessVersion
LocalReAlloc
ResetEvent
GetCurrentDirectoryW
WideCharToMultiByte
DeleteCriticalSection
lstrlenA
DeleteFileW
lstrcpyA
lstrcmpW
FindClose
SetEvent
GetCurrentProcessId
GetLastError
CreateThread
LockResource
GetModuleHandleA
lstrcmpiW
GlobalUnlock
lstrcpyW
GetUserDefaultLCID
GetCurrentThreadId
GlobalFree
TlsGetValue
GetModuleHandleW

ntdll

RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
RtlIsNameLegalDOS8Dot3
wcslen
NtAllocateVirtualMemory
_wcsicmp
RtlInitUnicodeStringEx
memmove
strlen
_chkstk
NtQueryVirtualMemory
RtlUnwind

userenv

RsopSetPolicySettingStatus

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c74cb6df11d1c7a43dde88bd83de810

Headers

DLL Characteristics

File Characteristics

Imports

ole32

mswsock

dnsapi

kernel32

ntdll

userenv

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 33KB - Virtual size: 33KB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 6KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 33KB - Virtual size: 33KB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 6KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB