339a6e6e891d5bb8f19a01f948c352216e44656e46f3ee462319371fd98b3369[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

339a6e6e891d5bb8f19a01f948c352216e44656e46f3ee462319371fd98b3369.exe
Size

88KB
MD5

fbb796cc4209793257bc08943e9bfa29
SHA1

5200d89104d66cab7ee6418e1dc5eccc13bc5193
SHA256

339a6e6e891d5bb8f19a01f948c352216e44656e46f3ee462319371fd98b3369
SHA512

9b41837bf7d20b26343b9fcde1c5b47e56568517ab5cc225a9ceb6415eb0b4987414aa15634ab25b7909aa61062654a1c2284b06039b1bf558221a9cb95b9e4d
SSDEEP

1536:bs6+rOTW/tkze6Z4PWZ8Z0pzs0an0orPQc8:bs6+KgOzeX7Z0YL8

Score

N/A

Malware Config

Signatures

Files

339a6e6e891d5bb8f19a01f948c352216e44656e46f3ee462319371fd98b3369.exe
.exe windows x86

37f01a80e028f92aeb4f7284acd12f45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessShutdownParameters
CreateMutexW
WaitForSingleObject
Wow64RevertWow64FsRedirection
DeleteFileW
GetNativeSystemInfo
VerSetConditionMask
GetComputerNameW
CreateProcessW
CopyFileW
VerifyVersionInfoW
GetSystemInfo
GlobalMemoryStatusEx
IsWow64Process
OpenProcess
GetTickCount
ReadFile
SetThreadPriority
GetQueuedCompletionStatus
GetCurrentThread
TerminateThread
SetFilePointer
GetLocalTime
HeapCreate
HeapFree
HeapAlloc
GetProcessHeap
CancelIo
CreateTimerQueueTimer
DeleteTimerQueueEx
ExitThread
CreateTimerQueue
GetModuleFileNameW
lstrlenW
GetCurrentProcess
SetPriorityClass
CreateDirectoryW
GetDriveTypeW
CreateIoCompletionPort
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetCurrentProcessId
FindVolumeClose
ExitProcess
MoveFileExW
LocalFree
GetProcAddress
SetVolumeMountPointW
CreateThread
GetCommandLineW
LoadLibraryW
CloseHandle
Wow64DisableWow64FsRedirection
lstrcatW
GetLastError
SetFileAttributesW
PostQueuedCompletionStatus
ResumeThread
GetFileAttributesW
CreateFileW
FindClose
lstrlenA
WaitForMultipleObjects
WriteFile
FindNextFileW
FindFirstVolumeW
FindFirstFileExW
GetFileSizeEx
GetLogicalDrives
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
lstrcpyW
Sleep

user32

ReleaseDC
SystemParametersInfoW
DrawTextW
GetDC
wsprintfA
wsprintfW

gdi32

GetTextExtentPoint32W
SetTextColor
SetBkMode
SetBkColor
DeleteObject
GetDeviceCaps
GetDIBits
CreateFontW
SelectObject
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC

advapi32

OpenSCManagerW
DeleteService
ControlService
EnumDependentServicesW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
GetWindowsAccountDomainSid
CreateWellKnownSid
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
CheckTokenMembership
RegOpenKeyExW
RegDeleteValueW
GetUserNameW
GetTokenInformation
RevertToSelf
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
SetThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
DuplicateToken
CloseServiceHandle

shell32

SHEmptyRecycleBinW
SHGetFolderPathW
SHChangeNotify
CommandLineToArgvW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

rstrtmgr

RmStartSession
RmEndSession
RmRegisterResources
RmGetList

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

mpr

WNetAddConnection2W
WNetGetConnectionW

netapi32

NetShareEnum
NetGetDCName
NetApiBufferFree
NetGetJoinInformation

ws2_32

WSACleanup
WSAGetLastError
setsockopt
htons
htonl
getsockopt
WSAAddressToStringW
socket
inet_addr
WSAStartup
WSASocketW
shutdown
ntohl
closesocket
bind
WSAIoctl

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIW
wnsprintfA
PathFindExtensionW
wvnsprintfW

ntdll

NtQuerySystemInformation
RtlGetVersion
NtTerminateProcess

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37f01a80e028f92aeb4f7284acd12f45

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rstrtmgr

wtsapi32

mpr

netapi32

ws2_32

iphlpapi

shlwapi

ntdll

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 22KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB