8e0c12057a5db558fe6d358c4432a125a422dc44ad3ee76e8a57cee4bae6b61d

Sharing

Copy URL Twitter E-mail

General

Target

8e0c12057a5db558fe6d358c4432a125a422dc44ad3ee76e8a57cee4bae6b61d
Size

711KB
MD5

b0c97987f2dc61dcafe5b0d3a89b8343
SHA1

1d5f2159a6fb3f5414717795da8cf9298ae3a949
SHA256

8e0c12057a5db558fe6d358c4432a125a422dc44ad3ee76e8a57cee4bae6b61d
SHA512

14ec60102ede2676334b7d487d90cef66ef98953dc1db0ab08ecd1bbe3c543c0c82882b76499fd878927a75ead1899f92f237313b60fb986e93e847efaec062f
SSDEEP

12288:QALPSIkPVTwdaKiIPv7yLc8WPbJ/Nif6fNHGr4mM:QALjkPVcdbiIPjyLc88J/d9

Score

N/A

Malware Config

Signatures

Files

8e0c12057a5db558fe6d358c4432a125a422dc44ad3ee76e8a57cee4bae6b61d
.exe windows x64

47a6dc23ad0efb46ef3878febd880ae2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

ioctlsocket
sendto
recvfrom
gethostname
__WSAFDIsSet
getaddrinfo
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSASetLastError
select
freeaddrinfo

wldap32

ord79
ord30
ord200
ord33
ord41
ord22
ord45
ord60
ord35
ord32
ord27
ord301
ord26
ord143
ord217
ord46
ord50
ord211

kernel32

VirtualQuery
GetModuleHandleExW
ExitProcess
GetStringTypeW
GetFileInformationByHandle
GetDriveTypeW
EncodePointer
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
Sleep
TerminateProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
VirtualProtect
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
WriteFile
FreeResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
FormatMessageW
MoveFileExA
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcessHeap
RtlCaptureContext

user32

FindWindowW
ShowWindow

advapi32

CryptImportKey
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptDestroyHash

normaliz

IdnToAscii

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain

bcrypt

BCryptGenRandom

msvcrt

fread
calloc
free
malloc
realloc
strcspn
strncmp
fputs
qsort
_time64
_errno
feof
fseek
strncpy
ftell
strtol
strtoul
atoi
strpbrk
strcmp
fflush
_access
_open
wcstombs
fgets
_gmtime64
_beginthreadex
_lseeki64
_fstat64
_getpid
strspn
strftime
_callnewh
_initterm
_wcsicmp
_strdup
_unlink
_read
_write
_fdopen
_close
abort
strlen
_getdrive
__doserrno
wcslen
wcspbrk
_wfullpath
___lc_codepage_func
__pctype_func
_iob
isspace
___mb_cur_max_func
system
_lock
_unlock
tolower
_sys_errlist
_sys_nerr
_strtoi64
__getmainargs
_environ
_msize
_XcptFilter
__set_app_type
_fmode
__argc
__argv
___lc_handle_func
?_set_new_mode@@YAHH@Z
_commode
?terminate@@YAXXZ
_isatty
_fileno
_isctype
_strtoui64
mbtowc
log10
ceil
_clearfp
fclose
fopen
__DestructExceptionObject
_amsg_exit
__C_specific_handler
_CxxThrowException
memchr
strstr
strrchr
strchr
memset
memmove
memcpy
memcmp
_mkdir
_wsplitpath
__CxxFrameHandler
wcsrchr
perror

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 23.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47a6dc23ad0efb46ef3878febd880ae2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

advapi32

normaliz

crypt32

bcrypt

msvcrt

Sections

.text Size: 506KB - Virtual size: 505KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 1024B - Virtual size: 23.4MB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 506KB - Virtual size: 505KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 1024B - Virtual size: 23.4MB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB