53c9b5754f2fc2c0d90e80ab6cc79a315a66f778bd9a7387724d2f67fe67ea68

Sharing

Copy URL Twitter E-mail

General

Target

53c9b5754f2fc2c0d90e80ab6cc79a315a66f778bd9a7387724d2f67fe67ea68
Size

3.7MB
MD5

0ce8649755b7dd929e0ec994fcfe7f02
SHA1

cce658c3af864d9678904858ae386298f3e235ba
SHA256

53c9b5754f2fc2c0d90e80ab6cc79a315a66f778bd9a7387724d2f67fe67ea68
SHA512

e55334730629b3e46eb0aa6ca40fe9a38b858aa72b6643906da5677d2a4c05e3d71895ecb0d7ba428c1fd35b6926e54038118584a5750a0ab9790923dc074aa1
SSDEEP

49152:Pee6fMB71l2kMuGxssuYE2ausz+Tgp3W+CE/azSbpBb0j8TBaoIvwPRsrtr4M00F:PeNfMbYnu2ub2CtW+nPpB4wIvwNM00

Score

N/A

Malware Config

Signatures

Files

53c9b5754f2fc2c0d90e80ab6cc79a315a66f778bd9a7387724d2f67fe67ea68
.exe windows x86

cf868b9132297942fc0a5895683bdb3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocalTime
SystemTimeToFileTime
GetTempPathA
GetDiskFreeSpaceA
GetACP
GetUserDefaultUILanguage
IsBadReadPtr
GetComputerNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemInfo
SetLastError
GetExitCodeThread
DuplicateHandle
GetProcessHeap
HeapAlloc
TerminateProcess
HeapFree
CompareStringW
CompareStringA
GetLocaleInfoW
GetModuleHandleA
GetModuleFileNameA
SetThreadPriority
SetPriorityClass
IsValidLocale
EnumSystemLocalesA
GetCurrentThread
GetLocaleInfoA
VirtualQuery
GetCurrentThreadId
SetConsoleCtrlHandler
GetConsoleCP
GetStringTypeW
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleW
VirtualFree
HeapDestroy
OpenEventA
SetEvent
GetCurrentDirectoryA
GetTickCount
HeapCreate
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LockFile
UnlockFile
IsBadStringPtrW
IsBadStringPtrA
VirtualProtect
FlushInstructionCache
GetLogicalDrives
GetDriveTypeA
DeviceIoControl
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
GetFileTime
GetFileSize
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetCurrentProcessId
ReadFile
WriteFile
GetVersion
GetUserDefaultLCID
GetVersionExA
GetSystemTimeAsFileTime
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
ExitProcess
TlsAlloc
GetFileAttributesA
GetFullPathNameA
SetCurrentDirectoryA
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLastError
GetPrivateProfileSectionA
WritePrivateProfileSectionA
AreFileApisANSI
LoadLibraryA
GetEnvironmentVariableA
CloseHandle
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetProfileStringA
GetStdHandle
GetConsoleMode
IsBadWritePtr
Sleep
WaitForSingleObject
OpenProcess
GetExitCodeProcess
CreateEventA
WaitForMultipleObjects
DeleteFileA
SetFileTime
CreateFileA

user32

CharUpperBuffA
DrawMenuBar
AppendMenuA
GetSystemMenu
CharLowerBuffA
GetSystemMetrics
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
CallMsgFilterA
MessageBoxA
LoadStringA

advapi32

RegOpenKeyExA
StartServiceA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
RegDeleteValueA
RegFlushKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

ShellExecuteExA

wsock32

getpeername
accept
gethostbyaddr
gethostname
ioctlsocket
WSAStartup
gethostbyname
WSACleanup
getsockopt
WSAGetLastError
recv
__WSAFDIsSet
select
closesocket
shutdown
send
connect
inet_ntoa
setsockopt
socket
htons
bind
recvfrom
sendto
inet_addr

Exports

Exports

??0ET_PDMPROBaseOP@@AAE@XZ
??0ET_PDMPROBaseOP@@QAE@ABV0@@Z
??1ET_PDMPROBaseOP@@EAE@XZ
??4ET_PDMPROBaseOP@@QAEAAV0@ABV0@@Z
??_7ET_PDMPROBaseOP@@6B@

Sections

__wibu00
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 60KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf868b9132297942fc0a5895683bdb3d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shell32

wsock32

Exports

Exports

Sections

__wibu00 Size: 1.7MB - Virtual size: 1.7MB

__wibu01 Size: 196KB - Virtual size: 193KB

__wibu02 Size: 60KB - Virtual size: 98KB

.rsrc Size: 484KB - Virtual size: 483KB

__wibu03 Size: 1.3MB - Virtual size: 1.3MB

__wibu00
Size: 1.7MB - Virtual size: 1.7MB

__wibu01
Size: 196KB - Virtual size: 193KB

__wibu02
Size: 60KB - Virtual size: 98KB

.rsrc
Size: 484KB - Virtual size: 483KB

__wibu03
Size: 1.3MB - Virtual size: 1.3MB