7862ea8ba3d9871c4cb6a27e3963e7f95ae623c775bd64e4fa47adeb35f74d9d

Sharing

Copy URL

Twitter E-mail

General

Target

7862ea8ba3d9871c4cb6a27e3963e7f95ae623c775bd64e4fa47adeb35f74d9d
Size

100KB
MD5

ca1239188efbadaae5ee97af133749ba
SHA1

eb88a573b850adbf3689dd78e6352bc2d725a439
SHA256

7862ea8ba3d9871c4cb6a27e3963e7f95ae623c775bd64e4fa47adeb35f74d9d
SHA512

600bcf797bc48662245ca7ac87b6121fb5319aa02ffd5b50c292c43925e96330ffa5ea5123c2b8d02be405950665fba046a71021eac15080b648923cff048140
SSDEEP

3072:ScfPsb/1kz1hwRKT5wosunTA6zet5e6C5ikS076VFaxK0:StLgwRo3+5m5R20

Score

N/A

Malware Config

Signatures

Files

7862ea8ba3d9871c4cb6a27e3963e7f95ae623c775bd64e4fa47adeb35f74d9d
.exe windows x86

0a200be649d9164028d0a240c9c38770

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupA
SHEnumKeyExA
PathGetDriveNumberW
PathFindOnPathA

kernel32

ReadFile
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
VirtualAlloc
GetModuleHandleW
FormatMessageW
lstrcmpW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
EnumSystemCodePagesW
WriteConsoleW
GetConsoleWindow
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
GetLastError
RtlUnwind
HeapSize
SetFilePointerEx
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetStdHandle
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
CloseHandle
GetFileType
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
TlsFree

winspool.drv

DeletePortA
ord208
GetJobW
SetFormW

odbc32

ord25
ord253
ord63
ord206
ord66

wsock32

ord1114
ord1109
inet_addr
ord1120
WSACleanup
WSAStartup
WSAAsyncGetProtoByNumber
getsockopt
ntohl
getprotobyname
WSASetLastError
gethostbyaddr
recv
ord1107
WSAAsyncSelect
listen

wsnmp32

ord600
ord220
ord602
ord402
ord601

comdlg32

GetFileTitleW
PrintDlgW
ChooseColorW
GetOpenFileNameW
PrintDlgExW
FindTextA
FindTextW

ws2_32

WSCEnableNSProvider
WSAIoctl
WSALookupServiceNextW
WSAAddressToStringW
WSAJoinLeaf
WSASetEvent

rtm

RtmBlockSetRouteEnable
RtmAddRoute
RtmGetNextRoute

user32

LoadStringW
ShowWindow

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a200be649d9164028d0a240c9c38770

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

winspool.drv

odbc32

wsock32

wsnmp32

comdlg32

ws2_32

rtm

user32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB