cec73bddc33cd11ba515e39983e81569d9586abdaabbdd5955389735e826c3c7

Sharing

Copy URL Twitter E-mail

General

Target

cec73bddc33cd11ba515e39983e81569d9586abdaabbdd5955389735e826c3c7
Size

587KB
MD5

f1cf2ed2f8753a4e6fe00072aaf86bbb
SHA1

0ec446e535eeb12745e8cece4fa8dbb65644527f
SHA256

cec73bddc33cd11ba515e39983e81569d9586abdaabbdd5955389735e826c3c7
SHA512

e4c0cb6ec6ea38f93bc8aeeb6bf219637e32429c415fadf9a195430aa642296ceb14fe8ca9a2def46ba514ab231e54990e5e7edb341a6b7bb5903e4bd257f5e3
SSDEEP

12288:pESVukXHGS8IGAENzw4SmheXngCo/ZZ0w:pESV7HoIGZdw4SYYngCyZZ0

Score

N/A

Malware Config

Signatures

Files

cec73bddc33cd11ba515e39983e81569d9586abdaabbdd5955389735e826c3c7
.exe windows x64

8a37e76f394eba093615d20fa7c680ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

inet_addr
shutdown
getaddrinfo
getsockname
send
ntohs
connect
recv
freeaddrinfo
WSAStringToAddressA
getnameinfo
htons
__WSAFDIsSet
accept
bind
select
listen
ioctlsocket
setsockopt
WSAGetLastError
WSACleanup
closesocket
inet_pton
WSAStartup
socket
inet_ntoa
sendto

kernel32

GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
HeapSize
WaitForSingleObject
QueueUserWorkItem
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
GetModuleFileNameA
GetModuleFileNameW
GetSystemInfo
CreateThread
LocalFree
FreeLibrary
SetConsoleCtrlHandler
TryEnterCriticalSection
EnterCriticalSection
ReleaseSemaphore
CreateTimerQueueTimer
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
ExitThread
PostQueuedCompletionStatus
MultiByteToWideChar
GlobalAlloc
GlobalFree
DeleteCriticalSection
CreateSemaphoreW
CreateIoCompletionPort
ReadFile
CreateFileW
GetProcAddress
GetFileSize
GlobalReAlloc
SetErrorMode
LoadLibraryW
GetLocalTime
lstrlenA
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
QueryDepthSList
HeapReAlloc
SetFilePointerEx
UnregisterWaitEx
WaitForMultipleObjects
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WideCharToMultiByte
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateProcessA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
FreeLibraryAndExitThread
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW

advapi32

DeleteService
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
ReportEventW
ControlService
StartServiceW
OpenServiceW
DeregisterEventSource

dnsapi

DnsQuery_A

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a37e76f394eba093615d20fa7c680ec

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

dnsapi

iphlpapi

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 11KB - Virtual size: 20KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 11KB - Virtual size: 20KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB