1ac544a4e926d4c582f8dc9f6d69069b1c1f06a96ff93ca5f78e49ed348192e8

Sharing

Copy URL Twitter E-mail

General

Target

1ac544a4e926d4c582f8dc9f6d69069b1c1f06a96ff93ca5f78e49ed348192e8
Size

1.8MB
MD5

25d87ec63513f6dfa1cc957c1e7b157d
SHA1

938dd955a14fbd7c582017e049cb110a7c278de2
SHA256

1ac544a4e926d4c582f8dc9f6d69069b1c1f06a96ff93ca5f78e49ed348192e8
SHA512

86691b7196525478a54c024fdc9bd7bab25c4b2ad39212ef6e9e7a45cfd2eb3fc443551a72c054144a0eb1d17c14efd7299f66f46fe327c646471f4a66bd94b9
SSDEEP

49152:4es/tSNoe2Emv0MQHmJ+17I6s/kjbaPATi7QZZxAsK:4eqtSNoPtvl2mJ+17I6SubE

Score

N/A

Malware Config

Signatures

Files

1ac544a4e926d4c582f8dc9f6d69069b1c1f06a96ff93ca5f78e49ed348192e8
.exe windows x86

9f64d5ebc99bc2ecca670ed00b4b4daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
gethostbyname
getservbyname
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord33
ord46
ord211
ord60
ord50
ord301
ord200
ord30
ord79
ord35
ord143
ord32
ord27
ord26
ord22
ord41

shlwapi

PathIsDirectoryA
StrToIntA
PathRemoveFileSpecA
PathAddBackslashA
PathFileExistsA

kernel32

GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
GetModuleFileNameA
DeleteFileA
Process32First
FindFirstFileA
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
TerminateProcess
FindNextFileA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
CreateMutexA
WaitForSingleObject
GetFileAttributesW
GetCurrentDirectoryA
GetModuleHandleA
OpenProcess
SetCurrentDirectoryA
GetCommandLineA
CreateToolhelp32Snapshot
MultiByteToWideChar
GetTempPathA
GetLastError
GetFileAttributesA
OutputDebugStringW
MoveFileExA
Process32Next
CloseHandle
WritePrivateProfileStringA
GetProcAddress
RemoveDirectoryA
DeleteCriticalSection
CreateProcessW
WideCharToMultiByte
lstrcmpiA
CreateProcessA
CreateDirectoryA
GetPrivateProfileStringA
ReadConsoleW
SetErrorMode
lstrlenA
GetUserDefaultLCID
CopyFileA
GetWindowsDirectoryA
GetCurrentProcessId
GetExitCodeProcess
ExitThread
TerminateThread
CreateThread
GetThreadContext
SetThreadContext
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
DecodePointer
EncodePointer
GetConsoleCP
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExA
WriteConsoleW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
SetEnvironmentVariableA
HeapSize
Sleep
FindNextFileW

user32

DispatchMessageA
GetWindowRect
ShowWindow
SetTimer
GetMessageA
CreateWindowExA
GetProcessWindowStation
SendMessageA
PostQuitMessage
RegisterClassExA
UpdateWindow
BeginPaint
EndPaint
RegisterClassExW
LoadIconA
GetSystemMetrics
GetUserObjectInformationW
MessageBoxA
TranslateMessage
DefWindowProcA

advapi32

SystemFunction036
RegQueryValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
AdjustTokenPrivileges
AllocateAndInitializeSid
LookupPrivilegeValueA
OpenProcessToken
FreeSid
CheckTokenMembership
RegCloseKey
RegOpenKeyExA

shell32

SHCreateDirectoryExA
SHFileOperationA
ShellExecuteExA
CommandLineToArgvW

psapi

GetModuleFileNameExA
EnumProcessModules

comctl32

ord17

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f64d5ebc99bc2ecca670ed00b4b4daa

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

kernel32

user32

advapi32

shell32

psapi

comctl32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 39KB - Virtual size: 56KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 39KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 61KB - Virtual size: 60KB