e67c66cef12e94e4fbd64271201718a20e722ea2ffec73b92cb9a19ecf2c00a7

Sharing

Copy URL

Twitter E-mail

General

Target

e67c66cef12e94e4fbd64271201718a20e722ea2ffec73b92cb9a19ecf2c00a7
Size

3.3MB
MD5

b73aa4a372a28ab6b7c46c3676a7da10
SHA1

bf45adb385e67d2130c0825497d8a2a03fb54e3a
SHA256

e67c66cef12e94e4fbd64271201718a20e722ea2ffec73b92cb9a19ecf2c00a7
SHA512

33af066136b674fa884fdd09bd537ba8f5c2fcf2fbf31d0a4345c7526bdf4b3877ae9a0488917b80f3e2eecce73b8d244375dc586e99aada4bfe0c024271d82c
SSDEEP

98304:ZBB7cEx6uYhbJD48HLsTQZ/zpzIM1u2e5zSlzQ:h7cQ5YPX/zpzb1u5zS

Score

N/A

Malware Config

Signatures

Files

e67c66cef12e94e4fbd64271201718a20e722ea2ffec73b92cb9a19ecf2c00a7
.exe windows x86

4703b53c13b97c2cc1e9542c9e320f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetOverlappedResult
WSAResetEvent
WSASend
WSARecv
WSAEventSelect
WSAEnumNetworkEvents
WSAIoctl
WSACloseEvent
WSACreateEvent
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
WSASendTo
WSASocketW
WSAStartup
WSAGetLastError
getsockopt
ntohs
gethostname
htons
htonl
recvfrom
sendto
send
recv
connect
accept
select
__WSAFDIsSet
getpeername
getsockname
shutdown
listen
bind
socket
ioctlsocket
closesocket
setsockopt
ntohl

kernel32

LockFile
UnlockFile
SystemTimeToFileTime
GetSystemTime
GetStdHandle
TerminateProcess
CreateFileMappingA
GetSystemInfo
FormatMessageA
MapViewOfFile
UnmapViewOfFile
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringA
InterlockedExchange
LoadLibraryW
LeaveCriticalSection
SetEnvironmentVariableA
QueryPerformanceCounter
GetTickCount
FindNextFileW
FindFirstFileW
GetTempPathW
GetDiskFreeSpaceA
GetVolumeInformationA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetLogicalDrives
GlobalMemoryStatus
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RaiseException
CreateThread
IsDebuggerPresent
InterlockedExchangeAdd
DeleteFileW
CreateProcessW
CreateFileW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileExW
ReplaceFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
GetLongPathNameW
GetTempFileNameW
CreateDirectoryW
GetCurrentDirectoryW
GetFileInformationByHandle
GetFileSize
HeapSetInformation
GetCommandLineW
CreateEventW
ExpandEnvironmentStringsW
SetEndOfFile
GetSystemDirectoryW
GetWindowsDirectoryW
GetNativeSystemInfo
GetVersionExW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
UnregisterWaitEx
RegisterWaitForSingleObject
SetEvent
InterlockedIncrement
GetEnvironmentVariableA
FormatMessageW
CancelIo
ConnectNamedPipe
CreateNamedPipeW
GetNamedPipeInfo
DecodePointer
EncodePointer
InterlockedDecrement
HeapAlloc
HeapReAlloc
GetFileAttributesA
FindFirstFileExA
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetFileType
GetProcessHeap
RtlUnwind
GetCPInfo
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
MoveFileA
SetLastError
GetFullPathNameA
GetModuleHandleA
GetProcAddress
GetDriveTypeA
DeleteFileA
FindClose
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
ReleaseSemaphore
WideCharToMultiByte
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsSetValue
Sleep
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
TlsFree
TlsAlloc
InterlockedCompareExchange
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
GetLastError
LocalFree
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
UnhandledExceptionFilter
HeapFree
GetStartupInfoW
ExitProcess
HeapSize
WriteConsoleW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
AreFileApisANSI
LockFileEx
UnlockFileEx
VirtualAlloc
VirtualFree
GetTempPathA
GetDiskFreeSpaceW
GetThreadLocale
QueueUserWorkItem
SetFileAttributesA
CreateFileMappingW

user32

MsgWaitForMultipleObjectsEx
WaitMessage
RegisterClassExW
CreateWindowExW
SetTimer
DefWindowProcW
GetQueueStatus
UnregisterClassW
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
KillTimer
PostMessageW
MessageBoxW
DestroyWindow
PeekMessageW

advapi32

SetSecurityDescriptorDacl
CryptGetUserKey
CryptGetKeyParam
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
InitializeSecurityDescriptor
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptContextAddRef

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW

ole32

StgOpenStorage

shlwapi

UrlIsW
PathCreateFromUrlW
PathAppendW
PathFindFileNameW

crypt32

CertCreateCertificateChainEngine
CryptUnprotectData
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertVerifyTimeValidity
CertGetIntendedKeyUsage
CertCloseStore
CertAddCertificateContextToStore
CertFindChainInStore
CertOpenSystemStoreW
CryptAcquireCertificatePrivateKey
CertOpenStore
CertFreeCertificateContext
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertAddEncodedCertificateToStore
CertDuplicateCertificateContext
CryptDecodeObjectEx
CertFindExtension
CertGetPublicKeyLength
CryptFindOIDInfo
CryptHashCertificate
CertVerifyCertificateChainPolicy
CertRDNValueToStrW
CertGetCertificateChain

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

iphlpapi

GetAdaptersAddresses

secur32

DeleteSecurityContext
EncryptMessage
QueryContextAttributesW
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleW
FreeCredentialsHandle
FreeContextBuffer

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4703b53c13b97c2cc1e9542c9e320f6b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

winmm

iphlpapi

secur32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 800KB - Virtual size: 799KB

.data Size: 25KB - Virtual size: 71KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 131KB - Virtual size: 130KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 800KB - Virtual size: 799KB

.data
Size: 25KB - Virtual size: 71KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 131KB - Virtual size: 130KB