42c981de029e75e9de991d277f40d0d94dabc8bdac93b833647be0ef3e15624d

Sharing

Copy URL Twitter E-mail

General

Target

42c981de029e75e9de991d277f40d0d94dabc8bdac93b833647be0ef3e15624d
Size

971KB
MD5

33b21544ece4b77d37a9cfc638f9e5a8
SHA1

54d7acf808f94465d0ff3aa2a853dae0be74cdbd
SHA256

42c981de029e75e9de991d277f40d0d94dabc8bdac93b833647be0ef3e15624d
SHA512

1d3fe6f30188e5654f3a3783e344cc006157f47a15a115fe42cdd0f19600cb4002e21ce3ae0217d0bbea5c02c86e15101dc5d49f23e52bf163475dd57b43f880
SSDEEP

24576:fslNfU7QT+q8Qnq4NedttG3qQbvccgPMgHQp:fsPWs8QqNtGboK

Score

1^/10

Malware Config

Signatures

Files

42c981de029e75e9de991d277f40d0d94dabc8bdac93b833647be0ef3e15624d
.exe windows x86

47a7238abfd75ba01625991c1e8185a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MoveFileExW
CreateFileW
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
GetStdHandle
GetFileInformationByHandle
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
GetModuleHandleA
VirtualAlloc
VirtualFree
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
GetCurrentProcess
GetTempFileNameW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
LoadLibraryW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
Sleep
PeekNamedPipe
GetFileType
FormatMessageA
IsDebuggerPresent
OutputDebugStringW
WriteConsoleW
GetProcAddress
FreeLibrary
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetModuleHandleW
GetTickCount
CreateDirectoryW
lstrcpynW
SetEnvironmentVariableA
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
CompareStringW
GetFileAttributesW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
CreateThread
GetFullPathNameW
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
GetStringTypeW
EncodePointer

user32

CharUpperW

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

shlwapi

PathFileExistsW
PathIsDirectoryW
PathAddBackslashW

ws2_32

WSACleanup
WSAStartup
recvfrom
getsockopt
closesocket
select
WSASetLastError
socket
bind
recv
setsockopt
send
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
sendto
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
getsockname
accept

wldap32

ord142
ord127
ord41
ord26
ord79
ord216
ord14
ord145
ord208
ord167
ord147
ord27
ord301
ord46
ord133
ord118

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47a7238abfd75ba01625991c1e8185a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

wldap32

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 591KB - Virtual size: 591KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 591KB - Virtual size: 591KB

.reloc
Size: 15KB - Virtual size: 14KB