eb7eb78d6347e86f074753bf3003d4458bb48ed5acc393b06a3e5a96a87a133a

Sharing

Copy URL

Twitter E-mail

General

Target

eb7eb78d6347e86f074753bf3003d4458bb48ed5acc393b06a3e5a96a87a133a
Size

558KB
MD5

2f9ee14d451236a49e8fe4b499492da5
SHA1

ab707cde30b42b21dd7b19ba79e00bc60a92e254
SHA256

eb7eb78d6347e86f074753bf3003d4458bb48ed5acc393b06a3e5a96a87a133a
SHA512

987f90546ebeda2f00279532e06c33ca36792fac8bbb569fd1c4d27acf2a13c9018e0928a6f0a619167ba9ab5bebf3a68591db20d9eb3d8d7fe9d12a6781a0d2
SSDEEP

12288:5PlDDuwzADkGpSFiNONsm/tDr32LHqn6SySn5ae0Rq:JlDdsnir32LH+6SySn4e0Rq

Score

1^/10

Malware Config

Signatures

Files

eb7eb78d6347e86f074753bf3003d4458bb48ed5acc393b06a3e5a96a87a133a
.exe windows x86

5add0059f92ca1e9ef1c6574063e3771

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mpr

WNetAddConnection2A
WNetCancelConnection2A

wsock32

WSAGetLastError
select
getsockname
gethostbyaddr
getpeername
accept
listen
htonl
bind
WSACleanup
WSAStartup
ioctlsocket
htons
connect
socket
setsockopt
shutdown
closesocket
recv
send
inet_ntoa
gethostbyname
inet_addr
gethostname
WSASetLastError

kernel32

CopyFileA
MoveFileA
GetTempPathA
GetVersionExA
GetExitCodeThread
SetThreadPriority
GetComputerNameA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
WritePrivateProfileStringA
CreateProcessA
OpenFileMappingA
OpenEventA
LoadLibraryA
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
LocalFree
LocalAlloc
lstrcpyW
lstrcmpW
GetExitCodeProcess
SetErrorMode
FormatMessageA
FindClose
FindFirstFileA
GetModuleHandleA
FreeResource
LoadResource
SizeofResource
FindResourceA
SetFilePointer
GetFileSize
lstrcatW
lstrlenW
LocalFileTimeToFileTime
SystemTimeToFileTime
MoveFileExA
ExpandEnvironmentStringsA
lstrcpynA
GetCurrentProcessId
SetProcessShutdownParameters
lstrcmpA
GetCurrentThread
lstrcmpiW
MultiByteToWideChar
GlobalFree
ExitProcess
FindNextFileA
ReadFile
GlobalSize
GetEnvironmentVariableA
TlsAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
ExitThread
TlsGetValue
TlsSetValue
CreateThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
TerminateProcess
WaitForSingleObject
TerminateThread
WaitForMultipleObjects
DeviceIoControl
GetOverlappedResult
CreateEventA
ResetEvent
VirtualAlloc
GetCurrentProcess
DuplicateHandle
ResumeThread
lstrcatA
CreateDirectoryA
CreateFileA
SetFileTime
SetFileAttributesA
WriteFile
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryA
GetPrivateProfileIntA
DeleteFileA
SetLastError
GetProcAddress
FreeLibrary
GetLastError
OpenProcess
lstrlenA
lstrcpyA
lstrcmpiA
MulDiv
CloseHandle
SetEvent
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetTickCount
Sleep
LeaveCriticalSection
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
CompareStringA
HeapDestroy
HeapCreate
VirtualFree
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
GetLocalTime

user32

ClientToScreen
IsIconic
wsprintfW
SetCursorPos
EqualRect
WindowFromPoint
GetClassNameA
AttachThreadInput
GetCursor
GetIconInfo
VkKeyScanA
GetUserObjectInformationA
OpenInputDesktop
IsWindowEnabled
SetTimer
MessageBoxA
KillTimer
PeekMessageA
EnableWindow
PostQuitMessage
CharUpperBuffA
GetCaretPos
OpenDesktopA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
ExitWindowsEx
EnumDisplaySettingsA
ChangeClipboardChain
SetClipboardViewer
RegisterWindowMessageA
LoadCursorA
RegisterClassExA
CreateWindowExA
SetWindowLongA
PostThreadMessageA
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetClipboardData
GetDoubleClickTime
GetThreadDesktop
GetKeyState
SetThreadDesktop
EnumDisplaySettingsW
SystemParametersInfoA
keybd_event
MapVirtualKeyA
GetKeyboardLayoutNameA
GetKeyboardState
OpenClipboard
DefWindowProcA
GetPriorityClipboardFormat
CloseDesktop
GetClipboardOwner
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
GetCursorPos
GetAsyncKeyState
FindWindowA
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
wsprintfA
CopyRect
GetDC
ReleaseDC
LoadStringA
GetSystemMetrics
GetWindowLongA
LoadIconA
GetWindowDC

gdi32

PatBlt
GdiSetBatchLimit
CreateCompatibleDC
GetDeviceCaps
GetStockObject
DeleteObject
GetDIBits
DeleteDC
CreateDCA
GetObjectA
ExtEscape
CreateDCW
BitBlt
SelectObject
CreateDIBSection
RealizePalette
SelectPalette
CreatePalette
GetPaletteEntries
GetSystemPaletteEntries
CreateHalftonePalette

advapi32

AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
SetServiceStatus
DeregisterEventSource
ControlService
DeleteService
RegOpenKeyA
RegDeleteValueA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCreateKeyA
RegSetValueExA
EqualSid
GetUserNameW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserA
RegCloseKey
RegSetValueExW
RegCreateKeyW
CloseServiceHandle
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA
LookupPrivilegeValueA
QueryServiceStatus
GetUserNameA
SetThreadToken
LookupAccountNameA
GetTokenInformation
OpenThreadToken
FreeSid
PrivilegedServiceAuditAlarmA
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner

shell32

ShellExecuteA
DragQueryFileA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
SysStringLen

Sections

.code
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0001336C
Size: 77KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5add0059f92ca1e9ef1c6574063e3771

Headers

File Characteristics

Imports

version

mpr

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.code Size: 335KB - Virtual size: 336KB

.idata Size: 41KB - Virtual size: 44KB

0001336C Size: 77KB - Virtual size: 104KB

.rsrc Size: 104KB - Virtual size: 180KB

.code
Size: 335KB - Virtual size: 336KB

.idata
Size: 41KB - Virtual size: 44KB

0001336C
Size: 77KB - Virtual size: 104KB

.rsrc
Size: 104KB - Virtual size: 180KB