19503c594ddfdf38c0c7e059aaf624cf[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

19503c594ddfdf38c0c7e059aaf624cf.exe
Size

287KB
MD5

19503c594ddfdf38c0c7e059aaf624cf
SHA1

35faf365ab0a99ca884c8a8c6138882cbdef0a1d
SHA256

9a9d2a69bcc53e179dcec0cb8a6cd9803f660e496629c4f3e3fa0dfb3cb9f87a
SHA512

03154503a56cda59802ae34f623ca7d02e8f7e0482cbc7a5af8251886415793b6cfe109e7cb550250b02100386efd8ea6aa800a3a61dc06993daec577faf7515
SSDEEP

6144:x8zp5MxVCSCyXcgjSEKnQnpTKQ3u03ao3vFv:Szp5MxNdcgjSbQnpTyUao39

Score

1^/10

Malware Config

Signatures

Files

19503c594ddfdf38c0c7e059aaf624cf.exe
.exe windows x86

0d1c7c17a5c1778f16fd872183052036

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
WaitForSingleObject
OpenProcess
TerminateProcess
GetEnvironmentVariableA
GetLastError
SetLastError
CloseHandle
WriteProcessMemory
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThread
VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
SuspendThread
GetFileSize
SetFilePointer
UnmapViewOfFile
MapViewOfFileEx
WriteFile
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
CreateFileA
GetModuleHandleA
ReadFile
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
ProcessIdToSessionId
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenW
HeapAlloc
HeapFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapCreate
HeapDestroy
InterlockedIncrement
SwitchToThread
InterlockedDecrement
FormatMessageA
LocalFree
GetModuleFileNameA
GetPrivateProfileStringA
lstrcatA
SetCurrentDirectoryA
GetCurrentProcessId
CreateSemaphoreA
GetNativeSystemInfo
GetVersionExA
CreateEventA
ResetEvent
SetEvent
CreateFileMappingA
GetFullPathNameA
WTSGetActiveConsoleSessionId
OutputDebugStringA
LoadLibraryA
GetCurrentDirectoryA
GetLogicalDriveStringsA
QueryDosDeviceA
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsA
DeviceIoControl
GetOverlappedResult
CancelIo
IsDebuggerPresent
FindFirstFileA
FindNextFileA
FindClose
GetTickCount
GetPrivateProfileIntA
GetSystemDirectoryA
GetDiskFreeSpaceExA
FileTimeToSystemTime
RemoveDirectoryA
DeleteFileA
MoveFileA
FlushFileBuffers
GetSystemInfo
SetErrorMode
GetComputerNameExA
MoveFileExA
SetThreadPriority
GetExitCodeThread
GetProcessHeap
GetSystemTimes
Process32FirstW
GetProcessTimes
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetProcessHandleCount
GetProcessIoCounters
Process32NextW
CreateMutexA
DuplicateHandle
GetFileType
GetStartupInfoA
IsBadReadPtr
LoadLibraryW
WritePrivateProfileStringA
InitializeCriticalSection
DecodePointer
EncodePointer
ExitThread
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
IsProcessorFeaturePresent
UnhandledExceptionFilter
RaiseException
HeapSize
InterlockedExchange
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
RtlUnwind
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
LocalAlloc

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

psapi

GetProcessMemoryInfo
GetProcessImageFileNameA
GetModuleBaseNameA

ws2_32

recvfrom
WSAStartup
gethostname
freeaddrinfo
getaddrinfo
inet_addr
WSACleanup
ntohs
htons
getsockname
WSAIoctl
setsockopt
WSAGetLastError
shutdown
closesocket
socket
WSACreateEvent
WSASetLastError
bind
WSAEventSelect
connect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
send
WSACloseEvent
WSASocketA
htonl
sendto

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d1c7c17a5c1778f16fd872183052036

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dbghelp

psapi

ws2_32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 11KB - Virtual size: 100KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 1024B - Virtual size: 916B

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 11KB - Virtual size: 100KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 1024B - Virtual size: 916B