e53391b47a94211cdb782054dd2cef53f741c6dda68ee3b4bd07fac06bf81396

Sharing

Copy URL Twitter E-mail

General

Target

e53391b47a94211cdb782054dd2cef53f741c6dda68ee3b4bd07fac06bf81396
Size

385KB
MD5

4b46ed1cb53c5b024595fba237adf2a6
SHA1

e7c26bdc0367a9e65444f68d817d51064eb3f472
SHA256

e53391b47a94211cdb782054dd2cef53f741c6dda68ee3b4bd07fac06bf81396
SHA512

6a470f4a84716d78098238774100d2f2143e06e826840bb41f1c28702a504d2d292616fac13df2c3b3d11e948acd21079101361684e3f1b473c831e0136e57cd
SSDEEP

12288:YfBnDssrUmg6yF0X+mniPlaxuTO33juJ:IBDhoabn8laxQWjE

Score

1^/10

Malware Config

Signatures

Files

e53391b47a94211cdb782054dd2cef53f741c6dda68ee3b4bd07fac06bf81396
.exe windows x86

78a771a1ff7fa13548285571e785a190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetProcessImageFileNameA

kernel32

CloseHandle
CreateEventA
ResetEvent
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
DebugBreak
lstrcmpA
GetLastError
GetTickCount
GetCurrentThreadId
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateMutexA
ReleaseMutex
GetQueuedCompletionStatus
Process32First
GetSystemTimeAsFileTime
FormatMessageA
Process32Next
CreateToolhelp32Snapshot
GetVersionExA
HeapAlloc
GetProcessHeap
HeapFree
WritePrivateProfileStringA
CopyFileA
DeleteFileA
OpenProcess
TerminateProcess
CreateProcessA
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileA
GetLocalTime
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetTempPathA
Thread32Next
SuspendThread
lstrcpynA
Thread32First
GetFileAttributesA
SetFileAttributesA
GetFileSize
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetModuleHandleA
SetFilePointer
OutputDebugStringA
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareFileTime
GetPrivateProfileIntA
WaitForMultipleObjects
GetOverlappedResult
ReadFile
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
ExitThread
CreateNamedPipeA
SetNamedPipeHandleState
HeapCreate
VirtualAlloc
VirtualFree
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
TerminateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
RaiseException
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcessId
GetModuleFileNameA
GetPrivateProfileStringA
HeapSize
HeapReAlloc
HeapDestroy
WriteFile
Sleep
OpenThread
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetLastError
GetModuleHandleW
LCMapStringW
LCMapStringA
GetCPInfo
GetTimeZoneInformation
RtlUnwind
GetCommandLineA
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent

user32

PostMessageA
GetMessageA
DestroyWindow
SetTimer
CreateWindowExA
DefWindowProcA
PostThreadMessageA
MessageBoxA
PeekMessageA
RegisterClassExA
GetClassInfoA
DispatchMessageA
TranslateMessage
KillTimer

advapi32

DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
QueryServiceStatusEx
EnumDependentServicesA
RegSetValueExA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHSetValueA
SHDeleteValueA
StrRChrA
SHGetValueA

ws2_32

WSASocketA
closesocket
ntohs
WSAGetLastError
WSAIoctl
sendto
recvfrom
WSACleanup
listen
socket
bind
setsockopt
htons
ioctlsocket
recv
WSASend
WSARecv
htonl
inet_addr
WSAStartup
inet_ntoa
gethostbyname
gethostname

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetAdaptersInfo

Exports

Exports

overlap_free
overlap_malloc
pool_free
pool_malloc
vp_free
vp_malloc

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78a771a1ff7fa13548285571e785a190

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

mswsock

iphlpapi

Exports

Exports

Sections

.text Size: 306KB - Virtual size: 305KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB