1d6e41f3e31316ebdd4592c3d8366c81c1d2af94192f5fc64b66d5f7805a1aa7

Sharing

Copy URL Twitter E-mail

General

Target

1d6e41f3e31316ebdd4592c3d8366c81c1d2af94192f5fc64b66d5f7805a1aa7
Size

1.8MB
MD5

bf916d459ddecde4fbdcdd9468c652d2
SHA1

bd1f9e74c08162445a66f2a07b977bbfeead1137
SHA256

1d6e41f3e31316ebdd4592c3d8366c81c1d2af94192f5fc64b66d5f7805a1aa7
SHA512

e7b7d3b415f583f023000bbd200a2ef357dfc690cdc86440ee8695748c53a2a571f224feac66082bac335dbff98c3ba46f27fdad18fb5d13c6cbc1e8ea36a848
SSDEEP

49152:uFEPCaliU0Rp/msC7CroEUAaPJO4QIks3pRc6:uFEKacTT/pC7CroE3W

Score

1^/10

Malware Config

Signatures

Files

1d6e41f3e31316ebdd4592c3d8366c81c1d2af94192f5fc64b66d5f7805a1aa7
.exe windows x86

37e827874d5121bddb515409bb8464ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
setsockopt
gethostname
shutdown
htonl
gethostbyname
getservbyname
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAStartup
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
ioctlsocket

wldap32

ord27
ord211
ord60
ord50
ord41
ord22
ord26
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord46

shlwapi

PathFileExistsA
PathRemoveFileSpecA
StrToIntA

shell32

SHCreateDirectoryExA
CommandLineToArgvW
SHFileOperationA

kernel32

FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
Process32First
FindFirstFileA
GetCurrentProcess
TerminateProcess
FindNextFileA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
SetEvent
DeleteFileA
Process32Next
CloseHandle
CreateThread
lstrcmpiA
CreateProcessA
GetDiskFreeSpaceExA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
CopyFileA
WritePrivateProfileStringA
GetCurrentProcessId
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
GetFileAttributesA
DeleteCriticalSection
lstrcpynA
WideCharToMultiByte
CreateDirectoryA
GetCurrentThreadId
CreateFileA
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
CreateEventW
SizeofResource
SetErrorMode
FindResourceA
FreeResource
GetVersionExA
GlobalAlloc
ResetEvent
LoadResource
GlobalLock
GlobalUnlock
TerminateThread
ExitProcess
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
FindFirstFileExA
WriteConsoleW
HeapSize
RemoveDirectoryA

user32

MoveWindow
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
UpdateWindow
LoadCursorA
DestroyWindow
TranslateAcceleratorA
GetSystemMetrics
LoadStringA
ShowWindow
SetWindowLongA
DispatchMessageA
CreateWindowExA
SystemParametersInfoA
RegisterClassExA
GetDlgCtrlID
TrackMouseEvent
DefWindowProcA
SetCapture
GetClientRect
GetParent
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
SendMessageA
wsprintfA
MessageBoxA
GetMessageA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowLongA

advapi32

SystemFunction036
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdipCreateFont
GdiplusStartup
GdipSetStringFormatAlign
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipCreateSolidFill
GdiplusShutdown
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipDeleteFontFamily
GdipCreateStringFormat
GdipLoadImageFromStream

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37e827874d5121bddb515409bb8464ce

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

shell32

kernel32

user32

advapi32

ole32

psapi

gdiplus

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 347KB - Virtual size: 346KB

.data Size: 40KB - Virtual size: 54KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 347KB - Virtual size: 346KB

.data
Size: 40KB - Virtual size: 54KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 65KB